Jenoptik Data Protection Center

General initial information

Data protection is very important to the entire JENOPTIK AG. For this reason, we set strict standards throughout the Group for the handling of personal data, regardless of whether this belongs to interested parties, customers, service providers, suppliers, business partners or other persons. If you have any questions or concerns regarding data protection, please do not hesitate to contact us using the contact form or otherwise. We look forward to constructive exchange, criticism and good cooperation.

Name and address of the data controller and the data protection officer:

JENOPTIK AG
Carl-Zeiß Street 1
07743 Jena, Germany
represented by the Board of Directors:
Dr Stefan Traeger (Chairman), Dr. Prisca Havranek-Kosicek, Dr. Ralf Kuschnereit,
Registered in the Commercial Register at Jena District Court, HRB 200146
Sales tax identification number: DE 150524241

Data Protection Officer of JENOPTIK AG
Carl-Zeiß-Straße 1
07743 Jena
Germany
E-mail: data-protection@jenoptik.com

Under certain circumstances the controller might be a subsidiary company. Please use our overview to find your personal contact.

Social media buttons

No data-processing social media plugins from social networks are used on our website. Our website only contains buttons labelled with the social networks Twitter, Google+ and Facebook or their logos. The buttons are qualified links to the respective social networks. When you click on the button, you will be forwarded to the respective social network by means of a link. In addition, a link to the website you are visiting will be sent for the purpose of sharing on the social networks. Personal data of the user is not collected by the buttons or transmitted to the operators of the social networks.

Security of your personal data

JENOPTIK AG uses technical and organisational security measures to protect the personal data we collect from you against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons. Our security measures are continuously improved in line with technological developments.

Initial information for website visitors

General information on data processing

1. scope of the processing of personal data

As a matter of principle, we only process personal data of our users insofar as this is necessary for the provision of a functional website as well as our contents and services. The processing of personal data of our users is regularly only carried out with the consent of the user. An exception applies in cases where the processing of data is permitted by legal regulations.

2. legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6 (1) lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) lit. b DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures. If processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) c DSGVO serves as the legal basis. If processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) lit. f DSGVO serves as the legal basis for the processing.

3. data deletion and storage period

The user's personal data will be deleted or blocked as soon as the purpose of the storage no longer applies. In addition, storage may take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a necessity for the continued storage of the data for the conclusion or fulfilment of a contract.

Provision of the website and creation of log files

1. description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:

the date, time, access status (file found, not found, etc.) and the request that your browser made to the server,
the amount of data transferred and the website from which you accessed the requested page and
the individual pages of our website that you visit
the product and version information of the browser used (user agent) as well as the set preferred language
GEO-IP data
the IP address of the user.

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

2. legal basis for the data processing

The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f DSGVO.

3. purpose of the data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 lit. f DSGVO.

4. duration of the storage

The personal data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

In the case of storage of data in log files, this is the case after one month at the latest.

Storage beyond this is possible in anonymised form. In this case, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is no longer possible.

5. possibility of objection and removal

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.

Use of cookies

1. description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. When a user calls up a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.

The following data is stored and transmitted in the cookies:

Globally Unique Identifier (GUID)
Language settings;
Shared Secret (Alphanumeric String)
Boolean

2. legal basis for the data processing

The legal basis for the processing of personal data using cookies is Art. 6 (1) lit. f DSGVO.

3. purpose of the data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised even after a page change.

We need cookies for the following applications:

Identification of the user session in the server's memory
Prevention and defence against attacks (e.g. through antiforgery tokens to prevent cross-site request forgery).
Storage of the information that the user has taken note of the data protection information
Storage of the information that the user does not want to be redirected to the URL matching his country.

The user data collected through technically necessary cookies are not used to create user profiles.

These purposes also constitute our legitimate interest in processing the personal data pursuant to Art. 6 (1) lit. f DSGVO.

4. duration of storage, possibility of objection and elimination

Cookies are stored on the user's computer and transmitted from it to our site. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.

