Zeppelin Power Systems GmbH (hereinafter referred to as "ZPS") uses the tools "Microsoft Teams" and "Cisco Webex" for its online meetings and telephone conferences. We would therefore like to provide information about the processing of personal data within the framework of using "Microsoft Teams" and "Cisco Webex" (hereinafter collectively referred to as "Tools").
What are personal data?
Personal data refers to all information relating to an identified or identifiable natural person, Article 4 (1) GDPR. This includes information such as your name, address and phone number. Data which cannot be traced to you, such as statistical or anonymous data, are not personal data.
Purpose of the processing
We use the aforementioned Tools to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter referred to collectively as "Online Meetings").
The Controller for data processing directly associated with conducting of Online Meetings is ZPS. This is particularly the case if you receive a link to an Online Meeting from a ZPS employee and take part in an Online Meeting organized by ZPS via this link.
If you visit the Microsoft Teams or Cisco Webex websites, the operator of the website is responsible for the related data processing.
What data are processed?
Various types of data are processed when participating in our Online Meetings. The scope of the data depends on the information you provide before or during participation in an Online Meeting.
The following personal data are subject to processing:
User details: First name, surname, telephone number (optional), email address, password (if single sign-on is not used), profile picture (optional), and department (optional).
Meeting metadata: Topic, description (optional), meeting duration, participant IP addresses, and device/hardware information.
For recordings (only with the prior consent of all participants): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, and text file of the online meeting chat.
When dialing in by phone: Details of the incoming and outgoing phone number, country name, and start and end time. If necessary, additional connection data such as the IP address of the device may be saved.
Text, audio and video data: You have the option of using the chat, question or survey functions in an Online Meeting. If you do so, the text entries you have made are processed in order to display them in the Online Meeting and add them to the log if necessary. To enable video to be displayed and audio to be played back, the data from your end device microphone and video camera will be processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time using the appropriate buttons on the Tools.
To attend an Online Meeting or enter the "meeting room," you must, at a minimum, enter your name.
Scope of processing
We use the Tools to conduct Online Meetings. If we plan to record Online Meetings, we will inform you transparently in advance and, if necessary, ask for your consent. The fact that the meeting is being recorded is also displayed in the Tool.
If required for purposes of logging the results of an Online Meeting, the chat content may be recorded. However, you will be informed of this in advance.
In the case of webinars, the questions asked by webinar participants may also be processed for the purpose of recording and following up webinars.
If you are registered as a user in one of the Tools, reports about Online Meetings (meeting metadata, phone dial-in data, questions and answers in webinars, and survey function in webinars) may be stored by the respective provider.
Automated decision-making within the meaning of Article 22 GDPR is not used.
Legal basis for data processing
Insofar as personal data is processed by ZPS employees, Section 26 BDSG is the legal basis for data processing. Should personal data not be necessary for the establishment, implementation or termination of the employment relationship in connection with the use of the Tools, but nevertheless form an integral part of use of the Tools, then Article 6 Paragraph 1 (f) GDPR is the legal basis for data processing. ZPS has a legitimate interest in providing the technical means to effectively conduct Online Meetings.
In all other cases, the legal basis for data processing during implementation of Online Meetings is Article 6 Paragraph 1 (b) GDPR, insofar as the Online Meetings are carried out within the scope of contractual relationships.
If there is no contractual relationship, the legal basis is Article 6 Paragraph 1 (f) GDPR. In this case there is also a legitimate interest in providing the technical means to effectively conduct Online Meetings.
Recipients/forwarding of data
Personal data processed in connection with participation in Online Meetings is generally not passed on to third parties unless this disclosure is intended or you have consented to the transfer of your data. Content from Online Meetings may be intended for disclosure if the Online Meeting serves to communicate information with customers, interested parties or third parties and the personal data is thus intended for passing on.
In addition, we may be legally obliged to provide certain public authorities with information on request. These include law enforcement authorities, authorities which prosecute administrative offenses, and tax authorities.
