Privacy

Privacy Policy and Cookies Policy

This Privacy Policy satisfies the disclosure requirements according to Art. 12 ff. of the EU General Data Protection Regulation (“GDPR”) and provides a summary of the processing of your personally identifiable information (“personal data”, “personal information”) on this website.

1. Who is accountable for processing my data?

Bertelsmann SE & Co. KGaA
Carl-Bertelsmann-Straße 270
33335 Gütersloh, Germany
Phone: +49 (0) 5241-80-0
Fax: +49 (0) 5241-80-62321
Email:

is responsible for processing your data on this website (hereinafter referred to as “we”). We process personally identifiable information (“personal data”) in accordance with GDPR provisions and the German Federal Data Protection Act (BDSG).
You can contact our designated Data Protection Officer at the address indicated above by using the reference ‘For the attention of the Data Protection Officer’ or by writing to: .

2. What data is collected?

When you visit our website, the data of the computer you use to access our website is automatically logged (“access data”). This access data includes server log files that generally consist of information pertaining to your web browser type and version, your operating system, your internet service provider (ISP), the date and time you used the website, the websites previously visited by you and the websites you accessed from our website, in addition to the IP address of your computer. With the exception of your IP address, the information contained in the server log files is not personally identifiable. An IP address is personally identifiable when it is static (permanently allocated when using internet access) and the ISP is able to attribute it to a specific person.
Some features of our website require that you divulge personal information to us. In this case, the information provided by you is used to provide the service requested by you or process a matter submitted by you (e.g. search queries, entries made in forms or contracts, click data).

3. What cookies are used?

Cookies are used on our website. Cookies are small text files that are saved to your computer when visiting a website. The cookies that are saved can be attributed to the web browser used by you. When the website is visited again, the web browser returns the content of the cookies, thus enabling you, the user, to be recognized. Certain cookies are deleted when you log out or end the browser session (“transient cookies” or “session cookies”). Other cookies are saved for a specific period of time (“temporary cookies”) or indefinitely (“persistent cookies”). These cookies are automatically deleted when the defined period lapses. The privacy and security settings of your browser enable cookies to be deleted at any time and also enable you to configure the use of cookies in accordance with your preferences. However, you may not be able to use all the features of our website if you delete the cookies used by our website.
As a general principle, cookies enable online recognition without reference to a specific person. Cookies may become personally identifiable when the information they contain is merged with other information apart from the information generated by the cookies themselves. Here a distinction is made between cookies that are necessary for the provision of website features, and cookies that are required for other purposes, e.g. marketing reach measurement, web analysis and market research.
The cookies that are required for the provision of website features include the following in particular:

  • Cookies that are used to identify or authenticate the user;
  • Cookies used to temporarily store user input (e.g. the content of a shopping cart or online form);
  • Cookies used to store user preferences (e.g. search or language settings);
  • Cookies that store data to enable the trouble-free rendering of video or audio content.

Cookies that are needed for other purposes of the website include analytics cookies to record the usage behaviour of our users and evaluate it in the form of statistics (e.g. advertising banners clicked, sub-pages visited, search queries conducted).

4. What data is collected and for what purpose?

The purpose of data processing may be based on technical, contractual or statutory requirements or result from consent having been given by the user.
We use the data described in section 2 for the following purposes:

  • To provide website features and content and ensure technical security in troubleshooting technical issues and also to ensure that unauthorized persons do not gain access to our website systems;
  • To conduct marketing reach measurements and web analyses in order to make our website more efficient and interesting for you, and for market research purposes;
  • To ensure that the cookie settings selected by website visitors are taken into account;
  • For communication, completion of precontractual procedures, and customer care purposes; and
  • To send out press releases via email.

For information on other data processing purposes, please refer to the sections below of this Privacy Policy.

