Please note: We kindly ask you to check the data protection information regularly, as we may have to update it from time to time.

We would like to inform you below about the processing of personal data, in particular in connection with the use of Zoom.

Purpose of processing

We use Zoom to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: Online Meetings). Zoom is a service provided by Zoom Video Communications, Inc. based in the USA.

The photos are used exclusively for SPRIND's public relations work.

Name and contact details of the responsible persons:

Responsible for data processing is:

  • SPRIND GmbH, Lagerhofstr. 4, 04103 Leipzig Geschäftsführung: Berit Dannenberg und Rafael Laguna de la Vera E-Mail: INFO@SPRIND.ORG

Please note: - If you access the “Zoom” website, the provider of “Zoom” is responsible for data processing. However, accessing the website is only necessary for the use of “Zoom” in order to download the software for the use of “Zoom”. - You can also use “Zoom” if you enter the relevant meeting ID and any other access data for the meeting directly in the “Zoom” app. - If you do not want to or cannot use the “Zoom” app, the basic functions can also be used via a browser version, which you can also find on the “Zoom” website.


What data is processed when Zoom is used?

  1. Various types of data are processed when using Zoom. The scope of the data also depends on the data you provide before or when participating in an online meeting.
  2. The following personal data is subject to processing:

Please note: To take part in an “online meeting” or to enter the “meeting room”, you must at least enter your name.


User Details First-, last name, Mobile (optional), E-Mail-Address, if necessary, password (if Single-Sign-On is not used), Profil picture (optional), Department (optional)

Meeting meta data Subject, Description (optional), Participant-IP-Address, Device-/Hardware information

For recordings (optional): MP4-file of all video, audio and presentation recordings, text file of the online meeting chat

When dialing in with phone Information on the incoming and outgoing call number, country name, start and end time.

Text, audio and video data You have the option of using the chat, question or survey functions in an online meeting. In this respect, the text entries you make are processed in order to display them in the online meeting and, if necessary, to log them. In order to enable the display of video and the playback of audio, the data from the microphone of your end device and from any video camera of the end device will be processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the Zoom application.

Extent of processing

Automated decision-making within the meaning of Art. 22 GDPR is not used. We use Zoom to conduct online meetings. If we want to record online meetings, we will inform you of this transparently in advance and - if necessary - ask for your consent.

The fact of the recording will also be displayed in the Zoom app.

If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will not usually be the case.

In the case of webinars, we may also process the questions asked by webinar participants for the purposes of recording and following up webinars.

If you are registered with Zoom as a user, reports on online meetings (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) can be stored for up to 12 months at Zoom.

Legal basis of the processing

The processing of photographs, video and sound recordings (collection, storage and disclosure to third parties is carried out in accordance with Art. 6 para. 1 lit. a) GDPR on the basis of the express consent of the data subject(s). The publication of selected video, audio and image files on OpenCoDE is necessary for the transparency of the EUDI Wallet process in the interest of the public and thus also in the interest of the data subject(s) themselves. As the EUDI Wallet is intended to serve the public, SPRIND's interest in collecting data lies in the completion of the EUDI Wallet on the one hand and in the public's trust in using the EUDI Wallet on the other. The publication of the process is therefore necessary and thus serves to safeguard the legitimate interests of the parties involved, Art. 6 para. 1 letter f GDPR.

Insofar as personal data of employees of SPRIND GmbH - EUDI-Wallet is processed, Art. 6 para. 1 lit. b) GDPR is the legal basis for data processing. If, in connection with the use of Zoom, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component of the use of Zoom, Art. 6 para. 1 lit. f) GDPR is the legal basis for data processing. In these cases, our interest lies in the effective conduct of online meetings. Otherwise, the legal basis for data processing when conducting online meetings and taking photos is Art. 6 para. 1 lit. b) GDPR, insofar as the meetings are conducted in the context of contractual relationships or photos are taken.

Receiver / Transfer of Data

  1. Online Meetings

Personal data that is processed in connection with participation in online meetings is not passed on to third parties unless it is intended to be passed on. Please note that content from online meetings is often used to communicate information with interested parties or third parties and is therefore intended to be passed on.

The provider of Zoom necessarily receives knowledge of the above-mentioned data insofar as this is provided for in our order processing contract with Zoom.

  1. Photos

The photos will not be passed on to third parties. For public relations purposes, they are posted on the SPRIND homepage and used for other social media such as SPRIND's LinkedIn or Twitter-accounts.

Data processing outside the European UnionZoom is a service provided by a provider from the USA. Personal data is therefore also processed in a third country. We have concluded an order processing agreement with the provider of Zoom that meets the requirements of Art. 28 GDPR.

An adequate level of data protection is guaranteed on the one hand by the conclusion of the so-called EU standard contractual clauses. Furthermore, the provider of Zoom is certified in accordance with the EU-U.S. Data Privacy Framework (DPF).

Data protection officer

We have appointed a data protection officer. You can reach him as follows:

SPRIND GmbH (EUDI-Wallet), Data protection officer: datenschutz@sprind.org

Right of revocation of consent

Consent to the processing of photos, video and audio recordings can be revoked at any time for the future. This does not affect the lawfulness of the data processing carried out on the basis of the consent until its revocation.

Data subject rights

According to the GDPR, participants are entitled to the following rights:

a. If their personal data is processed, they have the right to receive information about the data stored about them. (Art. 15 GDPR). b. If incorrect personal data are processed, they have the right to rectification (Art. 16 DS-GVO). c. If the legal requirements are met, they may request the erasure or restriction of processing as well as object to processing (Art. 17, 18, 21 GDPR). d. If you have consented to data processing or if a contract for data processing exists and data processing is carried out with the help of automated procedures, you may have the right to data portability (Art 20 GDPR).

Please note: In case of a request for information that is not made in writing, we ask for your understanding that we may require proof of identity.


Should the participant make use of the aforementioned rights, the controller named above will check whether the legal requirements for this are met. There is also a right to file a complaint with the Federal Data Protection Commissioner.

Deletion of data

We generally delete personal data when there is no need for further storage. A requirement may exist in particular if the data is still needed to fulfill contractual services, to check and grant or defend against warranty and guarantee claims. In the case of statutory retention obligations, deletion will only be considered after the respective retention obligation has expired.

Send Email
LinkedIn
Instagram
Youtube
X (Twitter)
Newsletter
For the sign-up for the SPRIND newsletter our general privacy statement applies.
SprinD GmbH, Lagerhofstr. 4, 04103 Leipzig, info@sprind.org