Contact form and e-mail contact

1. description and scope of data processing

There are various contact forms on our website which can be used for electronic contact. If a user makes use of this option, the data entered in the input mask will be transmitted to the company of the JENOPTIK Group responsible for processing the respective enquiry and stored. These data are:

Salutation
First name
Last name
Company
Address
Postcode and city
Country
Telephone number
E-mail address
Internet address
Text of the request
Indication whether existing customer or new customer
Customer number
Indication of whether the enquiry relates to prototype or series production
Indication of the number of pieces of the requested product
Indication of the product category of the products or services offered
Camera serial number
Specification of machine data (machine type, serial number, fabrication/material number) for service and support services

where mandatory fields are marked with (*).

The following data is also stored at the time the message is sent:

The IP address of the user
Date and time of registration

Context data (referrer, domain, browser language, country of the user, etc.) Your consent is obtained for the processing of the data during the sending process and reference is made to this data protection information.

Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored.

In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.

2. legal basis for the data processing

The legal basis for the processing of the data is Art. 6 para. 1 lit. a DSGVO if the user has given his consent.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) lit. f DSGVO. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.

3. purpose of the data processing

The processing of the personal data from the input mask serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. duration of the storage

The personal data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified.
The additional personal data collected during the sending process will be deleted after a period of three months at the latest.

5. possibility of objection and removal

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he or she can object to the storage of his or her personal data at any time. In such a case, the conversation cannot be continued. The user only has to inform us of this in order to revoke his declaration of consent. All personal data stored in the course of contacting us will be deleted in this case.

Etracker

The provider of this website uses services of etracker GmbH from Hamburg, Germany (www.etracker.com) to analyse usage data. We do not use cookies for web analysis by default. Insofar as we use analysis and optimisation cookies, we obtain your explicit consent separately in advance. If this is the case and you consent, cookies will be used to enable a statistical coverage analysis of this website, a measurement of the success of our online marketing measures as well as test procedures, e.g. to test and optimise different versions of our online offer or its components. Cookies are small text files that are stored by the Internet browser on the user's terminal device. etracker cookies do not contain any information that enables the identification of a user.

The data generated with etracker is processed and stored by etracker on behalf of the provider of this website exclusively in Germany and is therefore subject to the strict German and European data protection laws and standards. etracker has been independently audited, certified and awarded the ePrivacyseal data protection seal of approval in this regard.

The data processing is carried out on the basis of the legal provisions of Art. 6 para. 1 lit. f (legitimate interest) of the General Data Protection Regulation (DSGVO). Our concern in terms of the DSGVO (legitimate interest) is the optimisation of our online offer and our web presence. Since the privacy of our visitors is important to us, data that may allow a reference to an individual person, such as the IP address, login or device identifiers, are anonymised or pseudonymised as soon as possible. No other use is made of the data, nor is it merged with other data or passed on to third parties.

You can object to the aforementioned data processing at any time. The objection has no adverse consequences.

I object to the processing of my personal data by eracker on this website.

Further information on data protection at etracker can be found here.

Sitecore Experience Platform

This website is provided using the Sitecore web content management system, which provides web analysis functions. The information generated by cookies about the use of this website, including the anonymised IP address (anonymisation is achieved by deleting the last digit) is stored in a database at the Jenoptik data centre. We use this information to evaluate the use of the website and to compile reports on website activities for us.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

Furthermore, data (e.g. certain system data such as the anonymised IP address, screen resolution, operating system version, browser, Flash plugin, country setting and language setting) is collected and stored in a database at the Jenoptik data centre. Jenoptik uses this information to evaluate your use of the website and to compile reports on website activities for the website operators. You can prevent the storage of this information by, among other things, deactivating Javascript and the storage of cookies. However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent.

No personal data of the users is processed in this context. In particular, there is no processing of unabbreviated and thus non-anonymised IP addresses of users.