4.1 Provision of the website

4.1.1 Description and scope of data processing

In order to enable the proper functioning of our website, security analyses to be conducted, and denial-of-service attacks to be prevented and stopped, server log files are automatically collected and saved on a short-term basis as an integral part of access data that is created by the system of the visiting computer upon accessing our website and while using it (see section 2). The content of the server log files is not merged with other data. We use the server log files for statistical analyses to troubleshoot and remedy technical issues, prevent and defend against denial-of-service attacks and attempted fraud, and to optimize the proper functioning of our website.

4.1.2 Purpose and legal basis of data processing

The legal basis for the creation of server log files follows from Art. 6(1)(f) GDPR. Our legitimate interests lie in the proper functioning of our website, conducting security analyses and defending against threats.

4.1.3 Duration of storage or criteria applied in defining this period

When the pages of our website are accessed, information is logged to server log files that are stored on our web server; the IP address contained in them is deleted after 7 days at the latest. No analysis is conducted during this time unless there is a denial of service or other attack.

4.1.4 Options for lodging an objection and having your data removed

You have the right to lodge an objection to the processing of your data contained in the server log files provided that there are cogent reasons that arise from your specific situation. If you would like to exercise your right to lodge an objection, please write to the contact address in section 1.

4.2 Contact form, email and telephone contact information

4.2.1 Description and scope of data processing

On our website you have the option of contacting us by way of a contact form, by email or by telephone using the designated email address and phone number. If you take advantage of this option, the information you enter in the contact form, your email address and/or your phone number are disclosed to us. Depending on the reason you are contacting us (questions about our products and services, pursuing your rights as a data subject, e.g. submitting a request for information) your contact details are processed (with the assistance of service providers). If necessary for processing your request, this information may be shared with third parties (e.g. partner companies).

4.2.2 Purpose and legal basis of data processing

The legal basis for processing your contact details follows from Art. 6(1)(f) GDPR. We have legitimate interests in processing your request and in continued communication. If the purpose for your establishing contact with us is to enter into a contract with our company, the legal basis for processing your contact details follows from Art. 6(1)(b) GDPR.

4.2.3 Duration of storage or criteria applied in defining this period

Your contact details are deleted once your request has been processed and further communication has been discontinued. This does not apply if the purpose of your establishing contact with us is to conclude a contract or you wish to exercise your right as a data subject (e.g. request information). In this case your details are stored until all contractual and/or statutory obligations have been fulfilled and statutory retention periods (currently 6 to 10 years) do not prevent this information from being deleted.

4.2.4 Options for lodging an objection and having your data removed

You have the right to lodge an objection to the processing of your contact information provided that there are cogent reasons that arise from your specific situation. If you would like to exercise your right to lodge an objection, please write to the contact address in section 1. If you lodge an objection, communication with you cannot be continued. This does not apply if the storage of your contact details is necessary for completing precontractual procedures, fulfilling a contract or exercising your rights as a data subject.

4.3 Dispatch of newsletters

4.3.1 Description and scope of data processing

On the website, it is possible to subscribe to newsletters and notifications from the company free of charge via e-mail or SMS. For this purpose, your data from the registration mask on the website will be transmitted to the company and processed further (with the help of service providers) for sending the messages and newsletters. When you register, we will ask for your consent and refer you to this data protection notice. Your data will not be passed on by us to companies outside the group. Your e-mail address or mobile phone number is required in order to receive communications and newsletters. It is also necessary to process your access data in order to be able to prove that you have given your consent. Further data can be provided voluntarily in order to be able to address you personally.

4.3.2 Purposes and legal basis of data processing

Data processing in the context of sending a newsletter is necessary for the transmission of information and communication to you. The legal basis for the processing is your consent to the newsletter dispatch pursuant to Art.6 (1)(a) DSGVO.
We are entitled, even after possible revocation of consent, to store it for 3 years for verification purposes. The legal basis for the (continued) storage of the consent is Art. 6 (1) (c) in conjunction with Art. 5 (1) (a), (2), Art. 7 (1) DSGVO and Art. 6 (1) (f) DSGVO.

