We would like to inform you below about the collection and processing of your data for conducting meetings/events (hereinafter referred to as ”events”) with Microsoft Teams by GDV and your rights in this regard.
The “controller” within the meaning of the General Data Protection Regulation (GDPR) is the German Insurance Association (Gesamtverband der Deutschen Versicherungswirtschaft e.V.), Wilhelmstraße 43 / 43G, 10117 Berlin („GDV“).
Data Protection Officer
If you have any questions about data protection at GDV, please do not hesitate to contact our data protection officer:
• By e-mail: firstname.lastname@example.org
• By post: at the above address
Purposes of data processing; legal bases
We process your personal data in compliance with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and all other relevant laws. We process your data for the following purposes:
For this purpose, we use products of Microsoft Ireland Ltd. (“Microsoft”) and concluded a data processing agreement (DPA) pursuant to Art. 28 GDPR with Microsoft. It cannot be ruled out that data will be transmitted to the Microsoft Corp. in the USA in this context. Microsoft may also conduct remote maintenance from other third countries. We concluded the EU-Commission’s standard data protection clauses with Microsoft Corp.
According to Microsoft, the Microsoft Corp. processes data about the use of Teams for its own business purposes as follows: billing and account management; compensation (e. g. calculation of employee commissions and partnership incentives); internal reporting and modelling (e. g. forecasting, revenue, capacity planning, product strategy); combating fraud, cybercrime or cyberattacks, which may affect Microsoft or Microsoft products; improving the core functionality with regard to accessibility, data protection or energy efficiency; and financial reporting and compliance with legal obligations (subject to the disclosure limitations described in the DPA). Microsoft only processes the data for the aforementioned purposes and explicitly not for user profiling, advertising or similar commercial purposes. With regard to the aforementioned commercial purposes Microsoft determines both, the means and the purposes of the data processing. Microsoft regards itself as the solely responsible entity for ensuring compliance with all applicable laws and the fulfilment of the obligations.
- Recording and streaming of the event on the internet: Events may be recorded and used for the GDV’s public relations. For this purpose, they may be live-streamed through YouTube, LinkedIn, Twitter and on our website GDV.de. If we intend to record and/or livestream an event, we will inform you accordingly in our invitation.
In these cases, the recording may remain watchable through YouTube, LinkedIn, Twitter and on our website GDV.de after completion of the event. The recordings can be accessed and stored worldwide on the internet when published in such a way. Further processing of the recordings can thus not be ruled out in general. Through the archive function of search machines, recordings may also remain accessible even though the data was already removed from the website of the GDV or the social media platforms.
Camera images of participants will only be visible during the livestream and in the recordings if it was announced in the invitation and the participants activate their cameras. Sound recordings (especially questions) may be audible during the livestream and in the recording. If you do not want others to hear you, we would ask you to pose questions during these events only through the chat and to deactivate your microphone.
The legal basis for the streaming and the publishing of the recording is Art. 6 (1) (f) GDPR. Streaming and recording only takes place if, by its nature, the event serves to generate publicity for the GDV’s concerns. In these cases, we have a legitimate interest in a contemporary “public reporting” and media work, which includes publication on the internet and on social media platforms.
For the streaming and the publication we use:
- YouTube, a service of the company YouTube, LLC 901 Cherry Ave, San Bruno, CA 94066, USA, represented by: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For further information about the data processing by Google please refer to Google’s data protection notice: https://policies.google.com/privacy?hl=en-US.
- Twitter, a service of Twitter Inc. represented by Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07 Ireland. For further information about the data processing by Twitter please refer to Twitter’s data protection notice: https://twitter.com/en/privacy.
- LinkedIn, a service of the LinkedIn Ireland Unlimited Company. For further information about the data processing by LinkedIn please refer to LinkedIn’s data protection notice: https://www.linkedin.com/legal/privacy-policy.
We also use the recordings internally for the optimization of public relations. Insofar, the legal basis for the processing is also our legitimate interest in our association’s public relations pursuant to Art. 6 (1) (f) GDPR.
Use of cameras and microphones
Camera images of participants are visible during the event if the camera is activated. Comments will be audible to all participants. If you do not want to be heard and/or seen, we would ask you to pose your questions solely through the Chat and to deactivate your camera. Chat messages can be read by all participants. We will not make the Chat history publicly accessible outside of the event.
Recipients or categories of recipients of personal data
Within GDV, only those persons and units (e.g. departments) will receive your personal data that need the data to fulfil their tasks with regard to the purposes mentioned above. In the course of our activities, the data will be transferred to participants of the event as intended. Moreover, we make use of external service providers. In particular, we transfer personal data to the following service providers:
- GDV Dienstleistungs-GmbH and other IT and hosting service providers for tasks of the individual departments of GDV
- telecommunications service providers
- service providers to support the organisation and execution of events, including service providers who provide us with technical support for the streaming or a recording
Data transfer to a third country
If we transfer personal data to service providers outside the European Economic Area (EEA), there is a possibility that the level of data protection in one of the countries does not meet European standards. As far as possible, the data will be transferred on the basis of the EU Commission’s adequacy decisions or standard data protection clauses. When using standard data protection clauses, we endeavour to implement additional measures to protect your data if necessary.
Duration of data storage
We delete your personal data as soon as they are no longer required for the above-mentioned purposes. It may occur that personal data will be stored for the period during which claims can be asserted against GDV (statutory limitation period of three or up to thirty years). In addition, we will store your personal data if we are legally obliged to do so. Corresponding documentation and storage obligations arise, inter alia, from the German Commercial Code and Tax Code. The storage periods in accordance therewith are up to ten years. If necessary, we will be pleased to provide you further information on the duration of data storage with respect to any specific purpose.
If we process your data to protect legitimate interests, you may object to such processing for reasons relating to your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
You can request information about the data stored by us at any time. Please contact the data protection officer at GDV by e-mail (email@example.com) or by post to the controller’s above address.
You may also request that your data be corrected or deleted under certain circumstances. As soon as you assert a claim for deletion or if the data are no longer necessary to fulfil the purpose for which they were stored or if the storage thereof is in-admissible for other legal reasons, we will delete the personal data you have stored. You may also have the right to restrict the processing of your data and to have the data you provide disclosed in a structured, common and machine-readable format.
You have the option to contact the aforementioned data protection officer or a data protection supervisory authority with a complaint. The data protection supervisory authority responsible for us is the Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin.