Processing framework

– Categories of personal data processed
o Unsolicited applicants: master data (e.g. CV content, contact, family circumstances, health, knowledge, skills)
o Employees: master data (e.g.CV content, contact, family circumstances, health, knowledge, skills), contract and billing data, log data of IT systems (e.g. firewall, server logs), personal image/video data on company presentations
o Customers: Contract data, master data, billing data, services ordered.
o Interested parties; Contact data, transmitted content data
o Suppliers: Contract data, contact data, transmitted content data
o Participants in a video conference (e.g.
“MS teams”): first name, last name, e-mail address, subject
if applicable, participant IP addresses, MP4 files of the video, audio, and presentation recordings (in

the case of optional recordings), information on the incoming and outgoing call number (in the case of telephone dial-in), contents of chat histories.

Data protection information according to Art. 12-19, 21 GDPR towards data subjects

-Purposes for which the personal data are to be processed

o Unsolicited applicants: examinations of the application

o Employees: processing of all necessary and required measures in an employment relationship, ensuring that operations are as trouble-free as possible, marketing (image/video data on website and/or other online platforms, employee motivation when introducing new employees on e.g. “notice board”)

o Customers: Contract fulfillment

o Interested parties: Information exchange

o Suppliers: Services, orders

o Participants in a video conference (e.g.

“MS teams”): online meetings, telephone conferences, video conferences.

– Legal basis of processing according to Art. 6 para. 1

(Depending on the data processing, not every legal basis applies).

o Unsolicited applicants: performance of a contract or for the implementation of pre-contractual measures, consent to processing where applicable.

o Employees: fulfillment of a contract or for the implementation of pre-contractual measures,

consent to processing where applicable, fulfillment of a legal obligation, protection of legitimate interests.

o Customers: Fulfilment of a contract or to carry out pre-contractual measures, fulfillment of a legal obligation, protection of legitimate interests.

o Interested parties:  of a contractor to carry out pre-contractual measures, safeguarding legitimate interests.

o Suppliers: Fulfilment of a contract or to carry out pre-contractual measures, fulfillment of a legal obligation.

o Participants in a video conference (e.g. “MS teams ): safeguarding legitimate interests, consent to processing.

-Duration for which the personal data are stored (depending on the purpose and target group) -Duration of the contract, legal time limits, withdrawal of consent (if necessary), objection to data

Data protection information according to Art. 12-19, 21 GDPR towards data subjects

processing, duration of online meeting.
– There is no automated decision-making including profiling according to Art. 22 (1) and (4) GDPR. Disclosure, source, and foreign reference
– Recipients or categories of recipients of the personal data (depending on the target group)
o Basic recipients: tax advisors, internal use (e.g. HR, IT), authorities, banks, insurance companies
o Own employees: for image data (provider, marketing agency, photographer)
o Customers and employees of customers: Subcontractors and cooperation partners (if contractually regulated or clarified).
o Participants of a videoconference: participants, providers
– Source of collection: directly / by client

Data processing outside the European Union

Data processing outside the European Union (EU) does not take place as a matter of principle, as we have restricted our primary storage location to data centers in the European Union. However, we cannot rule out the possibility that the routing of data from some applications takes place via internet servers that are located outside the EU. This can be the case in particular if, for example, participants in “online meetings” are located in a third country.

There is also the risk that, due to US jurisdiction, US authorities may view and process your data for control or monitoring purposes. This may also occur without any further legal remedy.
However, the data is encrypted during transport via the internet and thus protected against unauthorized access by third parties.

This may apply to the following applications: MS Teams.

Participation in an online meeting (e.g. MS-Teams)

Participation in such an event is voluntary. By registering, you consent to data processing (including US data transfer). You can decide at any time whether you would like to transmit images and/or sound of yourself during the event. If and to the extent that one actively decides to do so, this consent also includes that special categories of personal data (e.g. wearers of glasses, stiff limbs, Data protection information according to Art. 12-19, 21 GDPR towards data subjects speech impediments, wearers of religious symbols) may be transmitted and processed. Participation also implies consent to a possible recording and, if applicable, dissemination of the event. Both will be communicated in advance.

