We support women and girls in war and crisis zones
Search

Data protection

Here you will find information about us as data controller, rights of users and data subjects, data processing & implemented technologies.

Personal data (hereinafter referred to as “data”) are processed by us only as necessary and for the purpose of providing a functional and user-friendly website, including its contents and the services it offers.

Pursuant to Art. 4 (1) of Regulation (EU) 2016/679, i.e. the European Union General Data Protection Regulation (hereinafter referred to as “EU GDPR”), “processing” shall mean any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.

By making the following Data Protection Declaration, we are informing you in particular about the type, scope, purpose, duration and legal basis of the processing of personal data, insofar as we decide either ourselves or jointly with third parties on the purposes and means of the processing. In addition, we are informing you in the following declaration about the third-party components we use for optimisation purposes and to increase the quality of user experience, insofar as this involves third parties assuming responsibility for processing data.

I. Information about us as the responsible party

The responsible part for this internet presence according to German data protection legislation is:
medica mondiale e.V.
Hülchrather Str. 4
50670 Cologne, Germany
Tel.: + 49 (0) 221 - 93 18 98 0
Fax: + 49 (0) 221 - 93 18 98 1
E-mail: info@medicamondiale.org

Data Protection Officer at medica mondiale is:
Simone Hemken
IST planbar GmbH
E-mail: simone.hemken@istplanbar.de
http://www.istplanbar.de

medica mondiale uses the data (e.g. name, address, e-mail, account details) provided by you in the contact form, in donor service forms, in the donations form and within the newsletter registration (for the latter, you will find more detailed information under point IV.) solely for the purpose of performing our services. We take the protection of your data very seriously.

  • Your personal data is stored by medica mondiale e.V. At any time you can send a letter or an e-mail to withdraw your permission for us to store your data.
  • The data is stored in electronic form in a database at medica mondiale e.V.
  • medica mondiale e.V. accesses a user’s stored personal data only for the purposes indicated by the user.
  • Only authorised staff of medica mondiale e.V. and its service providers have access to this data.
  • medica mondiale e.V. records for statistical purposes the frequency of access to its own websites and the browser versions used by site visitors.
  • All data entered in the input mask in forms available on the website, which can be used for electronic contact, are transmitted to the website operator in encrypted form and stored.
  • The data is kept for up to 30 days after processing and then deleted from the database. To ensure regular and, above all, automated deletion, a cron job is set up that checks the database status once a day and triggers the deletion process.
  • The legal basis for the processing of data is Art. 6 (1) (a) EU-GDPR if the user has given his or her consent. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) (f) EU-GDPR.

II. Rights of users and data subjects

You can receive information free of charge at any time, without giving reasons, about your data stored with us. Under certain conditions, you can have your data stored with us blocked, corrected or deleted.

You also have the right to the release of your data in a structured, common and machine-readable format. Format. You can also withdraw your consent to data collection and processing at any time without giving reasons. To do so, please contact us at the address given above. When withdrawing consent, please take into account the fact that the lawfulness of the processing of your data prior to the withdrawal remains unaffected. You also have the right to complain to the competent supervisory authority, if you are of the opinion that your personal data is not lawfully processed.

The competent authority is the NRW State Data Protection Commissioner:
State Commissioner for Data Protection and Freedom of Information
North Rhine-Westphalia
Postfach 20 04 44
40102 Düsseldorf

III. Information on data processing

Security advice

All data entered by users is transmitted via an encrypted connection (AES, 256bit) as standard. The URL of an encrypted page always begins with “https:”. Therefore we expressly recommend you to use a browser capable of sending data via this type of secured connection. We make considerable organisational and technical effort to ensure that the storage of your personal data is carried out in such a way that makes it impossible for third parties to access this data. For communication by e-mail, we cannot guarantee complete data security, so we recommend using conventional mail for confidential information.

Liability

The contents of our website have been compiled with great care. Nonetheless, we cannot accept any liability for the up-to-dateness, correctness or completeness of the information contained therein. As a “service provider” within the meaning of the relevant laws, medica mondiale is responsible for its own contents within the pages of its website. However, service providers are not required to monitor the information transmitted or stored by them or to search for circumstances indicating an illegal activity. This does not affect any obligations to remove or disable access to information under general legislation. Any liability in this regard, however, shall only be applicable after the point in time when the service provider obtains knowledge of an actual breach of the law. Once knowledge of relevant breaches of the law is obtained, the affected contents shall be removed expeditiously.

