Information on Data Protection

    We, the myneva Group GmbH and all companies listed in the imprint (hereinafter uniformly referred to as "myneva/we"), use the online platforms for interactive communication:

    1. "Teams”,
    2. "Zoom" and
    3. GoToMeeting/GoToWebinar ("GoTo").


    In the following provisions, we inform you about the type, scope and purpose of the collection and use of your personal data in connection with the respective online platform. Personal data is any information relating to an identified or identifiable natural person. This includes in particular your name and email address.

    Section A of this document contains general data protection information that applies uniformly to Teams, Zoom and GoTo. Individual data protection notices for the aforementioned online platforms can be found in Section B.

    New legal requirements, business decisions or technical developments may necessitate changes to our privacy policy. We always announce the current version in connection with the respective invitation to use Teams, Zoom or GoTo.

    Status [12/07/2022]

    Table of contents


    A. General data protection information
    1. Controller and Data Protection Officer
    2. Purpose of processing and types of personal data
    3. Data processing by myneva and legal basis
    4. Data transmission
    5. Duration for which personal data is stored / criteria for determining the duration
    6. Your rights
    7. No automated individual decision-making
    B. Special data protection information for Teams, Zoom and GoToWebinar
    1. special data protection information for telephone and video conferences via Teams
    1.1 Microsoft's own responsibility
    1.2 Purpose of processing and types of personal data
    1.3 Data transmission
    1.4 Data transfer to countries outside the EU
    1.5 Duration for which personal data is stored / criteria for determining the duration
    2. Special data protection information for telephone and video conferences via Zoom
    2.1 Own responsibility of Zoom Video Communications, Inc.
    2.2 Purpose of processing and types of personal data
    2.3 Data transmission
    2.4 Data transfer to countries outside the EU
    2.5 Duration for which personal data is stored / criteria for determining the duration
    3. Special data protection information for telephone and video conferences via GoTo
    3.1 GoTo's own responsibility
    3.2 Purpose of processing and types of personal data
    3.3 Data transmission
    3.4 Data transfer to countries outside the EU


    A. General data protection information

    1. Responsible person and data protection officer

    The controller within the meaning of data protection law is the respective company listed at
    https://www.myneva.eu/en/imprint
     listed company.
     The data protection officer of the respective company and their contact details can be found at
    https://www.myneva.eu/en/data-privacy



    2. Purpose of processing and types of personal data

    We use the respective online platform to conduct telephone conferences and/or video conferences, in particular in connection with online seminars for interested parties and specialist groups and/or employment relationships ("online meetings"). In this context, we process various types of personal data. The type and scope of the data depends in particular on the information you provide before or when participating in an online meeting. However, in order to be able to identify you as an authorised participant, you must at least provide your name. You can deactivate the video or microphone function at any time via the respective application.
    The personal data processed in connection with an online platform includes:

    • Profile data: First name, last name, telephone number (optional), e-mail address, password (if "single sign-on" is not used), profile picture (optional), department (optional)
    • Meeting metadata: Topic, description (optional), participant IP addresses, device/hardware information
    • Call history data: Information on the incoming and outgoing call number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be saved.
    • Content data: You may have the option of using chat, question, or survey functions in an online meeting. Your text entries and other shared data will be processed in order to display them in the online meeting.

     

    3. Data processing by myneva and legal basis

    Insofar as personal data of employees is processed by us, Section 26 (1) BDSG is the legal basis for data processing. If special categories of personal data are involved, the processing is governed by Section 26 (3) BDSG.
    However, if personal data in connection with the use of the respective online platform is not required for the establishment, implementation or termination of the employment relationship, Art. 6 para. 1 lit. f) GDPR is the legal basis for data processing. In these cases, our interest lies in the effective organisation of online meetings. Otherwise, the legal basis for data processing when organising online meetings is Art. 6 para. 1 lit. b) GDPR, insofar as the meetings are held within the framework of contractual relationships. In special cases (e.g. a recording of online meetings) in which you are asked for a declaration of consent in advance, the legal basis is Art. 6 para. 1 lit. a) GDPR.


    4. Data transmission

    Your personal data will only be transferred to third parties or other recipients if we are legally authorised to do so or if you have given your prior consent. Where necessary, we have concluded contracts with the recipients of your data, e.g. with Microsoft, for order processing in accordance with Art. 28 GDPR. We only pass on your data to government agencies within the scope of legal obligations or on the basis of an official order or court decision.


    5. Duration for which personal data is stored / criteria for determining the duration

    Your personal data will be stored by myneva for as long as it is necessary for the aforementioned purposes of processing, in the event of an objection there are no compelling reasons worthy of protection for myneva or in the event of revocation there is no other legal basis for data processing. In certain cases, e.g. if there is a legal obligation to retain data, your personal data will not be deleted immediately, but will first be blocked.


    6. Your rights

    Within the scope of the legal requirements, you are generally entitled to the following from myneva:

    • Confirmation as to whether personal data concerning you is processed by myneva,
    • Information about this data and the circumstances of the processing,
    • Correction if this data is incorrect,
    • Erasure, insofar as there is no justification for the processing and no (further) obligation to retain the data,
    • Restriction of processing in specific cases determined by law,
    • Objection in the event of data processing on the basis of Art. 6 para. 1 lit. f) GDPR and
    • Transmission of your personal data - if you have provided it - to you or a third party in a structured, commonly used and machine-readable format.

     

    If the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time, with the result that the processing of your personal data will become unauthorised for the future. However, this does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

    Please send your specific request in writing or by e-mail, clearly identifying yourself, to the respective responsible company at:
    https://www.myneva.eu/en/imprint
    or to the respective data protection officer:
    https://www.myneva.eu/en/data-privacy

    Finally, we would like to draw your attention to your right to lodge a complaint with the supervisory authority.