Legal basis of data processing in the context of an online meeting:

– Insofar as personal data of employees of the company are processed, Section 26 BDSG is the legal basis for data processing.

– If, in connection with the use of the video conferencing software, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component of the use of the video conferencing software, the legal basis for data processing is Art. 6 (1) f) DSGVO. In these cases, our interest is in the effective implementation of “online meetings”.

– Otherwise, the legal basis for data processing when conducting “online meetings” is Art. 6 para. 1 lit. b) DSGVO, insofar as the meetings are conducted in the context of contractual relationships.

– If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f) DSGVO. Here, too, our interest is in the effective conduct of “online meetings”.

Data subject rights

– Under Art. 7 Para. 3 GDPR, you have the right to revoke your consent at any time. The consequence is that we may no longer continue the data processing based on this consent in the future;

– You have the right to request information about your personal data processed by us under Art. 15 GDPR.

According to Art.16 GDPR, you have the right to request the correction of inaccurate or incomplete personal data stored by us without undue delay

– You have the right to request the deletion of your personal data stored by us under

Art. 17 GDPR, provided that there are no other reasons, such as the fulfillment of a legal obligation or the defense of legal claims, to the contrary.

– You have the right to request the restriction of the processing of your personal data under Art. 18 GDPR.

If your personal data are processed based on Art. 7. Para.3 of the GDPR, you have the right to object to the processing of your data under Art.3 21 of the GDPR, provided that there are grounds for doing so that arise from your particular situation.

Data protection information according to Art. 12-19, 21 GDPR towards data subjects

– The controller shall notify all recipients to whom personal data have been disclosed of any rectification or erasure of the personal data or restriction of processing under Article 19 of the GDPR.

– You have the right under Article 20 of the GDPR to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format or to request that it be transferred to another controller.

– You have the right, according to Article 22, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

– You have the right to complain to a supervisory authority according to Art. 77 GDPR.
Supervisory authority Schleswig-Holstein
P.0. Box 7116, 24171 Kiel, Holstenstraße98, 24103 Kiel, phone: 04 31/988-12 00, fax: 04 31/988-12 23, e-mail: mail@datenschutzzentrum.de, homepage: http://www.datenschutzzentrum.de Supervisory authorities of all federal states: https://www.bfdi.bund.de/DE/lnfothek/Anschriften_Links/anschriften_links-node.html

Processing framework

– Categories of personal data processed
o Unsolicited applicants: master data (e.g. CV content, contact, family circumstances, health, knowledge, skills)
o Employees: master data (e.g.CV content, contact, family circumstances, health, knowledge, skills), contract and billing data, log data of IT systems (e.g. firewall, server logs), personal image/video data on company presentations
o Customers: Contract data, master data, billing data, services ordered.
o Interested parties; Contact data, transmitted content data
o Suppliers: Contract data, contact data, transmitted content data
o Participants in a video conference (e.g.
“MS teams”): first name, last name, e-mail address, subject
if applicable, participant IP addresses, MP4 files of the video, audio, and presentation recordings (in

the case of optional recordings), information on the incoming and outgoing call number (in the case of telephone dial-in), contents of chat histories.

Data protection information according to Art. 12-19, 21 GDPR towards data subjects

-Purposes for which the personal data are to be processed

o Unsolicited applicants: examinations of the application

o Employees: processing of all necessary and required measures in an employment relationship, ensuring that operations are as trouble-free as possible, marketing (image/video data on website and/or other online platforms, employee motivation when introducing new employees on e.g. “notice board”)

o Customers: Contract fulfillment

o Interested parties: Information exchange

o Suppliers: Services, orders

o Participants in a video conference (e.g.