4.3.3 Duration of storage or criteria for determining this duration

The data is stored during the subscription to the messages and newsletters. After they have been unsubscribed, the data will be stored for 3 years in order to prove that the Company has obtained your consent for sending the communications and newsletters. The same applies if you have revoked your consent. Your data will then be deleted from our distribution lists or blocked.

4.3.4 Revocation and removal options

You have the following options against the use of your data by us for the purpose of sending the newsletter: If you have given your consent to receive communications and newsletters, you may revoke this consent at any time with future effect by notifying the Company of your revocation via with the subject "Revocation Newsletter". An objection to data processing does not lead to deletion of data that may be retained due to legal obligations.

4.4 Dispatch of press releases

4.4.1 Description and scope of data processing

On our website you have the option of subscribing to our press releases by email or text messaging free of charge. Your details are transferred to us from the registration form and processed in order to send you the press releases (with the assistance of service providers). When registering, your consent is obtained and you are advised of this Privacy Policy. Your details are not shared with third parties. The obligatory information required for receiving our press releases is either your email address or mobile number. Processing your access data is also necessary to show proof of your giving your consent. Other information may be voluntarily provided in order to address you personally.

4.4.2 Purpose and legal basis of data processing

The legal basis for processing your data to dispatch press releases is Art. 6 (1) GDPR with reference to Section 7 (2) 3. Act against Unfair Competition. Data entered by you in the registration form is solely used for the dispatch of press releases of the company.
If you are contacted within the scope of our existing business relations or our common business interests processing your data take place persuant Art. 6 (1) (f) GDPR. The legitime legal interest of the company is the continued communication of relevant information of the company.

4.4.3 Duration of storage or criteria applied in defining this period

Data is stored for the duration of your subscription of the press releases. If you unsubscribe, the purpose for which they were collected or otherwise processed will no longer apply and your data will be deleted from our mailing list. By cancelling your subscription you revoke your consent or object processing your data. Your data will then be erased or locked from our mailing lists.

4.4.4 Options for lodging an objection and having your data removed

If the data is processed on the legal basis of your consent pursuant to Art. 6 (1) (a) GDPR, you can withdraw consent with effect for the future at any time. The withdrawl is to be sent to with the subject line "revocation of press releases".
If your data is processed on the basis of a legitimate interest pursuant to Art. 6 (1) (f) GDPR, you can object to the processing of your data at any time for reasons arising from your particular situation by sending an e-mail to with the subject line "objection press release". By revoking your consent or object into processing your dara, we will revoke your personal data from our company’s internal mailing list.

4.5 Cookies

4.5.1 Functional Cookies

On our website, we use cookiebot, a webservice developed and administered by Usercentrics A/S, Havnegade 39, 1058 Copenhagen (hereinafter: cookiebot.com). We use this service to collect, store and respect your cookie preferences in compliance with the GDPR. In order to do so, your browser will submit your IP-Address to cookiebot.com and cookiebot.com will assign you a cookie-ID which contain your cookie choices. The legal basis for this processing of personal data is Art. 6 (1) f GDPR, whereas the our legitimate interest is to store your privacy and cookie choices in a format which suits our technical setup. You can find further information, such as your rights as a data subject and information on deletion under: https://www.cookiebot.com/de/privacy-policy/  . You can surpress the aforementioned processing of personal data by deactivating the execution of scripts in your browser or use a script blocker such as: www.noscript.net  oder www.ghostery.com  .

4.5.2 Consent-based cookies

We use the following cookies in case you provided us your consent according to art. 6 par. 1 lit. a GDPR. Without your consent, you can access the website without these cookies.

4.5.2.1. Google Analytics and Google Tag Manager

We use the web analysis services of Google Inc. ("Google") to analyze the use of the websites, in particular: Google Analytics. A cookie is set for this purpose. The information generated by this cookie about your use of this website (including your IP address) is transferred to a Google server in the USA and stored there.
The website uses Google Analytics exclusively with the setting of IP anonymization, so that IP addresses are only processed in a shortened form in order to exclude references to individual website visitors. Through the IP-anonymization on this website, your IP address will be shortened by Google within member states of the EU or in other signatory states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there.
Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage. Google will not associate your IP address with any other data held by Google. If you provide your consent, you agree to the processing of the data collected about you by Google in the manner and for the purpose described above.
Google may transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf.
For more information on data processing related to Google Analytics, refer to the Google’s privacy policy: https://policies.google.com/privacy?hl=en  .