Initial information for News-Letter subscribers

1. description and scope of data processing

Interested parties have the option to subscribe to a free newsletter. When registering for the newsletter, the data from the input mask is transmitted to us. These are

Salutation
First name
Name
E-mail address

whereby only the user's e-mail address is mandatory. The remaining information is voluntary when registering for the newsletter.

In addition, the following data will be collected during registration:

IP address of the calling computer
Date and time of entry and double opt-in registration
Original form
Language for newsletter

For the processing of the data, your consent is obtained in the web form during the registration process and reference is made to this data protection declaration. A confirmation email is sent to the email address entered by the user for the newsletter dispatch using the double opt-in procedure. This confirmation email is used to check whether the owner of the email address has authorised receipt of the newsletter.

The data will only be used for sending the newsletter.

2. legal basis for the data processing

The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 lit. a DSGVO if the user has given his consent.

3. purpose of the data processing

The collection of the user's email address is used to deliver the newsletter by email.
The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used.
The voluntary additional information is also used for personalised addressing within the scope of sending the newsletter.

4. duration of the storage

The personal data will be processed until revocation or objection and then blocked for further use. In order to comply with legal requirements, it may be necessary for your personal data to continue to be stored. This may also be necessary for the assertion, exercise and defense of legal claims.

5. possibility of objection and removal

The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose, a corresponding link can be found in each newsletter.

6. categories of recipients of personal data

We will only pass on your personal data to commissioned processors who are entrusted with the implementation of the newsletter dispatch. The transfer of your personal data will only take place in accordance with the applicable data protection regulations.
Furthermore, we will not transfer your personal data to other third parties without your or a legal permission.

7. processing of data in countries outside the European Economic Area

If we process data in third countries (countries outside the EU/EEA) or transfer it to companies in third countries, we only do so if we are authorised to do so. If there is no adequacy decision by the Commission for the third country concerned in accordance with Art. 45 of the GDPR, i.e. if there is no adequate level of data protection in the third country, we ensure by means of contractual provisions (EU standard contractual clauses on data protection) or other suitable guarantees within the meaning of Art. 46 of the GDPR that your privacy and your personal data are also protected in the company in the third country in an adequate manner provided for by law.

Initial information when registering for Jenoptik events

1. description and scope of data processing

When registering for an event, the following data will be transmitted to us from the input mask:

Salutation
Title
First name
Name
Company
E-mail address
Code if applicable

whereby the field "Title" is a voluntary entry.

In addition, the following data will be collected during registration:

IP address of the calling computer
Date and time of entry and double opt-in registration
Original form
Language for mailings

For the processing of the data, your consent is obtained in the web form as part of the registration process and reference is made to this data protection notice. A confirmation email is sent to the email address entered by the user for the event registration using the double opt-in procedure. This confirmation email serves to check whether the owner of the email address has authorised the receipt of information/invitations to Jenoptik events.

We use the data exclusively to inform you by e-mail about upcoming events in the Jenoptik Group or to invite you.

2. legal basis for the data processing

The legal basis for the processing of data after registration by the user is Art. 6 para. 1 lit. a DSGVO if the user has given his consent.

3. purpose of the data processing

The collection of the user's e-mail address serves to inform or invite the user by e-mail about events in the Jenoptik Group.
The collection of other personal data as part of the registration process serves to prevent misuse of the services or the email address used. In addition, we need these for the overall invitation management. It is only necessary to enter a code if you have received it in advance from JENOPTIK AG.

4. duration of the storage

The event registration can be cancelled by the user concerned at any time without giving reasons. For this purpose, a corresponding link can be found in each mailing.

6. categories of recipients of personal data

We will only pass on your personal data to commissioned processors who are entrusted with carrying out the mailings. The transfer of your personal data will only take place in accordance with the applicable data protection regulations. Furthermore, we will not transfer your personal data to other third parties without your or a legal permission.

7. processing of data in countries outside the European Economic Area

Google reCAPTCHA

We use the Google reCAPTCHA function in our registration forms. This function is primarily used to distinguish whether an entry is made by a natural person or is abused by machine and automated processing.

