Data privacy statement

Data privacy statement

 

1.    Subject of this privacy policy

In the following, we would like to inform you in detail about which data is collected when you visit our website and use our offers there and how this is processed or used by us in the following, as well as which accompanying protective measures we have also taken in technical and organizational terms.

 

2.    Responsible body/Service provider

The responsible party according to Art. 4 EU-DSGVO (EU General Data Protection Regulation, Datenschutz-Grundverordnung, hereinafter referred to as “EU-DSGVO”) and at the same time service provider in the sense of the German Telemedia Act (TMG) is Fohhn Audio AG, Großer Forst 15, 72622 Nürtingen, Phone +49 (0)7022/93323-0, Fax +49 (0)7022/93324-0, E-Mail info@fohhn.com. The responsible person is represented by the board members Jochen Schwarz and Uli Haug, at the same time responsible according to Section 55 of the Broadcasting State Treaty.

The office of the data protection officer is held by Mr. Frank Strohmer, Großer Forst 15, 72622 Nürtingen, Germany, Phone +49 (0)7022/93323-0, Fax +49 (0)7022/93324-0. If you have any questions or comments regarding data protection at Fohhn Audio AG (for example, about viewing, updating or deleting your personal data), you can contact our data protection officer by e-mail at info@fohhn.com with the subject "Data protection".

 

3.    Collection and use of your data

All personal data that we receive from you in the course of using our websites will only be collected, processed and used for the stated purpose. In doing so, we ensure that this only takes place within the framework of the applicable legal provisions or only with your consent.

Please contact info@fohhn.com or send us your request by post.

The data will only be processed within the EU and the European Economic Area, unless information is provided below or directly at the time of data collection about a transfer to third countries, stating the respective legal basis, and consent is requested if necessary. The provisions on legal bases for international data transfer and the necessary requirements for this are available from us on request.

We do not make automated individual decisions on the processing of personal data.

The extent and type of collection and use of your data differs depending on whether you visit our website merely to retrieve information or make use of services offered by us:

 

a)   Informational use

For the purely informative use of our website, it is generally not necessary for you to provide personal data.

Rather, in this case we only collect and use those of your data that your internet browser automatically transmits to us, such as:

  • Date and time of the retrieval of one of our internet pages
  • your browser type
  • the browser settings
  • he operating system used
  • the last website you visited
  • the amount of data transferred and the access status (file transferred, file not found, etc.) as well as
  • your IP address.

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user. The legal basis for the temporary storage of the data and the log files is Art. 6 (1) lit. f) EU-DSGVO.

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is no longer possible.

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.

 

b)   Use of offers

If you wish to make use of services offered by us on our website or after contacting us in another way, it may be necessary for you to provide further data. These are the data that is required for the respective processing in accordance with Art. 6 (1) lit. b) EU-DSGVO, otherwise we cannot provide the desired service.

You can enter additional information voluntarily; input fields with optional information are marked accordingly.

The collection or use of your data is for the purpose of providing the service you requested. This includes, for example, an enquiry via our contact form.

If the provision of data is required by law, we will inform you accordingly.

Your data may be passed on to service providers supporting us for the aforementioned purpose, who we have of course carefully selected and obliged to comply with the EU General Data Protection Regulation.

Your data will otherwise only be passed on to other third parties if this is permitted by law or we have received your explicit consent to do so.

 

4.    Data protection consent

We may require consent for the processing of your data in accordance with Art. 6 (1) a) EU-DSGVO. We assure you that we will only process and use the data for the purpose stated at the time of collection.

You can give your consent separately in connection with the respective data collection. You can subsequently revoke it at any time with effect for the future.

Consent in relation to newsletters is governed by point 5, and for cookies by point 6 of this declaration below.

 

5.    Newsletter

In order to be able to register for our email newsletter service, we require, in addition to your consent under data protection law in accordance with Art. 6 (1) lit. a) EU-DSGVO, at least your email address to which the newsletter is to be sent. Any further details are optional and are used to address you personally and to personalise the content of the newsletter as well as to clarify queries regarding the email address. We use the data exclusively for sending the newsletter.

For sending the newsletter, we generally use the so-called double opt-in procedure, i.e. we will only send you the newsletter if you first confirm your registration via a confirmation e-mail sent to you for this purpose using the link contained therein. In this way, we want to ensure that only you, as the owner of the specified e-mail address, can register for the newsletter. Your confirmation in this regard must be made promptly after receipt of the confirmation e-mail, otherwise your newsletter registration will be automatically deleted from our database.