4.5.2.2. Google Double Click

This website uses the online marketing tool DoubleClick from Google. Double-Click uses cookies to serve ads relevant to web site visitors, to improve campaign performance reports, or to prevent a user from seeing the same ads more than once. Google uses a cookie ID to identify which ads are served on which browser, so it can prevent them from being shown more than once. DoubleClick may also use cookie IDs to track conversions related to ad requests. This is the case, when a user sees a DoubleClick ad and then visits the advertiser's site on the same browser to make a purchase. According to Google, DoubleClick cookies do not contain any personally identifiable information.
Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of DoubleClick, Google receives the information that you have visited the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider will identify and save your IP address.
In addition, DoubleClick's floodlight cookies allow us to understand whether you perform certain actions on our site after you view or click on one of our display/video ads on Google or another platform through DoubleClick (conversion tracking). DoubleClick uses this cookie to understand the content that you have interacted with on our sites so that we can later send you targeted advertisements. For more information about DoubleClick by Google, please visit www.google.de/doubleclick  and support.google.com/adsense/answer/2839090  , and for general information about privacy at Google, please visit https://policies.google.com/privacy?hl=en  . Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org  .
Right of objection: The collection and storage of data by Google Analytics can be objected to at any time with effect for the future. You have the possibility to install a browser plug-in published by Google. This is available for various browser versions and can be downloaded here.
You can object to the use of the aforementioned web tracking services at any time by changing your browser settings and/or clicking the following link to download and install the available browser plug-ins:

Google Analytics: https://tools.google.com/dlpage/gaoptout 

You can prevent and object to this tracking procedure in various ways:

  • by changing the settings in the cookie settings section of this website;
  • by adjusting your browser software settings accordingly, in particular the suppression of third-party cookies means that you will not receive ads from third parties;
  • by disabling cookies for conversion tracking by setting your browser to block cookies from the domain "www.googleadservices.com", https://www.google.de/settings/ads  , this setting will be cleared when you delete your cookies;
  • by permanently disabling cookies in your Firefox, Internet Explorer or Google Chrome browsers at http://www.google.com/settings/ads/plugin  .

Please note that in this case you may not be able to use all functions of this website.

4.6 External services and content on our website

We integrate external services and content on our website. If you use one of these services or you are shown the content of third parties, communication data is exchanged between you and the provider of that service or content for technical purposes.
That provider may use your data for their own purpose. To the best of our knowledge and belief, we have configured the services or content of third-party providers who are known to use data for their own purposes so that communication for purposes other than rendering their content or services on our website is prevented or communication does not come about unless you actively decide to use the service. However, since we have no control over the data collected by third parties and its processing by them we are unable to make any binding statements pertaining to the purpose and scope of the processing of your data.
For further information on the purpose and scope of the collection and processing of your data, please refer to the privacy policy of the responsible provider (under data protection law) of the services or content integrated by us:

  • YouTube (videos)
  • Google Maps
  • MovingImage24

4.7 Processing of your data by using a Connector ID (C-ID)

4.7.1 Creation of the Connector ID (mutual responsibility)

As long as you have given C-ID online consent according to cypher 4.7.4.2, we transfer the Cookie-ID, the IP address gathered while placing the cookie, and device information to the Bertelsmann Data Services GmbH, Carl-Bertelsmann-Str. 270, 33311 Gütersloh („BDS“). BDS processes this data to generate a unique Connector-ID („C-ID“). Subsequently, this data is deleted by BDS. The C-ID is an indicator allowing the respectively involved Bertelsmann business unit to determine which data base of the other involved Bertelsmann business units contains an existing person saved in their own data base.
Moreover, we transmit the ID (Customer-ID) that we have allocated to your data set to our data catalog, as well as, an anonymized data catalog to BDS. The anonymized data catalog consists of aggregated, non-personal information on data saved in our customer data base (“anonymous data catalog”). For all involved Bertelsmann business units, BDS centrally gathers and manages the C-ID, the customer ID, information on the anonymous data catalog and which consent to a C-ID exists in the involved Bertelsmann business units.