Hyperlinks

Including URLs from medicamondiale.org in link lists is permitted and desired. However, please inform medica mondiale e.V. Additionally, our website includes links to external websites operated by third parties, where we have no influence on their contents. Therefore we cannot accept any liability for the contents of these external sites. The respective operator or service provider of those external provider is always responsible for those contents. Once knowledge of relevant breaches of the law is obtained, we will remove the relevant hyperlinks expeditiously.

Copyright

medica mondiale respects the copyrights of others. The contents and works on these pages created by the site operators are subject to German copyright law. medica mondiale e.V. permits the quotation and citing of text, provided that medica mondiale e.V. is named as the copyright holder and the quoted text is linked. Entire articles may not be published elsewhere without consultation. The adoption and use of images requires the consent of medica mondiale e.V. or the respective copyright holder(s).

Your application to job advertisements and/or tender requests

We offer you the opportunity to apply to us for jobs or tenders publicised on www.medicamondiale.org.  For this purpose, we have set up the bewerbung@medicamondiale.org mailbox exclusively for applications, to which only a limited group of people has access and which is not recorded by our automatic archiving system. We kindly ask you to use this mailbox exclusively for applications sent by e-mail.

The legal basis for this processing is Section 26 (1) sentence 1 BDSG (German Data Protection Act) in conjunction with Art. 88 (5) EU-GDPR. We only process data of applicants for the purpose of and within the scope of the application procedure. This processing is carried out to fulfil our (pre-)contractual obligations within the meaning of Art. 6 (1) (f) EU-GDPR insofar as the data processing becomes necessary for us.

In the event of a successful application, data transmitted to us may be further processed (for the purposes of the employment relationship). Otherwise, the applicant's data will be deleted. The deletion takes place after a period of three to six months: this enables us to answer any follow-up questions within the framework of a proper application procedure. This also enables us to fulfil our obligations to provide evidence under the the General Equal Treatment Act. The applicant's data will also be deleted if an application is withdrawn - applicants are entitled to do this at any time.

Insofar as special categories of personal data within the meaning of Art. 9 (1) EU-GDPR are communicated or requested within the scope of the application procedure, these data are also processed in accordance with Art. 9 (2) (b) EU-GDPR or 9 (2) (a) EU-GDPR. If you expressly consent to your data being stored for a longer period of time, e.g. for your inclusion in a database of applicants or interested parties, the data will be processed on the basis of your consent. The legal basis is then Art. 6 (1) (a) EU-GDPR. However, you can of course revoke your consent at any time in accordance with Art. 7 (3) EU-GDPR by making a declaration to us with effect for the future.

Use of your email address for advertising purposes

As a donor, you will receive regular updates about our project work or about similar fundraising campaigns from us by email. We will use the email address you provided as part of your donation to advertise fundraising campaigns similar to the one you have already donated to. We also use your first name and surname and the title you have given us. The processing of your personal data for this purpose is based on our legitimate interest in making direct advertising to existing customers (legal basis: Art. 6 (1) (f) EU-GDPR.

You may object to this advertising at any time by notifying medica mondiale e.V. in writing at Hülchrather Str. 4, 50670 Cologne, Germany, following the link provided at the bottom of the emails, or by e-mail via info@medicamondiale.org. We will process your personal data for this purpose for as long as you indicate an interest in our work (up to a maximum of two years after your last contact with us) or until you object to receiving our emails.

Storage Period

The data will be stored by medica mondiale for as long as it is needed for the purposes for which it was collected. If the data is no longer required, it will be deleted, unless legal and contractual storage obligations prevent deletion. For example, we store data for six to ten years in accordance with the relevant regulations of the German Fiscal Code (Abgabenordnung) or German Commercial Code (Handelsgesetzbuch). In individual cases, longer storage periods may be required by funding bodies. Furthermore, we store your data within the framework of the statutory limitation periods as long as claims can still be asserted against us.