If you purchase goods or services from us and provide us with your e-mail address, we may subsequently use it to send you a newsletter. In such a case, only direct advertising for our own similar goods or services will be sent via the newsletter. The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) UWG (German Law against Unfair Competition, Gesetz gegen den unlauteren Wettbewerb, hereinafter referred to as “UWG”).

You can cancel a newsletter you have ordered at any time. To do so, you can either send us an informal e-mail to info@fohhn.com or use the link at the end of the newsletter to cancel. In this case, we will delete your e-mail address immediately.

 

 

6.    Use of cookies

We use the technology of cookies for our website. Cookies are small text files that are sent to your browser by our web server when you visit our website and are stored on your computer for later retrieval. The purpose of using technically necessary cookies (session cookies) is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies.

Analysis cookies or web beacons (small graphics for log analysis) are used to improve the quality of our website and its content and to recognise visitors. Through the analysis cookies, we learn how the website is used and can thus constantly optimise our offer.

We do not give third parties the opportunity to set cookies on our websites.

We do not give third parties the opportunity to share cookie information.

You can determine yourself whether cookies can be set and retrieved through the settings in your browser. For example, you can completely deactivate the storage of cookies in your browser, restrict it to certain websites or configure your browser so that it automatically notifies you as soon as a cookie is to be set and asks you for feedback.

Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for the respective browsers under the following links:

Internet Explorer:
support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies

Firefox:
support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

Chrome:
support.google.com/chrome/answer/95647

Safari:
support.apple.com/de-de/guide/safari/sfri11471/12.0/mac/10.14

Opera:
help.opera.com/de/latest/web-preferences/

You can also delete the cookies in your browser at any time. However, for technical reasons, it is necessary to allow the aforementioned session cookies for the full range of functions of our website.

The legal basis for the use of necessary cookies is our legitimate interest in the proper provision of our online offer within the meaning of Art. 6 (1) lit. f) EU-DSGVO and - insofar as contracts are concluded or fulfilled via our online offer - the fulfilment of the contract within the meaning of Art. 6 (1) lit. b) EU-DSGVO.

We do not offer the option of registering with us via a third-party service provider.

In accordance with Art. 13 of the EU Data Protection Regulation, we will obtain your consent in advance for the use of cookies in accordance with Art. 6 (1) a) EU-DSGVO.

 

7.    Contact form

If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We do not pass on this data without your consent.

The processing of this data is based on Art. 6 (1) lit. b) EU-DSGVO if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 (1) lit. f) EU-DSGVO) or on your consent (Art. 6 (1) lit. a) EU-DSGVO) if this has been requested.

The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your enquiry). Mandatory legal provisions - in particular retention periods - remain unaffected.

 

8.    Applicant data

a) Handling of applicant data

We offer you the opportunity to apply to us (e.g. by e-mail or post). In the following, we inform you about the scope, purpose and use of your personal data collected as part of the application process. We assure you that the collection, processing and use of your data will be carried out in accordance with applicable data protection law and all other legal provisions and that your data will be treated in strict confidence.

 

aa) Scope and purpose of data collection

If you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes in the context of job interviews, etc.) to the extent that this is necessary to decide on the establishment of an employment relationship. The legal basis for this is Section 26 BDSG-neu (German Federal Data Protection Act, Bundesdatenschutzgesetz, hereinafter referred to as “BDSG-neu”) under German law (initiation of an employment relationship), Art. 6 (1) lit. b) EU-DSGVO (general contract initiation) and - if you have given your consent - Art. 6 para. 1 lit. a) EU-DSGVO. The consent can be revoked at any time. Your personal data will only be passed on within our company to persons who are involved in processing your application.

If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of Section 26 BDSG-neu and Art. 6 (1) lit. b) EU-DSGVO for the purpose of implementing the employment relationship.

 

bb) Retention period of the data

If we are unable to make you a job offer, if you reject a job offer or withdraw your application, we reserve the right to retain the data you have provided on the basis of our legitimate interests (Art. 6 (1) lit. f) EU-DSGVO) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. This storage serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), the data will only be deleted when the purpose for continued storage no longer applies.

Longer storage may also take place if you have given your consent (Art. 6 (1) lit. a) DSGVO) or if legal storage obligations prevent deletion.

 

9.    services.fohhn

You can register on the services.fohhn website in order to use the functions on the site. We use the data entered for this purpose only for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise we will reject the registration. We process the following data on the services.fohhn website: Company name, website, e-mail address, telephone number, company logo and address.

