Information obligations under the General Data Protection Regulation (GDPR) towards participants of webinars, virtual meetings or conferences of Maag Germany GmbH pursuant to Art. 13 GDPR (collection of data from the data subject) and pursuant to Art. 14 GDPR (registration by third parties)
1. Designation of the processing activity
The data protection notice is provided in connection with your registration for a webinar, virtual session or conference to which Maag Germany GmbH invites you. Maag Germany GmbH uses several virtual conference systems. In order to conduct virtual webinars, sessions or conferences, you must register for them and enter a name. You do not have to enter your real name in the webinar software.
2. Name and contact details of the responsible person
Maag Germany GmbH
Phone 06026/503 0
3. Contact details of the official data protection officer
Dipl.- Ing. Jörg Hagen
4. Purposes and legal basis of processing
Your data is processed in order to accept your registration for our webinars, sessions or conferences and to organize, conduct and, if necessary, evaluate them for the purpose of quality assurance. Your data is processed on the basis of Art. 6 (1) (b) DSGVO – contract.
5. Recipients or categories of recipients of the personal data
Your personal data will be transferred to:
– Your data will only be transferred to third parties if we are legally obliged to do so or if you have consented in advance to the transfer of data.
– If applicable, service providers entrusted with the organization and implementation of a webinar, meeting or conference and their subcontractors.
– Transfer to third parties: legal obligation or consent.
– Processors: the service providers entrusted with the organization of a webinar, meeting or conference and their subcontractors.
6. Transfer of personal data to a third country
Depending on the service provider used, personal data may be transferred by us to a subcontractor of the processor located in a third country. The transfer is based on standard contractual clauses (SCC) and consent/data transfer to a third country according to Article 49 (1) lit. a DSGVO as appropriate safeguards.
8. Consent/data transfer to a third country according to Art. 49 para. 1 lit. a DSGVO
For this webinar, Maag Germany GmbH uses the “GoToWebinar” software of the company LogMeIn Inc. In the process, data is processed and used outside the EU. According to §49a DSGVO, a “transfer or set of transfers of personal data to a third country or to an international organization” is permissible if the “data subject has given his explicit consent to the proposed data transfer after having been informed of the potential risks to him of such data transfers without the existence of an adequacy decision and without appropriate safeguards.”
We inform about the possible risks of such data transfers existing for you as follows:
– To enable them to technically participate in the webinar, it is necessary to store data such as your IP number.
– For content-related participation in the webinar, it is necessary to record and display your participation activity (e.g. voting in surveys, your questions in the webinar, your presence in the webinar).
– For statistical purposes, statistics are generated showing your activity.
To ensure that the data collected in this manner is secure, LogMeIn inc takes various security measures to do so: In particular, LogMeIn inc is guided by the “C5 BSI Catalog of Requirements for Compliance in the Cloud Computing Sector” according to which comprehensible and transparent information is described on how to handle investigation requests from government agencies for access to or disclosure of cloud customer data. The cloud provider shall inform the cloud customer(s) concerned immediately upon receipt of an investigation request from a government agency, unless the applicable legal basis on which the government agency relies prohibits this or there are clear indications of unlawful acts in connection with the use of the cloud service.
9. Duration of storage of personal data
Participant data is processed for a specific purpose for the administration and organization of a webinar, session or conference and deleted as soon as the purpose for processing has ceased to exist. The data is deleted in compliance with the statutory retention periods, related to correspondence after six years, related to invoicing after ten years.
If participants give us their consent to the further use of data for marketing purposes or, for example, to obtain