IV. Technologies used

Google AdWords with Conversion Tracking

Our website uses Google AdWords and conversion tracking. This is a service provided for the European economic area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: Google). We use conversion tracking to provide targeted promotion of our site.
The legal basis is Art. 6 (1) (f) EU-GDPR. Our legitimate interest lies in the analysis, optimization, and economic operation of our site. If you click on an ad placed by Google, the conversion tracking we use stores a cookie on your device. These so-called conversion cookies expire after 30 days and do not otherwise identify you personally.
If the cookie is still valid and you visit a specific page of our website, both we and Google can evaluate that you clicked on one of our ads placed on Google and that you were then forwarded to our website. The data collected in this way is in turn used by Google to provide us with an evaluation of visits to our website and what visitors do once there. In addition, we receive information about the number of users who clicked on our advertisement(s) as well as about the pages on our site that are subsequently visited. Neither we nor third parties who also use Google AdWords will be able to identify you from this conversion tracking.
You can also prevent or restrict the installation of cookies by making the appropriate settings in your browser. Likewise, you can use the browser at any time to delete cookies that have already been stored. However, the steps and measures required vary, depending on the specific browser you use. If you have any questions, please use the help function or consult the documentation for your browser or contact its maker for support.
In addition, Google provides further information with regard to its data protection practices at
https://services.google.com/sitestats/de.html
http://www.google.com/policies/technologies/ads/
http://www.google.de/policies/privacy/ ,
in particular information on how you can prevent the use of your data.

Source: Model Data Protection Statement for Anwaltskanzlei Weiß & Partner

Social media links via graphics or text hyperlinks

We also integrate the following social media sites into our website. The integration takes place via a linked graphic from that specific site. The use of this linked graphic prevents the automatic establishment of a connection to the respective server of the social network when a website with a social media application is called up in order to display a graphic of the respective network itself. Only by clicking on the corresponding graphic will you be forwarded to the service of the respective social network.
Once you click, that network may record information about you and your visit to our site. It cannot be ruled out that such data will be processed in the United States. Initially, this data includes such things as your IP address, the date and time of your visit, and the page visited. If you are logged into your user account on that network, however, the network operator might match the information collected about your visit to our site to your personal account. If you interact by clicking Like, Share, etc., this information can be stored in your personal user account and possibly posted on the respective network. To prevent this, you need to log out of your social media account before clicking on the graphic. The various social media networks also offer settings that you can configure accordingly. The legal basis is Art. 6 (1) (f) EU-GDPR. Our legitimate interest lies in quality improvement for our site.
The following social networks are integrated into our website by this type of linking:

facebook
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Meta Platforms Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA. Data Protection Declaration https://www.facebook.com/policy.php

twitter
Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA Data Protection Declaration https://twitter.com/privacy


YouTube
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA Data Protection Declaration https://policies.google.com/privacy

Instagram
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Meta Platforms Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA. Data Protection Declaration https://help.instagram.com/519522125107875

Source: Model Data Protection Statement for Anwaltskanzlei Weiß & Partner

Newsletter

1. Type and scope of data processing

In our newsletter we inform you about our offers at regular intervals. To receive our newsletter, you need a valid e-mail address. Any further information you provide is voluntary and will be used to address you personally and to personalise the content of the newsletter. The legal basis for the data processing is Art. 6 (1) (a) EU-GDPR. By subscribing to the newsletter, you consent to us measuring click response and opening behaviour in a pseudonymised manner in order to be able to optimally tailor the newsletter to the needs of our readers. In order to ensure that our newsletter is sent in a manner that protects your data, we use a double opt-in procedure, i.e. we only send you our newsletter when you confirm your subscription (first opt-in) by then clicking on a link in an e-mail we send to the address you entered (second opt-in).  In this way, we can ensure that only you can register for the newsletter with your e-mail address. This confirmation of your subscription has to take place within a short time after receipt of the confirmation e-mail, otherwise the subscription will be automatically deleted. When you subscribe to our newsletter, we will save your IP address and the date and time of your subscription. This serves as a safeguard for us in the event that a third party misuses your e-mail address and subscribes to our newsletter without your knowledge. In addition, we are legally obliged to prove and document that we obtained your consent. The legal basis here is Art. 6 (1)  (c) EU-GDPR. No matching or comparison takes place of the data collected in this way with any data collected by other components of our site. 

2. Storage period

Your e-mail address will be stored for as long as you subscribe to the newsletter. After unsubscribing from the newsletter, your email address will be deleted. Further storage may take place in individual cases if this is required by law.

