In the following, we would like to inform you about the processing of personal data in connection with the use of "Zoom".
Purpose of the processing
We use the "Zoom" tool to conduct telephone conferences, online meetings, video conferences and/or online seminars (hereinafter: "online meetings"). "Zoom" is a service of Zoom Video Communications, Inc., which is based in the USA.
Person responsible for the data processing
The person responsible for data processing that is directly related to the conduct of "online meetings" is FrankfurtRheinMain GmbH International Marketing of the Region.
Note: If you access the "Zoom" website, the provider of "Zoom" is responsible for data processing. However, calling up the website is only necessary for the use of "Zoom" in order to download the software for the use of "Zoom".
You can also use "Zoom" if you enter the respective meeting ID and, if applicable, other access data for the meeting directly in the "Zoom" app.
If you do not want to or cannot use the "Zoom" app, then the basic functions can also be used via an Internet browser.
Which data can be processed?
When using "Zoom", various types of data are processed. The scope of the data also depends on the information you provide before or during participation in an "online meeting".
The following personal data are subject to processing:
In order to participate in an "online meeting" or to enter the "meeting room", you must at least provide information about your name.
Scope of processing
We use "Zoom" to conduct "online meetings". If we want to record "online meetings", we will inform you transparently in advance and - if necessary - ask for your consent. The fact of the recording is also displayed in the "Zoom" app.
If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will usually not be the case.
In the case of webinars, we may also process the questions asked by webinar participants for the purpose of recording and following up on webinars.
If you are registered as a user with "Zoom", reports on "online meetings" (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) can be stored at "Zoom" for up to one month.
Automated decision-making within the meaning of Art. 22 GDPR is not used.
Legal basis for the data processing
Insofar as personal data of employees of FrankfurtRheinMain GmbH is processed, § 26 BDSG is the legal basis for data processing. If, in connection with the use of "Zoom", personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component of the use of "Zoom", Art. 6 para. 1 lit. f) GDPR is the legal basis for data processing. In these cases, we are interested in the effective implementation of "online meetings".
In all other respects, the legal basis for data processing when conducting "online meetings" is Art. 6 para. 1 lit. b) GDPR, insofar as the meetings are conducted within the framework of contractual relationships.
If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f) GDPR. Here, too, we are interested in the effective implementation of "online meetings".
Recipients / disclosure of data
Personal data processed in connection with participation in "online meetings" will not be disclosed to third parties unless they are specifically intended for disclosure. Please note that content from "online meetings" as well as from face-to-face meetings is often used to communicate information with customers, interested parties or third parties and is therefore intended for disclosure.
Other recipients: The provider of "Zoom" necessarily obtains knowledge of the above-mentioned data, insofar as this is provided for in the context of our order processing contract with "Zoom".
Data processing outside the European Union
"Zoom" is a service provided by a provider from the USA. Processing of personal data therefore also takes place in a third country. We have concluded an order processing agreement with the provider of "Zoom" that meets the requirements of Art. 28 GDPR.
On the one hand, an adequate level of data protection is guaranteed by the conclusion of the so-called EU standard contractual clauses. As additional protective measures, we have also configured our Zoom in such a way that only data centers in the EU, the EEA or secure third countries such as Canada or Japan are used to conduct "online meetings".
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
Right to information: In accordance with Art. 15 DS-GVO, you have the right to request information about your personal data processed by us; in particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, and the existence of automated decision-making, including profiling, and, if applicable. request meaningful information about their details
Right to rectification: In accordance with Art. 16 DS-GVO, you have the right to request the correction of incorrect personal data or the completion of your data without delay.
Right to deletion: Pursuant to Art. 17 DS-GVO, you have the right to request the deletion of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of legal claims.
Right to restriction: According to Art. 18 DS-GVO you have the right to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer need the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing pursuant to Art. 21 DS-GVO.
Right to data portability: In accordance with Art. 20 DS-GVO, you have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller.
Right of appeal: In accordance with Art. 77 DS-GVO, you have the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our registered office for this purpose. In the present case, the competent supervisory authority is: The Data Protection Commissioner of the State of Hesse, visitor address: Gustav-Stresemann-Ring 1, 65189 Wiesbaden, postal address: Postfach 3163, 65021 Wiesbaden/Germany, E-Mail: Poststelle@datenschutz.hessen.de, Tel.: +49 611 1408 - 0, Fax: +49 611 1408 – 900.
Right of objection: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6(1)(f) DS-GVO.
If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing.
Right of withdrawal: You have the right to revoke any consent you have given for the processing of your personal data at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. You can send a revocation to the e-mail address provided during registration/ordering or also in any case to email@example.com or by mail using the above address.
Contact persons and contact details of the data protection officer and the responsible body
If you have any questions, please contact the person organizing the Microsoft Teams session.
You can reach the data protection officer of FrankfurtRheinMain GmbH International Marketing of the Region by phone at +49 69 6860380 or by e-mail at firstname.lastname@example.org
International Marketing of the Region
60549 Frankfurt am Main, Germany
Phone: +49 69 6860380
Fax: + 49 69 68603811
Deletion of data
As a matter of principle, we delete personal data if there is no need for further storage. A requirement may exist in particular if the data is still needed in order to fulfil contractual services, to be able to check and grant or defend warranty and, if applicable, guarantee claims. In the case of statutory retention obligations, deletion can only be considered after expiry of the respective retention obligation.
Right to lodge a complaint with a supervisory authority
You have the right to complain about the processing of personal data by us to a supervisory authority for data protection.