“MS teams”): online meetings, telephone conferences, video conferences.

– Legal basis of processing according to Art. 6 para. 1

(Depending on the data processing, not every legal basis applies).

o Unsolicited applicants: performance of a contract or for the implementation of pre-contractual measures, consent to processing where applicable.

o Employees: fulfillment of a contract or for the implementation of pre-contractual measures,

consent to processing where applicable, fulfillment of a legal obligation, protection of legitimate interests.

o Customers: Fulfilment of a contract or to carry out pre-contractual measures, fulfillment of a legal obligation, protection of legitimate interests.

o Interested parties:  of a contractor to carry out pre-contractual measures, safeguarding legitimate interests.

o Suppliers: Fulfilment of a contract or to carry out pre-contractual measures, fulfillment of a legal obligation.

o Participants in a video conference (e.g. “MS teams ): safeguarding legitimate interests, consent to processing.

-Duration for which the personal data are stored (depending on the purpose and target group) -Duration of the contract, legal time limits, withdrawal of consent (if necessary), objection to data

Data protection information according to Art. 12-19, 21 GDPR towards data subjects

processing, duration of online meeting.
– There is no automated decision-making including profiling according to Art. 22 (1) and (4) GDPR. Disclosure, source, and foreign reference
– Recipients or categories of recipients of the personal data (depending on the target group)
o Basic recipients: tax advisors, internal use (e.g. HR, IT), authorities, banks, insurance companies
o Own employees: for image data (provider, marketing agency, photographer)
o Customers and employees of customers: Subcontractors and cooperation partners (if contractually regulated or clarified).
o Participants of a videoconference: participants, providers
– Source of collection: directly / by client

Data processing outside the European Union

Data processing outside the European Union (EU) does not take place as a matter of principle, as we have restricted our primary storage location to data centers in the European Union. However, we cannot rule out the possibility that the routing of data from some applications takes place via internet servers that are located outside the EU. This can be the case in particular if, for example, participants in “online meetings” are located in a third country.

There is also the risk that, due to US jurisdiction, US authorities may view and process your data for control or monitoring purposes. This may also occur without any further legal remedy.
However, the data is encrypted during transport via the internet and thus protected against unauthorized access by third parties.

This may apply to the following applications: MS Teams.

Participation in an online meeting (e.g. MS-Teams)

Participation in such an event is voluntary. By registering, you consent to data processing (including US data transfer). You can decide at any time whether you would like to transmit images and/or sound of yourself during the event. If and to the extent that one actively decides to do so, this consent also includes that special categories of personal data (e.g. wearers of glasses, stiff limbs, Data protection information according to Art. 12-19, 21 GDPR towards data subjects speech impediments, wearers of religious symbols) may be transmitted and processed. Participation also implies consent to a possible recording and, if applicable, dissemination of the event. Both will be communicated in advance.

Legal basis of data processing in the context of an online meeting:

– Insofar as personal data of employees of the company are processed, Section 26 BDSG is the legal basis for data processing.

– If, in connection with the use of the video conferencing software, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component of the use of the video conferencing software, the legal basis for data processing is Art. 6 (1) f) DSGVO. In these cases, our interest is in the effective implementation of “online meetings”.

– Otherwise, the legal basis for data processing when conducting “online meetings” is Art. 6 para. 1 lit. b) DSGVO, insofar as the meetings are conducted in the context of contractual relationships.

– If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f) DSGVO. Here, too, our interest is in the effective conduct of “online meetings”.

Data subject rights

– Under Art. 7 Para. 3 GDPR, you have the right to revoke your consent at any time. The consequence is that we may no longer continue the data processing based on this consent in the future;

– You have the right to request information about your personal data processed by us under Art. 15 GDPR.

According to Art.16 GDPR, you have the right to request the correction of inaccurate or incomplete personal data stored by us without undue delay

– You have the right to request the deletion of your personal data stored by us under

Art. 17 GDPR, provided that there are no other reasons, such as the fulfillment of a legal obligation or the defense of legal claims, to the contrary.