In order to use our services on the website services.fohhn, registration is required. As part of setting up a corresponding user account, you must provide a password in addition to your e-mail address. This information is used for login and secure identification on our website.

When using the login area on the services.fohhn.com website, the account name and the correctness of the password entry are logged and a session cookie is transmitted to the user, which is deleted upon logout or expiry of the maximum session lifetime (within a few hours).

When registering and each time you log in to your user account and use our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests and the interest of users in protection against misuse and unauthorised use pursuant to Art. 6 (1) lit. f. EU-DSGVO. Legal retention periods remain unaffected.

The data entered during registration is processed for the purpose of implementing the user relationship established by registration and, if necessary, for initiating further contracts (Art. 6 (1) lit. b) EU-DSGVO).

For important changes, for example in the scope of the offer or in the case of technically necessary changes, we use the e-mail address provided during registration to inform you in this way.

 

10. HubSpot

For the websites fohhn.com and services.fohhn, we use HubSpot for our online marketing activities.

HubSpot is a software company from the USA with a branch in Ireland.

 

Contact:       HubSpot,
2nd Floor 30 North Wall Quay,
Dublin 1, Ireland
Phone: +353 1 5187500

This is an integrated software solution that we use to cover various aspects of our online marketing. These include:

· E-mail marketing (newsletters and automated mailings)

· Reporting (e.g. traffic sources, accesses, etc.)

· Contact management (e.g. user segmentation & CRM)

· Social media (e.g. Facebook, Instagram, LinkedIn)

This information and the content of our websites fohhn.com and services.fohhn are stored on servers in Frankfurt am Main belonging to our software partner HubSpot. It can be used by us to contact visitors to our website and to determine which of our company's services are of interest to them. All information we collect is subject to this privacy policy.

 

a) Contact form of HubSpot

When you use our contact form, the data you enter is sent to HubSpot's servers and stored there. During your input, the email address you provide is also sent to HubSpot's servers for validation. This allows us to ensure that the email address you provide is valid and that you will receive our reply.

This storage and processing of your data is based on Art. 6 (1) p. 1 lit. f) of the EU-DSGVO, our legitimate interest in offering an easy-to-use contact form on the website and receiving business enquiries. As the contact form is only intended for business relations, only general contact information of our contact persons at customers or interested parties is processed in principle. Since you voluntarily provide us with your contact information, we assume that you have a reasonable expectation that we will process your data to contact and respond to your contact. With the help of our service provider, we can respond to your enquiries about our products in a tailored and quick manner.

 

b) Web analysis by HubSpot

We want to know what our website visitors are interested in and what they are looking for, so that we can keep improving the website and make it as easy as possible for all visitors to find the Fohhn information they are looking for. However, as data protection is particularly important to us, we have decided against using Google Analytics, a tool that is frequently used on the Internet. Below you will find out how we proceed instead.

When you use our websites, your browser automatically transmits certain information to HubSpot's servers to enable an analysis of your behaviour on our website.

HubSpot only provides us with anonymised information about access times, sub-pages visited, origin of visitors, country of the user or length of stay. It is not possible for us to assign the accesses to your person. In particular, HubSpot does not permanently store your IP address, but only infers geographical information and then deletes the address. The legal basis in this respect is Art. 1 S. 1 lit. f) EU-DSGVO.

In addition, we use HubSpot's web analytics services to track which website visitor uses which website link. We only use these services with your prior explicit consent and if you have filled out our website's contact form, which you can provide via the consent banner on our website.

The legal basis in this case is Art. 6 (1) S. 1 lit. a) EU-DSGVO, your consent.

We have concluded an order processing contract with HubSpot, which includes the European Commission's standard contractual clauses to ensure an adequate level of data protection in third countries.

 

c) HubSpot CRM

We use HubSpot CRM on these websites. The provider is HubSpot Inc. 25 Street, Cambridge, MA 02141 USA (hereinafter referred to as HubSpot CRM).

Among other things, HubSpot CRM allows us to manage existing and potential customers as well as customer contacts. With the help of HubSpot CRM, we are able to record, sort and analyse customer interactions via email, social media or telephone across different channels. The personal data collected in this way can be evaluated and used for communication with the potential customer or for marketing measures (e.g. newsletter mailings). With HubSpot CRM, we are also able to record and analyse the user behaviour of our contacts on our website.

In addition, email accounts of our employees, especially from the sales area, can be connected to the HubSpot CRM. This enables central storage of email conversations if the respective employee deems this necessary. The aim is to enable targeted collaboration between sales staff and centralised customer support. Our employees can thus work collaboratively, represent each other and view the status of a customer enquiry.