This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as "Google".

In addition to your IP address, other information may be collected by Google that is necessary for the provision and guarantee of this service.

The legal basis is Art. 6 para. 1 lit. f DSGVO. Our legitimate interest lies in the security as well as in the defence against unwanted, automated access.
Google offers further information on the general handling of your user data at https://policies.google.com/privacy.

Initial information for participants of Jenoptik events

Initial information for contract partners

1. purpose and scope of the processing

We process your data for the purpose of initiating the contract, fulfilling the contract and to inform you about our products. In the context of this, we process the following data:

Name
Address
E-mail address
Telephone number
Title
Length of service
Position in the company

In addition, data that you have stored on your business card/email signature can be processed.

2. legal basis of the processing

2.1 Initiation of the contract and performance of the contract

If we are seeking to enter into a contract or fulfil a contract, the processing of your personal data is based on Art. 6 I 1 lit. b) DS-GVO. After fulfilment of the contract, we process the data based on the legitimate interest to protect ourselves from legal claims or to assert them, according to Art. 6 I 1 lit.f) DS-GVO.

2.2 Advertising

If you wish to receive advertising from us, the processing of your personal data is based on your consent pursuant to Art. 6 I 1 lit. a) DS-GVO.

3. duration of the storage

Your data will not be processed beyond the described use. As a rule, your data will be deleted as soon as it can no longer be used to assert or defend claims or we are no longer obliged to store the data (e.g. due to the AO).

4. categories of recipients

Within the Jenoptik Group, all companies receive access to your data. This can be any company affiliated with JENOPTIK AG in accordance with § 15 AktG. You can find a list under the following link.

Data is only passed on to recipients outside our company if regulations permit or require this or if we are otherwise authorised to pass on data. Under these conditions, recipients of personal data may be:

Contact management systems to better process your data and address you more personally. As well as Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft"). Contract management systems to catalogue and illustrate contracts. Supplier portals for better communication.

Public bodies and institutions, where there is a legal or regulatory obligation.

In rare individual cases of maintenance or for fault analysis, support partners of hardware or software may be used. The legally stipulated contractual regulations on purpose limitation and confidentiality as well as - if necessary - confidentiality obligations according to §203 StGB (German Penal Code) are concluded with these partners.

5. recipients outside the EEA

Microsoft may receive knowledge of the above data as part of the order processing in order to process it. All data traffic is encrypted (MTLS, TLS or SRTP). According to its own information, Microsoft processes the data primarily in the EU area. In the event that data is nevertheless processed in the USA, an appropriate level of data protection outside the EU / EEA is guaranteed by the EU standard contractual clauses we have concluded with Microsoft.
For more information, see Microsoft's privacy policy, available at: https://privacy.microsoft.com/de-de/privacystatement

Information for applicants

You can apply to us at any time. You can find all information about vacancies or the application process at https://www.jenoptik.com/career-and-job-offers.

In the event of an application via our applicant portal, you will also find more detailed information there. In the case of unsolicited applications and when using the applicant portal, we process your data as follows.

Registration (creation of an account)

We use a career portal for an application. Registration is required to use the portal. The portal helps us to transmit your data to the HR department in encrypted form. If you send us a postal application, it will be recorded by the HR department. The following data is processed for an application and registration in the career portal:

First name, last name
Password
E-mail address
Country/region of residenc

The processing of the registration data enables you to complete, manage and modify your application documents.

Application procedure

When you apply to us, we process the data you provide in order to fill advertised vacancies and to select qualified applicants. Among other things, this includes the following data:

First name, last name
Date of birth
Title
Gender
Address
Telephone number
E-mail address
Images
Value judgements/ testimonials
Qualification data
Other information included in CV etc.

Sensitive data such as religious or philosophical beliefs, memberships in a trade union or political party, health data or data on sexual life etc. may also be collected as part of the application. We recommend that, if possible, data of this kind should not be transmitted to us for processing.