– You have the right to request the restriction of the processing of your personal data under Art. 18 GDPR.

If your personal data are processed based on Art. 7. Para.3 of the GDPR, you have the right to object to the processing of your data under Art.3 21 of the GDPR, provided that there are grounds for doing so that arise from your particular situation.

Data protection information according to Art. 12-19, 21 GDPR towards data subjects

– The controller shall notify all recipients to whom personal data have been disclosed of any rectification or erasure of the personal data or restriction of processing under Article 19 of the GDPR.

– You have the right under Article 20 of the GDPR to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format or to request that it be transferred to another controller.

– You have the right, according to Article 22, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

– You have the right to complain to a supervisory authority according to Art. 77 GDPR.
Supervisory authority Schleswig-Holstein
P.0. Box 7116, 24171 Kiel, Holstenstraße98, 24103 Kiel, phone: 04 31/988-12 00, fax: 04 31/988-12 23, e-mail: mail@datenschutzzentrum.de, homepage: http://www.datenschutzzentrum.de Supervisory authorities of all federal states: https://www.bfdi.bund.de/DE/lnfothek/Anschriften_Links/anschriften_links-node.html

Processing framework

– Categories of personal data processed
o Unsolicited applicants: master data (e.g. CV content, contact, family circumstances, health, knowledge, skills)
o Employees: master data (e.g.CV content, contact, family circumstances, health, knowledge, skills), contract and billing data, log data of IT systems (e.g. firewall, server logs), personal image/video data on company presentations
o Customers: Contract data, master data, billing data, services ordered.
o Interested parties; Contact data, transmitted content data
o Suppliers: Contract data, contact data, transmitted content data
o Participants in a video conference (e.g.
“MS teams”): first name, last name, e-mail address, subject
if applicable, participant IP addresses, MP4 files of the video, audio, and presentation recordings (in

the case of optional recordings), information on the incoming and outgoing call number (in the case of telephone dial-in), contents of chat histories.

Data protection information according to Art. 12-19, 21 GDPR towards data subjects

-Purposes for which the personal data are to be processed

o Unsolicited applicants: examinations of the application

o Employees: processing of all necessary and required measures in an employment relationship, ensuring that operations are as trouble-free as possible, marketing (image/video data on website and/or other online platforms, employee motivation when introducing new employees on e.g. “notice board”)

o Customers: Contract fulfillment

o Interested parties: Information exchange

o Suppliers: Services, orders

o Participants in a video conference (e.g.

“MS teams”): online meetings, telephone conferences, video conferences.

– Legal basis of processing according to Art. 6 para. 1

(Depending on the data processing, not every legal basis applies).

o Unsolicited applicants: performance of a contract or for the implementation of pre-contractual measures, consent to processing where applicable.

o Employees: fulfillment of a contract or for the implementation of pre-contractual measures,

consent to processing where applicable, fulfillment of a legal obligation, protection of legitimate interests.

o Customers: Fulfilment of a contract or to carry out pre-contractual measures, fulfillment of a legal obligation, protection of legitimate interests.

o Interested parties:  of a contractor to carry out pre-contractual measures, safeguarding legitimate interests.

o Suppliers: Fulfilment of a contract or to carry out pre-contractual measures, fulfillment of a legal obligation.

o Participants in a video conference (e.g. “MS teams ): safeguarding legitimate interests, consent to processing.