The data processing mentioned above happens to ensure our and the eligible interests of the other Bertelsmann business units involved based on article 6 (1) (f) DS-GVO (GDPR). This initially happens, to allow us and the involved Bertelsmann business units to estimate via a request to the BDS, within which of the involved Bertelsmann business units the same C-ID exists and which potential the anonymous data catalog offers for data exchange. Furthermore, this is to enable us and the other involved Bertelsmann business units to exchange data based on interest assessment (cypher 4.7.2) using the C-ID or if your consent was given, to send you interesting and useful offers as well as advertisements and to design the respective websites, products and services accordingly.

You can access the currently involved Bertelsmann business units at https://dataservices.bertelsmann.de/participatingcompanies/  or request them postally or via email at .
For data processing during the creation of the C-ID we and BDS are mutually responsible in terms of data protection law. In this respect we have determined a common agreement ac-cording to article 26 DS-GVO on who of us fulfills which duties according to the DS-GVO (GDPR). This particularly affects exercising the rights of the affected persons and the fulfill-ment of the information obligation according to article 13 and 14 DS-GVO (GDPR).

This agreement is necessary because personalized data is being processed in the different steps of the C-ID creation, which are either operated by us, the BDS or by both parties to-gether. Even when the mutual responsibility exists, in terms of data protection law, each party fulfills their own duties accordingly to their responsibilities for the individual process section as follows:

  • For the process of transmitting of the above-mentioned data we are responsible.
  • For generating the C-ID we and BDS are mutually responsible.
  • For managing the C-ID as well as the deletion of data described above, transmitted to BDS for the C-ID creation, BDS is responsible.

You can allege your data protection rights with Bertelsmann Data Services GmbH, Corporate Data Protection, Carl-Bertelsmann-Str. 270, 33311 Gütersloh, Germany, or by email at .

4.7.2 Processing operations using the C-ID regardless of your consent

Regardless of the presence of your consent we and other involved Bertelsmann business units can share and use your name, your address, your contact data (if available) your date of birth (if available), and interest categories using the C-ID, when the requirements of article 6 (1) (f) DS-GVO (GDPR) is present, to send you interesting and useful offers as well as advertisements and to design the respective websites, products and services accordingly. Interest category means belonging to a group of addressees that have similar general characteristics (e.g. belonging to the same age group) or a comparable potential interest in specific products or services (e.g. purchases of the same product category, user of the same media content, e.g. TV series enthusiast). When choosing target group specific advertisement or adequate designs for offers, we can also use and additionally save anonymized information as well as data that we have received from data providers based on article 6 (1) (f) DS-GVO (GDPR), sufficiently considering your interests.

4.7.3 Right of objection

You can object to the use of your data for the data processing described in cypher 1.1 and 1.2 at any time, as described under cypher 7. Your data will then no longer be used for these purposes in the future.

4.7.4 Processing using the C-ID based on your consent

4.7.4.1 Using your IP address and cookie ID to generate the C-ID

When you use our offer, we set a cookie with your consent, in which we store a cookie ID. The cookie ID is a randomly generated character string that is used by our offer as an identifier in subsequent invocations. This cookie is a small text file that is stored by your Internet browser. If you have also given your C-ID online consent in accordance with cypher 4.7.4.2, we will transmit the cookie ID, the IP address collected when the cookie was set and information about your terminal device to BDS to generate the C-ID. The legal basis for the collection and transmission of this data is article 6 (1) (a) DS-GVO (GDPR).