Re-addressing and transmission

If you choose the option to be included in our talent pool, we will not collect any additional data from you. This is an extension of the processing. The data provided in the application process will then be stored longer for future positions, will be visible to a wider number of companies and companies may also approach you with vacancies.

Legal basis for the processing

Application procedure

Your details will be used for processing your application and deciding on the establishment of an employment relationship. The legal basis is Art. 88 DS-GVO in conjunction with. §26 BDSG.

Furthermore, your personal data may be processed insofar as this should be necessary for the defence of asserted legal claims against us arising from the application process. The legal basis for this is Art. 6 para. 1 sentence 1 lit. f DSGVO. The legitimate interest lies in the defence of possible legal claims and the proof that legal requirements (e.g. from the AGG) have been met.

Re-addressing and transmission
The processing of data within the scope of the talent pool is based on your consent pursuant to Art. 6 para. 1 p.1 lit. a DS-GVO.

Duration of storage

Registration and application procedure

Your application data will not be processed beyond the described use. Your personal data will be deleted after completion of the application procedure after six months at the latest, provided that no other legitimate interests on our part oppose deletion. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).

Account data will be deleted six months after account inactivity.

Re-addressing and transmission

In the event of consent to processing within the scope of the talent pool, your data will be stored for an additional six months.

Recipient categories

Applicant portal and application procedure

Within the Jenoptik Group, access to your applicant data is granted to the companies to which you apply for a position. This can be any company affiliated with JENOPTIK AG in accordance with § 15 AktG. You can find a list under the following link.

Dow Jones & Company Inc. (4300 U.S. Route 1 North Monmouth Junction, NJ 08852)

Public bodies and institutions, where there is a legal or regulatory obligation.

Re-addressing and transmission

If you have consented to processing within the scope of the talent pool or have selected "worldwide" or "national" for your profile visibility, all companies affiliated with the JENOPTIK AG Group may become recipients of your data in accordance with § 15 AktG. You can find a list under the following link.

Recipients outside the EEA

For the purposes of risk management and sanctions list screening, your personal data from the application will be shared with Dow Jones & Company Inc. (4300 U.S. Route 1 North Monmouth Junction, NJ 08852). In the absence of an adequacy decision by the Commission pursuant to Article 45 of the GDPR, we ensure an appropriate and adequate level of security for your personal data through contractual arrangements (namely the EU standard contractual clauses).

Initial information for videoconference participants

General notes

The video conference is conducted via Microsoft Teams. With regard to data processing by the provider, you as a participant should be aware that the other participants will see your first and last name. This also applies to all other personal data that you disclose during the chat or conversation. Activation of the web cam is optional for each participant. A recording of the video conference is not planned.

Microsoft Teams is kept on European servers by the IT service provider and their sub-service providers in accordance with the contract. However, Microsoft Teams can access the servers in Germany in the event of disruptions and malfunctions from so-called third countries, such as the USA, in order to carry out maintenance work. In insecure third countries, especially in the USA, there is no level of data protection comparable to the requirements of the General Data Protection Regulation. It is therefore possible that government agencies access personal data without us or you knowing about it. Effective enforcement of your rights is unlikely to be possible in the US and other third countries.

If you participate in the video conference, you thereby declare your consent to a possible transfer of data to third countries such as the USA.
You have the right to withdraw/terminate your consent to data transfer at any time by leaving the meeting. Please note that we have no information on any existing data processing by teams, for example by creating an account.

For more information on how your data is processed, please visit https://privacy.microsoft.com.

In order to participate in a video conference with us with the most data protection-friendly settings possible, we have the following recommendations for you:

Ensure that no unauthorised person attends the online meeting;
Read and familiarise yourself with the privacy notice
If you have any queries, contact a contact person at an early stage and ask;
If documents are already sent in advance: Check all documents for completeness;
Eliminate all sources of interference or distraction;
Remove all objects that convey information (e.g. (family) pictures or medicines on the desk, posters or charts on the wall, etc.);
Switch off computer notifications or close programmes that send notifications (e.g. Outlook);
If another programme is used by third parties (clients, business partners, etc.): Familiarise yourself with the programme and its essential functions (switching camera and microphone on/off, screen sharing, blurr function, etc.);
If a breach of rules or a data protection breach is identified: Immediately inform the moderator;
Avoid and prevent information from being disclosed to unauthorised persons;
If the screen is shared: It is best to share only a section of the screen (even file icons can contain information).

