Data privacy notice for online meetings, conference calls and webinars

We use the "Zoom", „GoToMeeting“, and „GoToTraining“ and „Cisco WebEx”, which is provided via the systems of Telekom Deutschland GmbH, to conduct conference calls, online meetings, video conferences and/or webinars. "Zoom" is a service provided by Zoom Video Communications Inc. based in the USA. „GoToMeeting“ and „GoToTraining“ are services provided by LogMeIn Inc. based in the USA. "Cisco Webex" is a service provided by Cisco Systems Inc. technology Suites based in the USA.

A processing of personal data also takes place in a non-European third country. We have concluded an order processing contract with the provider that meets the requirements of Art. 28 GDPR.

An adequate level of data protection is guaranteed by the conclusion of the so-called EU standard contractual clauses (Commission Decision 2010/87). The IfW Kiel is thus responsible for data processing directly related to the conduct of online meetings.

Note: If you access the service providers website, the provider is responsible for data processing. However, you only need to access the website in order to download the software.

Which data are processed?

Various types of data are processed when using the service providers. The extent of the data also depends on what data you provide before or during participation in an "online meeting".

The following personal data are subject to processing:

Information about the user: first name, last name, telephone (optional), email address, password (if "Single-Sign-On" is not used), profile picture (optional), department (optional)

Meeting metadata: topic, description (optional), participant IP addresses, device/hardware information

For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.

When dialing in by telephone: Information about the incoming and outgoing phone number, country name, start and end time are registered. If necessary, further connection data such as the IP address of the device can be saved.

Text, audio and video data: You may be able to use the chat, question or survey functions in an "online meeting". To this extent, the text entries you make are processed in order to display and, if necessary, log them in the "online meeting". In order to enable the display of video and the playback of audio, the data from the microphone of your device and from any video camera of the device will be processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time using applications.

In order to participate in an "online meeting", you must at least provide information about your name in order to enter the "meeting room".

Scope of processing

We use the service providers to conduct online meetings. If we want to record online meetings, we will inform you transparently in advance and – if necessary – will ask for your consent. The fact of the recording is also displayed in the app.

If it is necessary for the purposes of recording the results of an online meeting, we will log the chat content. However, this will usually not be the case.

In the case of webinars, we may also process the questions asked by webinar participants for the purpose of recording and follow-up of webinars.

If you are registered as a user at the service providers, reports of online meetings (meeting metadata, data on telephone dial-in, questions and answers in webinars, survey function in webinars) can be stored for up to one month by the service providers.

The possibility of software-based "attention tracking" in "online meeting" tools is deactivated.

Legal basis for data processing

For employees of the Kiel Institute for the World Economy, § 15 LDSG is the legal basis for data processing. If data should not to be necessary for data processing, but are nevertheless elementary requested in connection by using the service providers, Art. 6 Para. 1 lit. e) GDPR, § 3 para. 1 LDSG is the legal basis for data processing, since we need an effective implementation of "online meetings" to fulfill our statutory tasks.

If there is no contractual relationship, the legal basis is Art. 6 Para. 1 lit. e) DSG-VO, § 3 para. 1 LDSG. Here, we also need the effective implementation of "online meetings" in order to fulfill our statutory tasks.

Personal data that are processed in the context of attending "online meetings" are generally not passed on to third parties, unless they are not intended to be passed on.

Other recipients: The provider necessarily receives knowledge of the above mentioned data, as far as this is provided in the context of our order processing contract with the service providers.