    Supervisory authority in Hamburg:
    The Hamburg Commissioner for Data Protection and Freedom of Information
    Ludwig-Erhard-Str 22, 7. OG 20459 Hamburg
    mailbox@datenschutz.hamburg.de


    7. No automated individual decision

    We do not use your personal data for automated individual decisions.


    B. Special data protection information for Teams, Zoom and GoToWebinar


    1. Special data protection information for telephone and video conferences via Teams

    Teams is a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, which is headquartered in the USA ("Microsoft"). You can find more information from Microsoft on data protection at Teams here.


    1.1 Microsoft's own responsibility

    If you access the Microsoft website to use Teams, Microsoft is responsible for data processing. However, it is only necessary to access the website to download the software for using Teams. You can also use Teams if you enter the relevant meeting ID and any other access data for the meeting directly in the Teams app. If you do not want to use the Teams app, the basic functions can also be used via a browser version.

    To the extent that Microsoft processes personal data in connection with its own legitimate business operations, as described in the Microsoft Online Services Terms of Use, Microsoft is an independent data controller for such processing, the legal basis for which, according to its own statement, is "legitimate interests". "Microsoft's legitimate business operations" in this context are, according to Microsoft's statement, the following, in each case as an incident of providing Teams to us: (1) billing and account management; (2) compensation (e.g., calculation of employee commissions and partner incentives); (3) internal reporting and modelling (e.g., forecasting, revenue, capacity planning, capacity planning); and (4) the provision of services to us. forecasting, revenue, capacity planning, product strategy); (4) combating fraud, cybercrime or cyberattacks that may affect Microsoft or Microsoft products; (5) improving core functionality of accessibility, data protection or energy efficiency; and (6) financial reporting and compliance with legal obligations.


    1.2 Purpose of processing and types of personal data

    Details on data processing by Microsoft can be found in Microsoft's explanations.


    1.3 Data transmission

    Please note the explanations on data protection from Microsoft.


    1.4 Data transfer to countries outside the EU

    Teams is a service provided by a provider from the USA. Personal data is therefore also processed in a third country. We have concluded an order processing agreement with Microsoft in accordance with Art. 28 GDPR. An adequate level of data protection is ensured by the conclusion of the so-called EU standard contractual clauses. If law enforcement authorities contact Microsoft with a request, Microsoft attempts, according to its own statement, to redirect the law enforcement authorities so that they request the personal data directly from us. If Microsoft is obliged to hand over personal data to law enforcement authorities, Microsoft will (also according to Microsoft's own statement) inform us immediately and provide us with a copy of the request, unless this is prohibited by law. For more information about the information Microsoft discloses in response to requests from law enforcement and other government agencies, please see Microsoft's Law Enforcement Requests Report.


    1.5 Duration for which personal data is stored / criteria for determining the duration

    You can find Microsoft's statement on the storage of personal data here.

     


    2. Special data protection information for telephone and video conferences via Zoom

    "Zoom" is a service of Zoom Video Communications, Inc., which is based in the USA. Further information from Zoom Video Communications, Inc. on data protection at Zoom can be found here.


    2.1 Own responsibility of Zoom Video Communications, Inc.

    If you access the Zoom Video Communications, Inc. website to use Zoom, Zoom Video Communications, Inc. is responsible for data processing. However, it is only necessary to access the website in order to download the software for using Zoom. You can also use Zoom if you enter the relevant meeting ID and any other access data for the meeting directly in the Zoom app. If you do not wish to use the Zoom app, the basic functions can also be used via a browser version.

    To the extent Zoom Video Communications, Inc. processes personal data in connection with its own legitimate business operations as described in the Privacy Policy, Zoom Video Communications, Inc. is an independent data controller for such processing. The relevant legal bases can be found in the aforementioned Privacy Policy.


    2.2 Purpose of processing and types of personal data

    Details on data processing by Zoom Video Communications, Inc. can be found in the privacy policy of Zoom Video Communications, Inc.


    2.3 Data transmission

    Please note the privacy policy of Zoom Video Communications, Inc.


    2.4 Data transfer to countries outside the EU

    "Zoom" is a service provided by a provider from the USA. Personal data is therefore also processed in a third country. We have concluded an order processing agreement with Zoom Video Communications, Inc. in accordance with Art. 28 GDPR. An adequate level of data protection is ensured by the conclusion of the so-called EU standard contractual clauses.


    2.5 Duration for which personal data is stored / criteria for determining the duration

    You can find the Zoom Video Communications, Inc. statement on data storage here.


    3. Special data protection information for telephone and video conferences via GoTo

    GoTo is a service of GoTo Technologies Ireland Unlimited Company, The Reflector, 10 Hanover Quay, Dublin 2, D02R573 ("GoTo"). Further information from GoTo on data protection at GoTo can be found here and in GoTo's data processing addendum.


    3.1 GoTo's own responsibility

    If you access the GoTo website to use GoTo, GoTo is responsible for data processing. However, it is only necessary to access the website in order to download the software for using GoTo. You can also use GoTo if you enter the relevant meeting ID and any other access data for the meeting directly in the GoTo app. If you do not wish to use the GoTo app, the basic functions can also be used via a browser version.


    3.2 Purpose of processing and types of personal data

    Details of GoTo's data processing can be found in GoTo's data processing addendum.


    3.3 Data transmission

    Please note the data processing addendum from GoTo.


    3.4 Data transfer to countries outside the EU

    GoTo is a service provided by a provider from the USA, but the contractual partner is a company in Ireland. Personal data is also processed in a third country in connection with the areas of cloud-based integrated communication and collaboration, identity and access and/or customer loyalty and support. An adequate level of data protection is ensured by the conclusion of the so-called EU standard contractual clauses.