-Duration for which the personal data are stored (depending on the purpose and target group) -Duration of the contract, legal time limits, withdrawal of consent (if necessary), objection to data

Data protection information according to Art. 12-19, 21 GDPR towards data subjects

processing, duration of online meeting.
– There is no automated decision-making including profiling according to Art. 22 (1) and (4) GDPR. Disclosure, source, and foreign reference
– Recipients or categories of recipients of the personal data (depending on the target group)
o Basic recipients: tax advisors, internal use (e.g. HR, IT), authorities, banks, insurance companies
o Own employees: for image data (provider, marketing agency, photographer)
o Customers and employees of customers: Subcontractors and cooperation partners (if contractually regulated or clarified).
o Participants of a videoconference: participants, providers
– Source of collection: directly / by client

Data processing outside the European Union

Data processing outside the European Union (EU) does not take place as a matter of principle, as we have restricted our primary storage location to data centers in the European Union. However, we cannot rule out the possibility that the routing of data from some applications takes place via internet servers that are located outside the EU. This can be the case in particular if, for example, participants in “online meetings” are located in a third country.

There is also the risk that, due to US jurisdiction, US authorities may view and process your data for control or monitoring purposes. This may also occur without any further legal remedy.
However, the data is encrypted during transport via the internet and thus protected against unauthorized access by third parties.

This may apply to the following applications: MS Teams.

Participation in an online meeting (e.g. MS-Teams)

Participation in such an event is voluntary. By registering, you consent to data processing (including US data transfer). You can decide at any time whether you would like to transmit images and/or sound of yourself during the event. If and to the extent that one actively decides to do so, this consent also includes that special categories of personal data (e.g. wearers of glasses, stiff limbs, Data protection information according to Art. 12-19, 21 GDPR towards data subjects speech impediments, wearers of religious symbols) may be transmitted and processed. Participation also implies consent to a possible recording and, if applicable, dissemination of the event. Both will be communicated in advance.

Legal basis of data processing in the context of an online meeting:

– Insofar as personal data of employees of the company are processed, Section 26 BDSG is the legal basis for data processing.

– If, in connection with the use of the video conferencing software, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component of the use of the video conferencing software, the legal basis for data processing is Art. 6 (1) f) DSGVO. In these cases, our interest is in the effective implementation of “online meetings”.

– Otherwise, the legal basis for data processing when conducting “online meetings” is Art. 6 para. 1 lit. b) DSGVO, insofar as the meetings are conducted in the context of contractual relationships.

– If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f) DSGVO. Here, too, our interest is in the effective conduct of “online meetings”.

Data subject rights

– Under Art. 7 Para. 3 GDPR, you have the right to revoke your consent at any time. The consequence is that we may no longer continue the data processing based on this consent in the future;

– You have the right to request information about your personal data processed by us under Art. 15 GDPR.

According to Art.16 GDPR, you have the right to request the correction of inaccurate or incomplete personal data stored by us without undue delay

– You have the right to request the deletion of your personal data stored by us under

Art. 17 GDPR, provided that there are no other reasons, such as the fulfillment of a legal obligation or the defense of legal claims, to the contrary.

– You have the right to request the restriction of the processing of your personal data under Art. 18 GDPR.

If your personal data are processed based on Art. 7. Para.3 of the GDPR, you have the right to object to the processing of your data under Art.3 21 of the GDPR, provided that there are grounds for doing so that arise from your particular situation.

Data protection information according to Art. 12-19, 21 GDPR towards data subjects

– The controller shall notify all recipients to whom personal data have been disclosed of any rectification or erasure of the personal data or restriction of processing under Article 19 of the GDPR.

– You have the right under Article 20 of the GDPR to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format or to request that it be transferred to another controller.

– You have the right, according to Article 22, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

– You have the right to complain to a supervisory authority according to Art. 77 GDPR.
Supervisory authority Schleswig-Holstein
P.0. Box 7116, 24171 Kiel, Holstenstraße98, 24103 Kiel, phone: 04 31/988-12 00, fax: 04 31/988-12 23, e-mail: mail@datenschutzzentrum.de, homepage: http://www.datenschutzzentrum.de Supervisory authorities of all federal states: https://www.bfdi.bund.de/DE/lnfothek/Anschriften_Links/anschriften_links-node.html