Information on the processing of Personal Data according to Art. 13 and 14 GDPR
by ProVeg e.V.,
Genthiner Straße 48, 10785 Berlin.
The following data protection notices are made in connection with Online Meetings.
- Who is responsible for data processing and whom can I contact?
The controller responsible for data processing is
ProVeg e.V.,
Genthiner Straße 48, 10785 Berlin.
The email address for data protection issues is: [email protected].
Note: If you access the website of an online meeting provider, the respective provider is responsible for the data processing that takes place when you visit the website. However, it is only necessary to access the website in order to download any software required to use the online meeting service.
- From which source did we get the data?
We have obtained your data, which is personal data in the sense of Article 4 No. 1 GDPR, through your participation in our online meetings.
- Which Data do we use?
We only use the data that we receive from you exclusively from your participation in an online meeting.
When participating in an online meeting, these categories of personal data may be subject to processing:
- Personal details
- First name and surname,
- telephone number,
- e-mail address,
- password,
- Profile picture if applicable,
- Company, if applicable,
- Department, if applicable,
- Job title, if applicable.
- Meeting metadata:
- Topic, description,
- Participant IP addresses,
- end device information.
- For recordings:
- MP4 file of all video, audio and presentation recordings,
- M4A file of all audio recordings,
- text file of all online meeting chats.
- When transcribing a meeting:
- A text version of the words spoken in the meeting.
- A text version of the words spoken in the meeting.
- When dialing in by telephone:
- Details of the incoming and outgoing telephone number, country name, start and end time,
- if necessary, further connection data such as the IP address of the end device can be processed
- Text, audio and video data:
- You may have the option of using the chat, question or survey function in an online meeting. In this case, the text entries you make are processed in order to display them in the online meeting and, if necessary, to log them. In order to enable the display of video and the playback of audio, the data from the microphone and/or video camera of your end device will be processed for the duration of the online meeting. You can deactivate or mute the camera and/or microphone at any time using the provider’s online meeting software.
As a rule, only your data, i.e. the data of you as the contact person within the company, is personalized.
- What is the purpose of the data processing?
We use the Zoom and Google Meet services to conduct conference calls, online meetings, video conferences and webinars (hereinafter: ‘Online Meetings’).
Zoom is a service of Zoom Video Communications, Inc. based in the USA.
Google Meet is a service of Google Ireland Limited, based in Ireland.
We use the aforementioned data to conduct an online meeting. If we want to record online meetings, we will inform you in advance and obtain your consent. The fact of the recording will be displayed to you in the online meeting software.
If it is necessary to record the results of an online meeting, we will record the text entries. In the case of webinars, we may process the questions asked by participants for the purposes of recording and following up webinars.
Optionally, we send you the recording after the meeting.
Zoom AI Companion
In some online meetings, we use AI-supported functions such as the Zoom AI Companion to automatically create summaries of an online meeting. The Zoom AI Companion summarizes the key points of an online meeting, including the most important topics, decisions and action points. Important moments in an online meeting are highlighted, e.g. when someone shares their screen or asks a question. The Zoom AI Companion also shows the share of speech that people had in an online meeting. Data processing using the Zoom AI Companion helps us to improve internal communication by documenting the key content of meetings and making it accessible. The summaries are only accessible to authorized participants of the respective online meeting.
- On what legal basis is my data processed?
The provision of your data is not required by law.
However, some of the data mentioned is required to hold an online meeting. Without providing the data required to conduct an online meeting, you will not be able to participate in the online meeting.
The provision of other data is voluntary, but may be necessary for the use of certain functions or services.
We will inform you when you enter data if it is required for the respective service or function. These data are marked as mandatory fields. If data is required, failure to provide it will mean that the service or function in question cannot be provided. In the case of optional data, failure to provide it may mean that we cannot provide the online meeting in the same form and to the same extent as usual.
Article 88 para. 1 GDPR in conjunction with Section 26 para. 1 BDSG or Art. 6 para. 1 lit b) GDPR
The legal basis for the data processing described is Art. 88 para. 1 GDPR in conjunction with Section 26 para. 1 sentence 1 BDSG (implementation of the employment relationship), if you are in an employment relationship with us) or Art. 6 para. 1 lit. b GDPR (implementation of a contract), if you are in another contractual relationship with us, e.g. the Incubator Program.
Article 6 para. 1 lit. f) GDPR
The processing of your data is justified by the pursuit of our legitimate interests, based on our interest in organizing online meetings and making them efficient. This applies if you are a participant in an online meeting without also being an employee.
Article 6 para. 1 lit. a) GDPR
If we record an online meeting or send you the recording afterwards, this is done on the basis of your consent.
- Who receives my data?
Content from online meetings is available to all participants.
Within our company, only those persons and departments that require your personal data to fulfill our contractual and legal obligations will receive it.
In addition, the provider of the online meeting software has access to your data insofar as this is necessary in the context of order processing.
This does not apply if we conduct an online meeting with end-to-end encryption. In this case, the provider of the online meeting software cannot access the content of an online meeting. Otherwise, we will of course treat your data confidentially and will not pass it on to third parties.
- How long will my data be stored?
If there are no statutory retention periods, your data will be deleted as soon as it is no longer required for the purpose for which we collected it. In the case of statutory retention periods, the deletion takes place after expiry of the retention obligations.
- Is Data processed outside the European Union?
We also use service providers based in third countries outside the European Union to process your data. Countries outside the European Union handle the protection of personal data differently than countries within the European Union. There is currently no decision by the EU Commission that these third countries generally offer an adequate level of protection.
We have therefore taken special measures to ensure that your data is processed just as securely in third countries as it is within the European Union.
When we use service providers from third countries, we conclude with them the data protection contract (standard data protection clauses) provided for by the European Commission for the processing of personal data in third countries. This provides appropriate guarantees for the protection of your data with service providers in the third country.
Zoom is a service provided by a provider from the USA.
In addition, when using Google Meet, data may be transferred to the parent company Google LLC.
This means that both service providers are headquartered in the USA. Due to the Data Privacy Framework between the USA and the EU, which has been in force since 2023, it has been possible for these companies to be certified by US data protection authorities since it came into force and thus confirm their level of data protection. The providers Zoom Video Communications, Inc. and Google LLC are certified in accordance with the EU-U.S. Data Privacy Framework. This provides suitable guarantees for the protection of your data when it is processed by these companies.
You can request information about the already certified companies or a copy of the corresponding guarantees using the contact details above.
- What Data Protection rights do I have?
Under the respective legal requirements of the GDPR, valid in the version from 25.05.2018,
I you have the right to receive information about the data stored about you (Art. 15 GDPR).
I If incorrect personal data are processed, you have the right to rectification (Art. 16 GDPR).
I If the legal requirements are met, you can request the deletion or restriction of processing
I revoke your consent (Art. 7 GDPR) or
I object to processing (Art. 17, 18 and 21 GDPR).
I Furthermore, you have the right to data portability (Art. 20 GDPR).
To exercise your rights, please contact
I You have the right to lodge a complaint with a supervisory authority (Article 77 (1) of the GDPR), in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes this Regulation.
You can contact our data protection officer at
datenschutz nord GmbH
Kurfürstendamm 212
10719 Berlin