3. Newsletter-Dienstleister

For the sending of our newsletter, we use the service “CleverReach” provided by CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany. The company CleverReach GmbH & Co. KG is obliged by the terms of our contract with them to comply with data protection laws and may only use personal data for the agreed purpose of sending the newsletter. A contract for commissioned data processing is in place. Using the CleverReach service enables us to organise and analyse our newsletter distribution. The data you enter for the purpose of receiving newsletters (e.g. email address) is stored on CleverReach’s servers in Germany or Ireland. More information about data protection at CleverReach can be found here:
https://www.cleverreach.com/de/datenschutz/ or here
https://www.cleverreach.com/de/funktionen/datenschutz-sicherheit/

 

Online donations via the Fundraising Box

The provider for our Donation Form is “Fundraising Box” by Wikando GmbH, Schießgrabenstr. 32, 86150 Augsburg, Germany. The company Wikando GmbH is contractually obliged to comply with data protection legislation and is therefore permitted to use your data only for the agreed purpose of processing your donation in the required manner. If you donate online, your personal data is transmitted to us via a connection secured by SSL. We will forward your payment-related data via an encrypted pathway to the payment service provider (see below). Our donation form collects the following data: first name, family name, company name (for company donations), address (for donation receipts), e-mail address (for contacting you and confirming the donation - transaction-dependent contact), and possibly other data needed to pass on to the payment service provider (see below) in order to process your donation. Further information can be found in the data protection provisions of Fundraising Box at: https://www.fundraisingbox.com/datenschutz/
Further information can be found here: https://www.fundraisingbox.com/datensicherheit/

In accordance with Article 6 (1) (b) EU-GDPR we store your personal data to process donations and in accordance with Article 6 (1) (f) EU-GDPR (legitimate interests) to seek further donations. With reference to fundraising, you can object to this data processing at any time.

The following payment service providers are integrated:

Payment service providers

PayPal

You can make a donation to us via the payment service provider PayPal. If you choose PayPal as your payment option then, in order to process the donation, your payment-related data will be passed on to PayPal Europe S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, Luxembourg.
This passing on of your data takes place in accordance with Article 6 (1) (a) EU-GDPR (consent) and in accordance with Article 6 (1) (b) EU-GDPR (performance of a contract). Only the data required for payment processing will be passed on. Generally the data processed in these cases comprises: first name, family name, address, e-mail address, IP address, telephone number (landline and/or mobile), and possibly other data needed to process your payment.
The purposes of passing on this data are to process the payment and to prevent fraud. In accordance with Article 6 (1) (f) EU-GDPR (legitimate interests), PayPal is entitled to pass on your personal data to observe legitimate interests, in this case to carry out an identity and/or creditworthiness check. For the fulfilment of contractual obligations or in cases of commissioned data processing, PayPal may pass on your personal data to a sub-contractor or further contractual partner. Of course, you have the right at any time to object to the processing of your personal data by PayPal. Any objection will not affect the data necessary for processing the payment or any data processing that took place prior to the objection.

Further information can be found in the data protection provisions of PayPal at:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

 

Klarna

You can make a donation to us via the payment service Sofort provided by Klarna GmbH, Theresienhöhe 12, 80339 Munich, Germany. If you choose this payment option then, in order to process the donation, your payment-related data will be passed on to Klarna. This passing on of your data takes place in accordance with Article 6 (1) (a) EU-GDPR (consent) and in accordance with Article 6 (1) (b) EU-GDPR (performance of a contract).
Generally the data processed in these cases comprises: first name, family name, address, telephone number (landline and/or mobile), e-mail address, IP address, and possibly other data needed to process your payment. Your identity cannot be determined and deception cannot be avoided without passing on this data.
In accordance with Article 6 (1) (f) EU-GDPR (legitimate interests), Klarna is entitled to pass on your personal data to observe legitimate interests, in this case to carry out an identity and/or creditworthiness check. For the fulfilment of contractual obligations or in cases of commissioned data processing, Klarna may pass on your personal data to a sub-contractor or further contractual partner.
You may withdraw at any time your consent to data processing by Klarna. This withdrawal of consent does not affect any cases of data processing which were carried out prior to the withdrawal.

Further information can be found in the data protection provisions of Klarna at:
https://www.klarna.com/sofort/datenschutz/

 

Stripe

You can make a donation to us by credit card. If you choose this payment option then, in order to process the donation, your payment-related data will be passed on to Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. This passing on of your data takes place in accordance with Article 6 (1) (a) EU-GDPR (consent) and in accordance with Article 6 (1) (b) EU-GDPR (performance of a contract).
Generally the data processed in these cases comprises: first name, family name, address, telephone number (landline and/or mobile), e-mail address, IP address, credit card details (issuer, card number, card security code (CSC), expiry date), and possibly other data needed to process your payment.
In accordance with Article 6 (1) (f) EU-GDPR (legitimate interests), Stripe is entitled to pass on your personal data to observe legitimate interests, in this case to carry out an identity and/or creditworthiness check. For the fulfilment of contractual obligations or in cases of commissioned data processing, Stripe may pass on your personal data to a sub-contractor or further contractual partner.
You may withdraw at any time your consent to data processing by Stripe. This withdrawal of consent does not affect any cases of data processing which were carried out in the past.

Further information can be found in the data protection provisions of Stripe at:
https://stripe.com/de/privacy#translation

 

Participation in virtual meetings (video conferences)

medica mondiale e.V. organises web-based meetings for the virtualisation of board, employee or supporter meetings or online training seminars. These involve the voice of the participants being transmitted via microphone and, where selected, their image being transmitted via webcam to all other participants (hereinafter referred to as “video conferences”).
For this purpose, medica mondiale e.V. uses service providers who make their software and, if applicable, their equipment available to medica mondiale e.V. (henceforth: video conferencing systems). medica mondiale e.V. has agreed on commissioned data processing with these service providers in accordance with Art. 28 EU-GDPR.

a) Processing of data in order to conduct video conferences by medica mondiale e.V.

In order to hold “video conferences”, we need to process different types of data. The total volume of data processed in the context of video conferences depends on the functional scope of the video conferencing systems provided by the video conferencing service provider. It also depends on the data provided by the respective user before, during and after participation in a video conference. The following personal data is generally the subject of data processing when conducting video conferences:

  1. Information about the user such as: display name, online status (optional), status messages, profile picture (optional), e-mail address (if applicable), preferred language.
  2. Meeting metadata, such as: date, time, duration, meeting ID, phone number if applicable, and location.
  3. Text, audio, video and other multimedia data. For the display of video signals as well as the playback of audio signals and multimedia files, data from the microphone, a webcam/video camera, and/or a screen display of your terminal device (using the screen/content sharing function) is processed during the meeting. The latter is typically necessary when you give a presentation and share slides for the others to look at. Data transmission from the camera and microphone can be switched on and off independently at any time and by any user. The screen/content sharing function must be actively selected by the user and can also be stopped at any time.

In a video conference, you also have the option of using the chat function of “Microsoft Teams” or “Zoom” alongside the audio/video. In this respect, the text entries you make, the sharing of links or content, and social interactions (such as emoticons, pictograms, like buttons for comments or the sending of GIFs - Graphics Interchange Format) are all processed in order to display them to the participants in video conferences.

b) Legal basis for data processing

The legal basis differs depending on whether members, non-members or employees of medica mondiale e.V. participate in the video conference hosted by medica mondiale e.V.:
Insofar as members of medica mondiale e.V. participate in virtual meetings (general meetings, board meetings, etc.), the legal basis for the data processing is Art. 6 (1) (b) EU-GDPR, as the processing of personal data of members is “for the purpose of servicing the membership” in medica mondiale e.V.
If third parties (non-members) participate in virtual meetings of medica mondiale e.V., then Art. 6 (1) (f) EU-GDPR or your consent pursuant to Art. 6 (1) (a) EU-GDPR forms the legal basis for the data processing when conducting “video conferences”. You declare your consent by jointly agreeing orally or in writing to hold a video conference or implicitly by participating in one.
If personal data of employees of medica mondiale is processed, then § 26 BDSG in conjunction with Art. 88 EU-GDPR forms the legal basis of the data processing for the establishment, implementation (operational organisation) and termination of the employment relationship.

c) Storage of the data

There will be no recording of video conferences. Should a recording be planned, then medica mondiale e.V. will transparently communicate this to all participants and - where necessary - obtain their prior consent. The content of chats is logged by Microsoft Corporation (hereinafter “Microsoft”) when using Microsoft Teams. Files shared by users via chats are stored in the OneDrive for Business account of the user who shared their file. Files shared by team members in a channel are stored on the SharePoint site of that team.

d) Recipients of the data

Personal data processed in connection with participation in video conferences are only passed on to our contracted data processors, i.e. the service providers who support us in carrying out the video conferences. Apart from this, data will only be passed on to third parties if medica mondiale e.V. is legally obliged to do so (e.g. by court order), or if the persons concerned have expressly consented to their data being passed on.

e) Data processing outside the European Union

For the use of the video conferencing software Microsoft Teams or Zoom, please also note the following information:
When calling up the Microsoft Teams website, Microsoft is responsible for data processing. Accessing this website (https://teams.microsoft.com) is only necessary for downloading the necessary software if it is not possible to use the service directly and without a download.