The use of HubSpot CRM is based on Art. 6 (1) lit. f) EU-DSGVO. The website operator has a legitimate interest in the most efficient customer management and customer communication possible. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) lit. a) EU-DSGVO; the consent can be revoked at any time.

For details, see HubSpot's privacy policy:
legal.hubspot.com/de/privacy-policy.

 

d) Cookies

You can find more information about the cookies used by HubSpot here:

https://knowledge.hubspot.com/articles/kcs_article/reports/what-cookies-does-hubspot-set-in-a-visitor-s-browser
 

and here:

knowledge.hubspot.com/articles/kcs_article/account/hubspot-cookie-security-and-privacy

 

e) Contract on order processing

We have concluded an order processing contract with HubSpot CRM. This is a contract required by data protection law, which ensures that HubSpot CRM only processes the personal data of our website visitors according to our instructions and in compliance with the EU-DSGVO.

 

11. Hotjar

We use Hotjar to better understand the needs of our users and to optimise this service and experience.

The provider is Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (website: www.hotjar.com).

Hotjar is a technology service that helps us better understand our users' experiences (e.g. how much time they spend on which pages, which links they click on, what users like and don't like, etc.) via so-called "heat maps" and enables us to build and maintain our service based on user feedback. Hotjar allows us to record your mouse movements, scrolling movements and clicks, among other things. Hotjar can also determine how long you have stayed on a particular spot with your mouse pointer. From this information, Hotjar creates the so-called heat maps, which can be used to determine which website areas are viewed preferentially by the website visitor.

Furthermore, we can determine how long you stayed on a page and when you left it. We can also determine at which point you abandoned your entries in a contact form (so-called conversion funnels).

In addition, Hotjar offers us the possibility to conduct surveys in the form of optional questionnaires to collect customer satisfaction. In this way, Hotjar allows us to collect direct feedback from website visitors.

Hotjar uses cookies and other technologies to collect data about the behaviour of our users and their devices. This includes a device's IP address (which is processed during your session and stored in anonymised form), device screen size, device type (unique device identifiers), browser information, geographical location (country only) and the preferred language in which our website is displayed. Hotjar stores this information on our behalf in a pseudonymised user profile. Hotjar is contractually prohibited from selling the data collected on our behalf.

The use of Hotjar and the storage of Hotjar cookies is based on Art. 6 (1) lit. f) EU-DSGVO. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising.

If you wish to deactivate the data collection by Hotjar, click on the following link and follow the instructions there: www.hotjar.com/opt-out

Please note that Hotjar must be deactivated separately for each browser or end device.

For more information about Hotjar and the data collected, please see Hotjar's privacy policy at the following link: www.hotjar.com/privacy

We have concluded an order processing contract with Hotjar to implement the strict European data protection regulations.

 

12. Plugins and tools

a) Social media

On our website www.fohhn.com, we also offer you extensive personal support and the opportunity to stay in touch with us via our social media pages (Facebook, Instagram, YouTube, Google Plus, Xing, LinkedIn). These social media services collect personal data themselves, e.g. via your profile created there or via so-called social plug-ins that are implemented in third-party websites.

If you send us an enquiry via one of these social media, we will forward the enquiry to the relevant department. The data will only be used to respond to your enquiry.

In order to contact us via social media, you must register with these services. For this purpose, the companies behind the respective service may collect, store and use personal data. We have no influence on the type, scope and processing of this data. This also applies to images/videos uploaded to social media. Please note that the rights may be transferred to the social media services. The details can be found in the data protection and terms of use of the respective providers.

These are offers from the following companies:


Facebook Inc. (1601 Willow Road, Menlo Park, CA 94025, USA)

Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)

YouTube, LLC (901 Cherry Ave., San Bruno, CA 94066, USA)

LinkedIn Corporation (1000 West Maude Avenue, Sunnyvale, CA 94085, USA)

For the purpose and scope of the data collection and the further processing and use of the data by these companies, as well as your rights in this respect and setting options for protecting your privacy, please refer to the data protection information of:

Facebook & Instagram:
https://www.facebook.com/policy.php

Google:
https://www.google.de/intl/de/policies/privacy/

YouTube:
https://www.google.de/intl/de/policies/privacy/

LinkedIn:
https://www.linkedin.com/legal/privacy-policy

 

b) Facebook Remarketing / Retargeting (Custom Audiences Pixel)

The website uses the "Custom Audiences" remarketing function of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). By means of this function and the use of the corresponding Facebook remarketing tag, Fohhn Audio AG can target users with advertising by displaying interest-related personalised Facebook ads when they visit Facebook websites.