4.7.4.2 Consent to the cross-offer processing of data by Bertelsmann companies for analysis, product development, measurement, advertising and risk management ("C-ID Online Consent")

If you have given your consent to the cross-offer processing of data by Bertelsmann compa-nies across all offers for analysis, product development, measurement, advertising, and risk management ("C-ID Online Consent") to us, BDS or a Bertelsmann company involved, your data will be processed - in addition to the purposes described in cypher 4.7.2 - on the basis of article 6 (1) (a) DS-GVO (GDPR) as follows:

We, the other Bertelsmann companies involved, and BDS share and use the following data (if available, hereinafter referred to as "Online Data") using the C-ID, in each case under our own responsibility:

  • Your IP address;
  • Details about the content you have requested and about your usage behavior (e.g. which web pages and sections you have viewed and when);
  • the content you enter on the website (e.g. search terms, login data, ratings, form entries, click data);
  • The date and time of access, information about the Internet browser you are using, the duration of your visit to the site, and the page you previously visited from which you accessed our site; and
  • Device information such as the terminal device model and other information about your device (e.g. browser, language, time zone settings, operating system, platform, and screen resolution);

to personalize ads and content on the websites and apps of the participating Bertelsmann business units or BDS based on a profile and to measure the performance of ads and content on these websites and apps. Furthermore, insights can be derived about target groups that have viewed the ads and content. Finally, your online data may be used to build or improve the usability, systems, and software of participating Bertelsmann business units. Furthermore, findings/profiles derived in this way can be transmitted between the Bertelsmann companies involved on the basis of the C-ID and used for the aforementioned purposes.
Moreover, we use the C-ID to pass on your online data/profiles to other involved Bertelsmann business units so that they can automatically check whether there are any indications of possible fraudulent conduct when ordering paid content, goods or services from these Bertelsmann business units or third parties for whom this Bertelsmann business unit provides payment services. This also includes the decision whether a high-risk payment method such as purchase on account can be offered for this order. The online data/profiles shared between the involved Bertelsmann business units using the C-ID will not be passed on to the third party.
Details can be found in the respective consent dialog of the offer for which you give consent. If you have given consent to the processing of your online data for this purpose, you can revoke your consent at any time with effect for the future, as described under 4.4. In this case, the processing of your data described above will no longer take place.

5. Who comes into possession of my personal data?

Within our company those who need access to your information for the purposes described in section 4 will be given access to it. Service providers contracted by us may also be given access to your information (“contract data processors”, e.g. data centers, mailing services for newsletters, web tracking). They are bound by our directives and must provide for data security and the confidential treatment of your information under the contract data processing agreements we have concluded with them.
No sharing of information with other recipients such as advertising partners, providers of social media services or credit institutions (“third parties”) takes place.

6. Is my personal data processed outside of the EU or EEA (‘transfer to a third country’)?

The use of Google Analytics as described in section 4.4 above causes personal data to be transferred to a third country since the data centers of Google Inc. are located outside of the European Union and the European Economic Area (“EU or EEA”). Such transfers of personal data to third countries may result in your personal information being transmitted to a country which does not provide for the same standard of data protection as the EU or EEA.

7. What data privacy rights do I have? 

You have the right to request access to your personal data that is currently stored by us. If this data is incorrect or not up to date, you have the right to request rectification. You also have the right to have your personal data erased and/or its processing restricted as provided for in Art. 17 and Art. 18 GDPR. You also have the right to request a copy of the personal data provided by you in a structured, commonly-used, machine-readable format (right to data portability). 

If you have given your consent to the processing of your personal information for specific purposes, you can revoke that consent at any time for the future. Your notice of revocation is to be addressed to us by writing to the contact address indicated in section 1. 

Pursuant to Art. 21 GDPR, you also have the right for reasons relating to your specific situation to raise an objection to the processing of your data that is done on the basis of Art. 6(1)(f) GDPR. You also have the right to lodge an objection to the processing of your personal information for direct marketing purposes. The same applies to automated processes involving the use of individual cookies, unless they are required for providing the functionality of our website. 