Microsoft Teams is a service of Microsoft Corporation:
Microsoft Corporation

One Microsoft Way
Redmond, WA 98052-6399
USA
https://teams.microsoft.com

“Zoom” is a service of Zoom Video Communications, Inc. which is based in the USA.
If you have any questions about data protection or comments in connection with data protection when using Zoom, please send an e-mail to privacy@zoom.us. You can also contact Zoom in writing at the following addresses:
Zoom Video Communications, Inc.
Attention: Data Privacy Officer
55 Almaden Blvd, Suite 600
San Jose, CA 95113, USA
Or to the representative in the EU or the UK:
Lionheart Squared Ltd
Attn: Data Privacy
2 Pembroke House
Upper Pembroke Street 28-32
Dublin
DO2 EK84
Republic of Ireland
E-Mail: zoom@LionheartSquared.eu
Lionheart Squared Limited
Attn: Data Privacy
17 Glasshouse Studios
Fryern Court Road
Fordingbridge
Hampshire
SP6 1QX
United Kingdom
Kontakt: zoom@LionheartSquared.co.uk
You can contact the Zoom Data Protection Officer by sending an email to privacy@zoom.us.

f) Necessary consent to the data protection and terms of use regarding “Microsoft” and “Microsoft Teams” or “Zoom”.

Notes specifically on Microsoft Teams:
The use of Microsoft Teams is subject to the terms of use and privacy policy of Microsoft, over which medica mondiale e.V. has no control. In order to use Microsoft Teams, you must accept the Microsoft Terms of Use and Privacy Policy, otherwise you will not be able to use Microsoft Teams.
Privacy Policy: https://www.microsoft.com/en-us/microsoft-365/microsoft-teams/download-app and https://privacy.microsoft.com/de-de/privacystatement
Terms of Use: https://www.microsoft.com/de-de/servicesagreement/
Other recipients: Microsoft Corporation as the provider of Microsoft Teams receives insight into the abovementioned data insofar as this is covered by the contract we have for processing the services of Microsoft Teams that we use. The contract we have for data processing with Microsoft Teams is based on EU standard contractual clauses and obliges Microsoft to comply with the legal requirements of the applicable data protection law.
Please refer to Microsoft’s privacy notice at: https://privacy.microsoft.com/de-de/privacystatement and specifically the section Online Services for Business; as well as https://www.microsoft.com/de-de/trust-center/privacy/customer-data-definitions and the Microsoft DPA, to be found at:https://www.microsoftvolumelicensing.com/Downloader.aspx?DocumentId=18030.

Notes specifically on “Zoom”
If you access the Zoom website, the provider of Zoom is responsible for data processing. However, accessing the website is only necessary for the use of Zoom to download the software for the use of Zoom. You can also use Zoom if you enter the respective meeting ID and any further access data for the meeting directly in the Zoom app. If you do not want to or cannot use the Zoom app, the basic functions can also be used via a browser version, which you can also find on the Zoom website. You can find the privacy policy of Zoom here: https://explore.zoom.us/de/privacy/

g) Data processing outside the European Union

We cannot technically completely rule out routing or storage on servers outside the European Union at the contracted data processors Microsoft or Zoom. A secure level of data protection is guaranteed by the conclusion of expanded EU standard data protection clauses as well as technical and organisational measures. Among other things, data is encrypted during transport via the Internet and generally protected from disclosure to third parties. With respect to personal data stored by Microsoft in the US and Europe that may be subject to government requests for information from authorities in the US, Microsoft warrants in a statement dated 20 July 2020 that such orders will be challenged in court that would allow access to personal data. In addition, as part of a legal settlement, Microsoft has acquired the right to disclose transparent reports on the number of US national security orders issued to Microsoft, and new policies have also been introduced within the US government that have restricted the use of non-disclosure orders (see https://news.microsoft.com/de-de/stellungnahme-zum-urteil-des-eugh-was-wir-unseren-kunden-zum-grenzueberschreitenden-datentransfer-bestaetigen-koennen/). The level of data protection is considered sufficient when measured against the anticipated content of the videoconferences, which generally do not contain any personal data apart from the names of the persons participating.

About the technologies implemented via the Consent Management service from Usercentrics