Legal basis of the processing (Art. 13 para. 1 lit. c) DSGVO)

Purpose and legal basis of the processing

In order to conduct online meetings, telephone and/or video conferences and/or webinars, workshops or similar (hereinafter collectively "Meetings"), we use "Teams", a software of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft").
The legal basis for the processing of data to conduct online meetings using the aforementioned tool is our legitimate interest in the effective conduct of meetings pursuant to Art. 6 (1) lit. f DSGVO. Insofar as the online meetings are conducted within the framework of existing contractual relationships with you, the legal basis is Art. 6 para. 1 lit. b DSGVO.

It cannot be ruled out that meetings initiated by third parties are held using a tool other than the one provided by JENOPTIK (e.g. Zoom).
These tools are not covered by this declaration.

Scope of the processing

We collect and process different types of personal data about you, depending on the legitimate interest or contractual obligations.

During a meeting, the following data may be processed:

Participant details: if applicable, display name, first name, last name, telephone number, e-mail address, password (encrypted for authentication), profile picture (optional), department/team;
metadata: Meeting topic and description, IP address, participant phone number, type of device/software (Windows/Mac/Linux/Web/iOS/Android Phone/Windows Phone), time of last participant activity, number of chat and channel messages, number of meetings attended, duration of audio, video and screen sharing time;
For chat, or channel message use: text data for display and logging if necessary;

In case of exchange of files: the personal data contained in the files;

When using audio: Recording data of the microphone;
For video use: Recording data of the video camera;
For recordings: Audio, video and screen sharing for storage in the Cloud / Microsoft Stream;
For telephone use: incoming and outgoing call numbers, country name, start and end time, possibly further connection data such as the IP address of the device.

You are invited to an online meeting by e-mail with an invitation link and/or a calendar date. If you have a Microsoft account, you can also be invited to a meeting on an ad-hoc basis. In this case, your first name, last name and e-mail address will be processed. The same applies if a webinar or so-called broadcast is held. In this case, prior registration and/or activation may be necessary.

To participate in an online meeting, you must at least provide information on your name and - in the case of participation by telephone - your telephone number. In the latter case, we will inform you of this possibility of anonymous participation in the course of the invitation. You can deactivate the transmission via microphone and camera at any time via the corresponding settings. We only record meetings with your consent and prior notification. If the chat function is used in an online meeting, the content of the chat messages, the date and time and the participants are logged and stored. Microsoft stores and uses the metadata to enable us to analyse and report on the use of Teams and to provide technical support.

Recipients or category of recipients of the personal data (Art. 13 para. 1 lit. e) DSGVO)

Within our company, those departments that need your data to process the above-mentioned purposes will receive access to it. Processors (Art. 28 DSGVO) and other service providers used by us may also receive data for these purposes. These are companies in the IT services category.

Data will only be passed on to recipients outside our company if regulations permit or require this or if we are otherwise authorised to pass on data. Under these conditions, recipients of personal data may be:

Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft").
Public bodies and institutions, where there is a legal or regulatory obligation.
In rare individual cases of maintenance or for fault analysis, support partners of hardware or software may be used. The legally stipulated contractual regulations on purpose limitation and confidentiality are concluded with these partners.

Transfer to third countries (Art. 13 para. 1 lit. f) DSGVO)

Storage period (Art. 13 para. 2 lit. a) DSGV0)

Your personal data will only be stored for as long as required for the purposes set out in (Section II.) or until you object to the use of the personal data.
We only store your data beyond this period if there are still outstanding obligations from the contractual relationship or legal requirements. These include, among others, the tax and commercial law retention and documentation obligations.