Data may be disclosed e.g. to assert a claim, in the exercise or defense of legal claims, to investigate unlawful use of the Tools, or for prosecution of a claim (insofar as there are reasonable grounds to suspect unlawful or improper conduct). These data are disclosed on the basis of our legitimate interest in combating misuse, the prosecution of offenses, and the securing, assertion and enforcement of claims. The legal basis is Article 6 Paragraph 1 (f) GDPR.
The operators of the Tools need to receive the aforementioned personal data, insofar as this is required by the provider for use of the Tools.
Microsoft Teams is operated by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. You can find further information on data protection at https://privacy.microsoft.com/en-us/PrivacyStatement.
The operator of Cisco Webex is Cisco Systems Inc., 170 West Tasman Drive, San Jose, California 95134, USA. You can find further information on data protection at https://www.cisco.com/c/de_de/about/legal/privacy-full.html.
Data processing outside the European Union
We rely on external service providers ("processors") for Online Meetings. These are the operators of the Tools. In such cases, personal data are disclosed to these processors to make further processing possible. These processors are carefully selected and regularly checked to ensure that your privacy remains protected. The processors may only use the data for the purposes we specify, and are also contractually obliged by us to handle your data exclusively in compliance with this data protection statement and applicable data protection laws.
Data is disclosed to the processors on the basis of Article 28 (1) GDPR; or alternatively on the basis of our legitimate interest in the economic and technical benefits provided by the use of specialized processors,
and the fact that your rights and interests to protection of your personal data do not override this in accordance with Article 6 Paragraph 1 (f) GDPR. If necessary, we shall obtain your consent to disclosure your personal data to processors, in which case Article 6 Paragraph 1 (a) GDPR forms the legal basis.
The operators of the Tools also process your data in countries outside the European Economic Area ("EEA"). In order to ensure that your personal rights are also protected within the scope of these data transfers, we use the standard data protection clauses adopted by the EU Commission pursuant to Article 46 Paragraph 2 (c) GDPR in drafting contracts with recipients in third countries.
Change of purpose
Your personal data will only be used for purposes other than those described insofar as this is permitted by law, or if you have consented to a change of data processing purpose. In the case that data are processed for purposes other than those for which the data were originally collected, we shall inform you of this different purpose prior to processing and shall provide you with all information relevant thereto.
Deletion of data
In principle, we delete personal data if there is no requirement for further storage. A requirement may exist in particular if the data is still required to fulfil contractual services, or to check, grant or defend warranty or guarantee claims. In the case of statutory retention obligations, deletion is only considered after expiry of the respective retention obligation.
In general, we erase or render anonymous your personal data as soon as they are no longer necessary in relation to the purposes for which we have collected or otherwise processed them in accordance with the foregoing clauses, unless continued storage of your personal data is required to fulfill a legal obligation.
Data Protection Officer
You can contact our Group Data Protection Officer using the following contact details:
Group Data Protection Officer
85748 Garching near Munich
Tel: +49 89 32 000-0
Fax: +49 89 32 000-482
Your rights as a data subject
As a data subject, you have the following rights:
• Right of access (Article 15 GDPR)
• Right to rectification of inaccurate data (Article 16 GDPR)
• Right to erasure or "the right to be forgotten" (Article 17 GDPR)
• Right to restriction of processing of personal data (Article 18 GDPR)
• Right to data portability (Article 20 GDPR)
You may withdraw your consent to having your personal data processed for marketing purposes, including customer data analysis or transfer to third parties for marketing purposes, at any time without having to give justification.
The data subject also has a general right to object (see Article 21 Paragraph 1 GDPR). In this case, you must justify your objection to the processing of your data.
If the legal basis for processing the data is consent then this can be revoked at any time and the revocation shall be effective for future processing.
Please contact firstname.lastname@example.org or the address listed below to exercise any of these data subject rights.
Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement, if you are of the opinion that the processing of personal data relating to you infringes applicable data protection law.
Changes to this Date Protection Notice
We will revise this Data Protection Notice in the event of changes to data processing or other circumstances that make it necessary. The latest version can always be found on this website.