APIS Informationstechnologien GmbH

Deutsch
Newsletter User Conf Docs Current Versions

Privacy policy for online services (seminars, facilitation, etc.) via Zoom of APIS Informationstechnologien GmbH

In the following, we would like to inform you about the processing of personal data in relation to the use of Zoom.

Purpose of data processing

We use the Zoom tool to conduct telephone conferences, online meetings, video conferences, and/or online seminars (hereinafter: online meetings). Zoom is a service provided by Zoom Video Communications, Inc. which is based in the USA.

Controller

The controller responsible for the data processing directly related to the implementation of online meetings is APIS Informationstechnologien GmbH.

Note: If you access the Zoom website, the provider of Zoom is responsible for the data processing. However, accessing the website is necessary only to download the Zoom software in order to use Zoom.

You can also use Zoom by entering the meeting ID and any other meeting access data directly in the Zoom app.

If you do not want to or cannot use the Zoom app, the basic functions may also be used in the browser version, which is available on the Zoom website.

What data is processed?

Several types of data are processed when using Zoom. The scope of data accordingly depends on the information you provide before or when participating in an online meeting.

The following personal data is subject to processing:

User details: first name, last name, phone (optional), email address, password (if you do not use single sign-on), profile picture (optional), department (optional)

Meeting metadata: topic, description (optional), participants’ IP addresses, device/hardware information

For recording (optional): MP4 file of all video, audio, and presentation recordings, M4A file of all audio recordings, text file of online meeting chat

For dial-in by telephone: information on the incoming and outgoing call number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be stored.

Text, audio, and video data: You may have the option of using the chat, question or survey functions in an online meeting. In this respect, the text entries you make are processed in order to display them in the online meeting and, if necessary, to record them. To enable video display and audio playback, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time via the Zoom applications.

To participate in an online meeting or to access the meeting room, you must at least provide your name.

Scope of processing

We use Zoom to conduct online meetings. If we want to record online meetings, we will transparently communicate that to you in advance and – if necessary – ask for your consent. The fact that the meeting is recorded will also be displayed in the Zoom app.

If necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, that is usually not the case.

With regard to online seminars, we may also process questions asked by participants for the purpose of recording and following up online seminars.

If you are a registered user of Zoom, reports on online meetings (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) may be stored by Zoom for up to one month.

Automated decision-making in terms of art. 22 GDPR is not used.

Legal basis of data processing

As far as personal data of employees of APIS Informationstechnologien GmbH is processed, art. 26 of the German Federal Data Protection Act (BDSG) is the legal basis for data processing. If, in relation to the use of Zoom, personal data is not required for the establishment, implementation, or termination of the employment relationship, but is nevertheless an elementary component of the use of Zoom, the legal basis for data processing is art. 6 (1) f) GDPR. In those cases, our interest lies in the effective implementation of online meetings.

In addition, the legal basis for data processing when conducting online meetings is art. 6 (1) (b) GDPR, as far as the meetings are conducted in the context of contractual relationships.

If no contractual relationship exists, the legal basis is art. 6 para. 1 lit. f) GDPR. Our interest lies again in the effective implementation of online meetings.

Recipient / transfer of data

Personal data that is processed in relation to the participation in online meetings is not transferred to third parties unless it is intended to be passed on. Please note that content of online meetings, as well as of face-to-face meetings, is often used precisely to communicate information to customers, interested parties, or third parties and is therefore intended for disclosure.

Other recipients: The provider of Zoom is necessarily informed of the above-mentioned data, if such procedure is provided for in the context of our order processing agreement with Zoom.

Data processing outside the European Union

Zoom is a service provided by a provider from the USA. Processing of personal data therefore takes place in a third country. We have concluded an order processing agreement with the Zoom provider that meets the requirements of art. 28 GDPR.

An appropriate level of data protection is guaranteed on the one hand by the conclusion of the so-called EU standard contractual clauses. As additional protective measures, we have also configured our Zoom system so that only data centers in the EU, the EEA, or secure third countries such as Canada or Japan are used to conduct online meetings.

Data protection officer

We have appointed a data protection officer, who you can contact as follows:

APIS Informationstechnologien GmbH

Dipl.-Ing. (FH) Robert Aumiller

Dachelhofer Strasse 88

D-92421 Schwandorf

dataprotection@apis.de

Tel. +49 (0)9431 716027

Tel. +49 (0)89 189736-65

Your rights as the data subject

You have the right to obtain information about the personal data that concerns you. You can contact us for information at any time.

If the request for information is not made in writing, we ask for your understanding that we may require proof from you that you are the person you claim to be.

Furthermore, you have the right to rectification or erasure or restriction of the processing, as far as you are entitled by law.

Finally, you have a right to object to the processing within the scope of the statutory provisions.

You also have the right to data portability within the bounds of the data protection law.

Erasure of data

In general, we delete personal data when the further storage is no longer required. A requirement may exist in particular if the data is still needed to fulfill contractual services, to check and grant or defend warranty claims and, if applicable, guarantee claims. In the case of statutory retention obligations, deletion will only be considered after the respective legal obligation to retain the data has expired.

Right of complaint to a supervisory authority

You have the right to complain about our processing of the personal data to a data protection supervisory authority.

Amendment of this data protection notice

We revise the data privacy notice in the event of changes to data processing or other occasions that make such revision necessary. The current version will always be available on the website.

As at: October 27, 2021