When you visit the Fohhn Audio AG website, the Facebook remarketing tags establish a direct connection to the Facebook servers, whereby it is transmitted to the Facebook server which of the Fohhn Audio AG websites you have visited. Facebook assigns this information to your personal Facebook user account.

For further information on the processing of data by Facebook and your rights in this regard and options for protecting your privacy, please refer to Facebook's privacy policy at https://www.facebook.com/about/privacy/.

If you do not want Facebook to assign the collected information directly to your Facebook user account, you can deactivate the "Custom Audiences" remarketing function in your Facebook profile, which requires you to log in there.

 

c) LinkedIn Analytics and LinkedIn Ads

We use the conversion tracking technology and the retargeting function of the LinkedIn Corporation on our website.

This technology can be used to serve personalised ads on LinkedIn to visitors of this website. Furthermore, the possibility arises to create anonymous reports on the performance of the advertisements as well as information on the interaction of the website. For this purpose, the LinkedIn Insight tag is integrated on this website, which establishes a connection to the LinkedIn server if you visit this website and are logged into your LinkedIn account at the same time.

In LinkedIn's privacy policy at www.linkedin.com/legal/privacy-policy you will find further information on data collection and data use as well as the options and rights to protect your privacy. You can object to the analysis of your usage behaviour by LinkedIn and the display of interest-based recommendations ("opt-out"). To do so, follow this link: www.linkedin.com/psettings/guest-controls/retargeting-opt-out

 

13. Audio/video conferencing and webinars

a) General

We use, among other things, online conferencing tools to communicate with our clients. We also offer webinars using appropriate tools. The individual tools we use are listed under f).

 

b) Data processing

If you communicate with us via video or audio conference over the Internet or participate in a webinar, your personal data will be collected and processed by us and the provider of the software used (tools).

The tools collect all data that you provide/enter to use the programmes (e-mail address and/or your telephone number). Furthermore, the tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other "contextual information" related to the communication process (metadata).

Furthermore, the provider of the tool processes all technical data required to handle online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker and the type of connection.

If content is shared, uploaded or otherwise made available within the tool, it will also be stored on the servers of the tool providers. Such content includes, but is not limited to, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information shared while using the service.

Please note that we do not have full influence on the data processing procedures of the tools used. Our options are largely determined by the corporate policy of the respective provider. For further information on data processing by the providers, please refer to the data protection statements of the respective tools used, which we have listed below this text.

 

c) Purpose and legal basis in the context of the conferences

In the context of a conference the tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 (1) p. 1 lit. b) EU-DSGVO). Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest within the meaning of Art. 6 (1) lit. f) EU-DSGVO). Insofar as consent has been requested, the tools in question are used on the basis of this consent; consent can be revoked at any time with effect for the future.

 

d) Purpose and legal basis in the context of the webinars

The legal basis for the processing is Art. 6 (1) lit. f) EU-DSGVO. Our legitimate interest is the effective implementation of webinars. Should the webinar be conducted in the context of an existing contractual relationship or a contractual relationship to be initiated, the additional legal basis is Art. 6 (1) lit. b) EU-DSGVO. Webinars are only recorded if we have informed you of this in advance and you have consented to the recording. In this case, the legal basis is Art. 6 (1) lit. a) EU-DSGVO.

 

e) Storage period

The data collected directly by us via the tools are deleted from our systems as soon as you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory legal retention periods remain unaffected.

We have no influence on the storage period of your data, which is stored by the providers of the tools for their own purposes. For details, please contact the providers of the tools directly.

 

f) Applied tools

We use the following tools:

aa) Zoom

The provider of this service is Zoom Communications Inc, San Jose, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. Zoom Communications Inc. offers video conferencing, online meetings, chats and mobile collaboration. Fohhn Audio AG uses this solution to conduct video conferences and webinars.

For details on data processing, please refer to Zoom's privacy policy: zoom.us/de-de/privacy.html.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: zoom.us/de-de/privacy.html.

(1)         Notes on the use of Zoom

In the following, we would like to provide you with some information about Zoom and notes on its use. Please read the information carefully and take it into account when planning, conducting and/or participating in Zoom meetings.

What data does Zoom collect?

Zoom collects the following technical data on devices, network and internet connection

- IP address, MAC address, other device IDs (UDID), device type, operating system type and version, client version, camera type, microphone or speaker, type of connection,

- Approximate position (no exact location transmission), nearest city

- Usage behaviour (no content from meetings and chats)

- VoIP or phone call, mobile client or desktop

- Selected settings in Zoom

- Participation without video, request meeting password

- Duration of the meeting, email address, name or other data that a participant enters to identify themselves in the meeting,

- Start and end time of participation of participants, name of the meeting, planned date / time of the meeting,

- Chat status and content (unless the user actively chooses a setting)

Where is this data transmitted and stored?

Zoom Video Communications, Inc, zoom.us, which operates the Zoom video conferencing platform, processes the personal data on our behalf.  This means that Zoom may only use them in accordance with our instructions and not for its own purposes, i.e. neither for advertising nor passed on to third parties. The data is stored on systems in the USA

What do you have to consider when using Zoom?

If you activate access to the microphone or video camera of the end device used, sound and video data are processed and played back in the meeting or webinar. You can deactivate access at any time using the buttons with the respective icons. Participation is also possible if you deactivate access. Participants must not be required to activate the video screen.

If you select the "Transfer screen" function, your displayed screen content will be shown to all other participants in the meeting or webinar. You should therefore ensure that no sensitive data is displayed on your screen before using the function. You can deactivate the function at any time using the corresponding button.

We have deactivated the "attention tracking" function for all participants.

During a webinar, it is also possible to exchange text messages in a group chat. The messages are visible to all participants of the webinar.

 

Due to recently published security vulnerabilities in Zoom, use on smartphones is not recommended, as end-to-end encryption does not yet work for phone calls.

Zoom privacy policy: https://zoom.us/de-de/privacy

 

(2) Data processing in the USA

With the current decision of the European Court of Justice ("Schrems II ruling" C- 311/18), the transfer of personal data via servers that are not operated within the EU is declared unsafe due to the ineffectiveness of the previous EU-US Privacy Shield.

However, according to the principles of the EU-DSGVO, any processing of personal data requires a legal basis. Therefore, if a lawful data transfer to the USA is to take place, the legal basis for this is your consent pursuant to Art. 49 (1) a) EU-DSGVO in conjunction with Art. 7 EU-DSGVO.

In principle, it cannot be ruled out that in practice we will not be able to guarantee the same effective protection of personal data transferred to the USA as within the EU states.

This is particularly the case because the US authorities are permitted to carry out surveillance activities and in practice these take the form of mass surveillance of communications by secret services.

 

(3) Consent to use "Zoom": Voluntariness and revocability

We require your consent to use "Zoom" when conducting a meeting or webinar.

Your consent to use "Zoom" is on a voluntary basis. You will not incur any additional costs or suffer any further consequences if you do not consent.

You can revoke your consent at any time and without giving reasons, with effect for the future. Your revocation must be in text form (an e-mail to info@fohhn.com is sufficient).

Your revocation will mean that upcoming meetings to which you have already consented will not take place via "Zoom".  

 

(4) Special features of using "Zoom" to hold webinars

We also use "Zoom" to conduct our webinars. In order to participate in a webinar on Zoom, you must first register via the Hubspot form. Data on your device, operating system and browser are used for the purpose of identification in the webinar. The provision of an email address is mandatory in all cases. This is also used for marketing purposes.

Your details will be cached in your browser and used for future webinars. Your details will also be stored by HubSpot (section 10). In addition, technical device identification and traffic data such as MAC and IP address, unique device identification data and data on the browser and operating system used will be processed.

If we want to record the webinar, we will transparently inform you in advance and ask for consent. The fact of the recording will also be displayed in the app. If webinars are being recorded, you will recognise this by a red symbol in the lower left-hand area of the screen. In this case, all video and audio data will be stored by us.

If it is necessary for the purposes of logging the results of a webinar, we will log the chat content.

 

bb) Microsoft Teams

We also use Microsoft Teams for video conferencing and as a way to book appointments in person.

The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

(1)             Necessary consent to the data protection and terms of use vis-à-vis "Microsoft" and "Microsoft Teams

 

The use of Microsoft Teams is generally subject to the usage and data protection provisions of "Microsoft", over which we have no influence. In order to use Microsoft Teams, you must accept the terms of use and data protection provisions of "Microsoft", otherwise you will not be able to use Microsoft Teams.

 

Privacy policy:
www.microsoft.com/en-us/microsoft-365/microsoft-teams/download-app and privacy.microsoft.com/de-de/privacystatement

 

Terms of use:
www.microsoft.com/de-de/servicesagreement/

 

Other recipients: Microsoft Corporation, as the provider of Microsoft Teams, receives knowledge of the above-mentioned data insofar as this is provided for in the context of our order processing agreement with Microsoft Teams.

 

(2)           Data processing outside the European Union

 

We have limited our storage location to data centres in the European Union, so data processing does not take place outside the European Union as a matter of principle. However, we cannot technically completely rule out routing or storage on servers outside the European Union with the processor Microsoft, of which Microsoft Teams is a part.

 

A secure level of data protection is guaranteed as far as possible by the conclusion of recognised EU standard data protection clauses and technical and organisational measures on our part. Among other things, data is encrypted during transport via the Internet and generally protected from disclosure to third parties. The level of data protection is considered sufficient when measured against the anticipated content of the video conferences conducted via Microsoft Teams, which generally do not contain any personal data apart from the names of the persons participating in the video conference.

 

(3)           Further information on data protection at Microsoft Corporation and at Microsoft Teams

 

For further information, we first refer to the above explanations under item 13 a) to d).

 

Please also refer to Microsoft's data protection notice at privacy.microsoft.com/de-de/privacystatement under the section "Online services for companies";

 

and:

www.microsoft.com/de-de/trust-center/privacy/customer-data-definitions

 

in conjunction with the Microsoft DPA, available at: https://www.microsoftvolumelicensing.com/Downloader.aspx?DocumentId=18030.

14.  Google Ads

We also use Google Ads. Google Ads is an online advertising programme of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be played on the basis of the user data available at Google (e.g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively via tracking codes by analysing, for example, which search terms have led to the display of our advertisements and how many advertisements have led to corresponding clicks.

Google Ads uses cookies for this purpose, which read and store the IP address as well as the interactions of the users who have come to the companies' page via an ad.

The use of this service is based on your consent in accordance with Art. 6 (1) lit. a) EU-DSGVO and Section 25 (1) TTDSG (German Telecommunications Telemedia Data Protection Act, Deutsches Telekommunikation-Telemedien-Datenschutz-Gesetz, hereinafter referred to as “TTDSG”). This consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:

https://policies.google.com/privacy/frameworks

and

privacy.google.com/businesses/controllerterms/mccs/.

We have concluded an order processing contract with Google Ads to implement the strict European data protection regulations.

In the event that you have also set a HubSpot cookie in your browser, this also enables us to link these two analysis tools with each other and to combine their data into one profile. This in turn requires your consent in accordance with Art. 6 (1) a) EU-DSGVO.

 

15. Data security

We also use technical and organisational security measures to protect personal data that we receive or collect, in particular against accidental or intentional manipulation, loss, destruction or against attack by unauthorised persons. Our security measures are continuously improved in line with technological developments.

We provide you with various online forms and services with which you can send personal data to us. These forms are protected against inspection by third parties through the use of TLS encryption. The data you enter or send to us as a file may be stored and processed by us as agreed. If the use and processing require the consent of the user or third parties, the consent can be revoked at any time without giving reasons. In this case, however, the fulfilment of the contract by us may be impaired.

Depending on the service, you may be asked to make various entries to identify or prevent misuse:

a) For identification purposes when submitting data, the entry of a user-defined identifier or other suitable authentication may be required. The data is protected via HTTPS against third-party access in accordance with Art. 32 (1) lit. a) and b) EU-DSGVO, provided that the user uses the data transmission methods recommended by us.

b) To prevent use by machines, so-called CAPTCHAS can be used in accordance with Art. 32 (1) lit. b) EU-DSGVO, which contain images or tasks that cannot be processed by computer scripts.

16.  Deletion deadlines

We store personal data only until the purpose of the data storage no longer applies. This does not apply if the user has voluntarily consented to longer processing of the data or if legal retention periods or the possible pursuit of legal claims within periods of limitation that have not yet expired conflict with the deletion (in the case of conflicting retention or limitation periods, it may be necessary to restrict the processing of the data in accordance with Art. 18 EU-DSGVO).

 

17.  Data subjects' rights

Under the applicable laws, you have various rights regarding your personal data. If you wish to exercise these rights, please send your request by e-mail or by post, clearly identifying yourself, to the above address of the data controller.

Below you will find an overview of your rights.