You also have the right to lodge a complaint with the competent data protection authority. The authority responsible for us is: 

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Kavalleriestr. 2-4
40213 Düsseldorf, Germany
Phone: 0211/38424-0
Fax: 0211/38424-10
Email:  

You also have the right to contact the data protection authority at your place of residence and request support in pursuing your matter.

8. To what extent does automated decision-making take place?

We do not use any fully automated decision-making processes for any of the purposes set out in section 4.

9. Is profiling done?

No profiling takes place for any of the purposes set out in section 4.

10. Microsoft Teams based Online Meetings

Here you will find information about the processing of your personal data in the context of participation in an Microsoft Teams-based online meeting (hereinafter only "online meeting" or “Teams meeting”)

Who is responsible for processing my data ?
As a rule, the company from which you have received an invitation to a Teams meeting is responsible within the meaning of data protection law. It may also be that you receive an invitation from one company only on behalf of another - in this case, the organizer may provide you with more details. In addition, you will find the relevant company addresses to which you can address a data protection concern with the address supplement "To the Data Protection Officer" on the website of the Group company concerned.

What personal data is processed ?
Two types of data are processed in the context of online meetings: systemically required data and data that is generated through your interaction in the context of the meeting.
Systemically required data is information about your access and the conduct of the meeting: login (time, day), IP address, email address, meeting ID, authorizations (e.g. whether you are allowed to share your screen) and hardware information. In addition, data is processed depending on how you interact in the meeting (interaction data), so, for example, chat messages that you write might be recorded. If you switch on your camera, video files about you will be processed. Use of the video function is voluntary. In online meetings, as in normal (VoIP) telephone calls, audio files are processed for communication between the participants.

For what purposes and on what basis is my data processed?
The processing takes place in order to conduct online meetings (using audio and/or video functions). In principle, processing is carried out for the purpose of carrying out online meetings on the basis of our legitimate interest (Art. 6 (1) f GDPR) in order to provide an efficient communication platform that is available to many people. In special situations, however, more specific legal bases may apply. For example, your consent is always obtained (Art. 6 (1) a GDPR) if an online meeting is recorded. No recording will be made without your consent. If the online meeting is held in the context of contractual negotiations or relationships, Art. 6 (1) lit. b GDPR may also be the legal basis for processing. If we are legally obliged to process data, the lawfulness is based on Art. 6 (1) c GDPR.

Who receives my data?
Both systemically required data and interaction data processed in connection with participation in online meetings will not be passed on to third parties. Data such as video, chat or voice are shared with the participants during the conference. If a recording is to be made available to other parties at a later date, for example for training courses or product presentations, this will be communicated separately. We use Microsoft Teams, a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA to conduct our online meetings. Microsoft acts as a data processor for us for the purposes described herein. This means that Microsoft may only process the above-mentioned data on our instructions and not for its own purposes.

Will my data be transferred to a third country?
In principle, your data will not be transferred to a country outside the EU/EEA. However, in the event of malfunctions, Microsoft may access your data remotely to assist us with troubleshooting. In these cases, we have taken appropriate measures to ensure an equivalent level of data protection at Microsoft.

How long will my data be stored?
The data is stored for as long as it is required for the stated purposes, unless longer storage is required by law. If we obtain your consent to a recording, the storage period is specified according to the scope of the respective consent. The recording will be deleted by the recording party as soon as it is no longer required. Systemically required data is usually deleted after 30 days.

What rights do I have in relation to my data?
You are entitled to all rights under Chapter III GDPR: In addition to the right of access (Art. 15), you have the right to rectification of your data (Art. 16), erasure (Art. 17), restriction (Art. 18) and the right to object to data processing (Art. 21) or to receive a copy of the data concerning you (Art. 20), if the respective eligibility requirements are met. If you have given your consent, you have the right to withdraw your consent at any time with effect for the future. Finally, you have the right to lodge a complaint with a supervisory authority.

For further questions:

Date of this Privacy Policy: February, 13 2024