Your rights

If your personal data is processed, you as the data subject have the following rights vis-à-vis the data controller. To exercise your rights below, please contact the data protection officer responsible for the data controller.

1. right to information

You can request confirmation from us as to whether personal data relating to you is being processed by us. If such processing is taking place, you can request information from us about the following:

(1) the purposes for which the personal data are processed;

(2) the categories of personal data which are processed;

(3) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;

(4) the planned duration of the storage of the personal data relating to you or, if specific information on this is not possible, criteria for determining the storage duration;

(5) the existence of a right to rectify or erase personal data concerning you, a right to have processing restricted by the controller or a right to object to such processing;

(6) the existence of a right of appeal to a supervisory authority;

(7) any available information on the origin of the data if the personal data are not collected from the data subject;

(8) the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information on whether personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 of the GDPR in connection with the transfer.

2. right of rectification

You have a right of rectification and/or completion vis-à-vis the controller if the personal data processed concerning you are inaccurate or incomplete. The controller shall carry out the rectification without undue delay.

3. right to restriction of processing

You may request the restriction of the processing of personal data concerning you under the following conditions:

(1) if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;

(2) the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;

(3) the controller no longer needs the personal data for the purposes of processing but you need them for the establishment, exercise or defence of legal claims; or

(4) if you have objected to the processing pursuant to Art. 21 (1) DSGVO and it has not yet been determined whether the legitimate grounds of the controller override your grounds.

Where the processing of personal data relating to you has been restricted, those data may be processed, with the exception of their storage, only with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or of a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

4. right to erasure

a) Obligation to delete

You may request the controller to erase the personal data concerning you without delay and the controller is obliged to erase this data without delay if one of the following reasons applies:

(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.

(2) You revoke your consent on which the processing was based pursuant to Art. 6(1)(a) or Art. 9(2)(a) DSGVO and there is no other legal basis for the processing.

(3) You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR.

(4) The personal data concerning you have been processed unlawfully.

(5) The deletion of personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.

(6) The personal data concerning you was collected in relation to information society services offered pursuant to Art. 8(1) DSGVO.

b) Information to third parties

If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17(1) of the GDPR, it shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers which process the personal data that you, as the data subject, have requested that they erase all links to, or copies or replications of, that personal data.

c) Exceptions

The right to erasure does not exist insofar as the processing is necessary

(1) to exercise the right to freedom of expression and information;

(2) for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) DSGVO;

(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the GDPR, where the right referred to in Section (a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or

(5) to assert, exercise or defend legal claims.

5. right to information

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to communicate this rectification or erasure of the data or restriction of processing to all recipients to whom the personal data concerning you have been disclosed, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed of these recipients by the controller.

6. right to data portability

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data has been provided, provided that

(1) the processing is based on consent pursuant to Art. 6 para. 1 lit. a DSGVO or Art. 9 para. 2 lit. a DSGVO or on a contract pursuant to Art. 6 para. 1 lit. b DSGVO and

(2) the processing is carried out with the aid of automated procedures.

In exercising this right, you also have the right to have the personal data concerning you transferred directly from one controller to another controller, insofar as this is technically feasible. This must not affect the freedoms and rights of other persons.

The right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6(1)(e) or (f) DSGVO; this also applies to profiling based on these provisions.

The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.

8. right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

9. automated decision in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

(1) is necessary for the conclusion or performance of a contract between you and the controller,

(2) is authorised by Union or Member State legislation to which the controller is subject and that legislation contains adequate measures to safeguard your rights and freedoms and your legitimate interests; or

(3) is done with your express consent.

However, these decisions must not be based on special categories of personal data pursuant to Art. 9(1) of the GDPR, unless Art. 9(2)(a) or (g) applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.

The user is not subjected to any such automated decision in individual cases, including profiling, when using our website.

10. right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority (you can find the competent supervisory authority here), in particular in the Member State of your residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.