 

a) Right to confirmation and information

You have the right to obtain confirmation from us at any time as to whether personal data relating to you is being processed. If this is the case, you have the right to obtain from us, free of charge, information about the personal data stored about you, together with a copy of this data. Furthermore, you have the right to the following information:

  1. the purposes of processing;
  2. the categories of personal data that are processed;
  3. the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organisations;
  4. if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
  5. the existence of a right to rectify or erase the personal data concerning you or to have the processing restricted by the controller or to object to such processing;
  6. the existence of a right of appeal to a supervisory authority;
  7. if the personal data are not collected from you, all available information about the origin of the data;
  8. the existence of automated decision-making, including profiling, pursuant to Article 22 (1) and (4) EU-DSGVO and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for you.

If personal data are transferred to a third country or to an international organisation, you have the right to be informed about the appropriate safeguards pursuant to Article 46 EU-DSGVO in connection with the transfer.

 

b) Right of rectification

You have the right to request that we correct any inaccurate personal data relating to you without undue delay. Taking into account the purposes of the you have the right to request the completion of incomplete personal data - also by means of a supplementary statement.

 

c) Right to erasure ("right to be forgotten")

You have the right to request that we delete personal data relating to you without undue delay and we are obliged to delete personal data without undue delay if one of the following reasons applies:

  1. The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
  2. You withdraw your consent on which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) EU-DSGVO and there is no other legal basis for the processing.
  3. You object to the processing pursuant to Article 21(1) EU-DSGVO and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) EU-DSGVO.
  4. The personal data have been processed unlawfully.
  5. The deletion of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which we are subject.
  6. The personal data have been collected in relation to information society services offered in accordance with Article 8(1) EU-DSGVO.

The right to erasure does not exist insofar as the processing is necessary

  1. to exercise the right to freedom of expression and information;
  2. for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  3. for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) EU-DSGVO;
  4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89(1) EU-DSGVO, where the right referred to in Section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing, or
  5. for the assertion, exercise or defence of legal claims.

If we have made the personal data public and we are obliged to erase it pursuant to Article 17 EU-DSGVO, we shall take reasonable measures, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers who process the personal data that you have requested that they erase all links to or copies or replications of that personal data.

 

d) Right to restriction of processing

You have the right to request us to restrict processing if one of the following conditions is met:

  1. You dispute the accuracy of the personal data for a period of time that allows us to verify the accuracy of the personal data.
  2. The processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data.
  3. The personal data are no longer necessary for the purposes of processing; however, the data are needed for the establishment, exercise or defence of legal claims; or
  4. You have objected to the processing pursuant to Article 21(1) EU-DSGVO as long as it has not yet been determined whether the legitimate reasons of our company outweigh yours.

Where the processing of personal data relating to you has been restricted, those data may be processed, with the exception of their storage, only with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or of a Member State.

 

e) Right to data portability

You have the right to receive the personal data relating to you that you have provided to us in a structured, commonly used and machine-readable format and you have the right to transfer this data to another controller without hindrance from us, provided that

  1. the processing is based on consent pursuant to Article 6 (1) (a) EU-DSGVO or Article 9 (2) (a) EU-DSGVO or on a contract pursuant to Article 6 (1) (b) EU-DSGVO and
  2. the processing is carried out with the aid of automated procedures.

When exercising your right to data portability in accordance with paragraph 1, you have the right to have the personal data transferred directly from us to another controller, where this is technically feasible.

The right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

 

f) Right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) EU-DSGVO; this also applies to profiling based on these provisions. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.

If personal data is processed by us for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is associated with such direct marketing.

You have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) EU-DSGVO, unless the processing is necessary for the performance of a task carried out in the public interest.

 

g) Automated decisions including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

 

h) Right to revoke consent under data protection law

Many data processing operations are only possible with your explicit consent. You can revoke consent you have already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

i) Right to object to the collection of data in specific cases and to direct marketing (Art. 21 EU-DSGVO)

If the data processing is based on Art. 6 (1) e) or f) EU-DSGVO, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions.

The respective legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims (objection under Article 21(1) EU-DSGVO).

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of such advertising; This also applies to profiling insofar as it is related to such direct advertising. If you object, your personal data will subsequently no longer be used for the purpose of direct advertising.

 

 

j) Right to complain to a supervisory authority

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you is unlawful.

 

k) Right to information

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to communicate this rectification or erasure of the data or restriction of processing to all recipients to whom the personal data concerning you have been disclosed, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed of these recipients by the controller.

 

18.  Status and update of this privacy policy

This data protection declaration is valid as of 18 April 2023. Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection statement at any time on the website at www.fohhn.com/de/datenschutz. We will also inform you of any significant changes, such as changes to the purpose or new processing purposes.