oose.
Welcome to your Competence Navigator oose
English

Privacy information for the fulfillment of transparency obligations according to the GDPR

We inform you about the most important aspects of data processing in this data protection information. Which data is processed in detail and how it is used depends mainly on our digital services' respective contract/order or use. This includes open seminars, customer seminars, consulting and coaching orders, and visiting one of our websites.

The protection of your personal data is of particular concern to us. Therefore, we process your data exclusively on the basis of the statutory provisions (General Data Protection Regulation - GDPR and the german Federal Data Protection Act - BDSG (Bundesdatenschutzgesetz) and the Telemedia Act - TMG).

If there is no legal basis for processing your personal data, we will always obtain the data subject's consent.

Personal data includes, for example, the name, address, email address, telephone number of a data subject.

 

Chapter I - Data Processor

§ 1 Provider and responsible entity

Provider and responsible body in the sense of Art. 4 No. 7 GDPR is:

oose eG
Schomburgstraße 50
22767 Hamburg
Telefon: +49 40 414250-0
E-Mail: info@oose.de
GnR 1067 Hamburg Local Court, VAT ID DE296653247
Management Board: Nicola Jährig, Felix Heppner, Tim Weilkiens

Chairman of the Supervisory Board: Dr. Michael Hofmann

§ 2 Data Protection Officer2

The contact details of the data protection officer are

Karsten Klug
External data protection officer (TÜV certified)
Klug Datenschutz-Consulting
Kaiser-Wilhelm-Str. 93
20355 Hamburg, Germany
Tel.: +49 40 4118938-28
Fax.: +49 40 4118938-37
mail@klug-datenschutz.de

Chapter II – Important terms

§ 3 Personal data (Art. 4 No. 1. GDPR)

"Personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

§ 4 Person concerned

"Are identified or identifiable natural persons."

§ 5 Processing (Art. 4 point 2. GDPR)

"Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

§ 6 Restriction of processing (Art. 4 No. 3. GDPR)

"restriction of processing” is the marking of stored personal data with the aim of limiting their processing in the future;

§ 7 Profiling (Art. 4 number 4. GDPR)

"profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

§ 8 Pseudonymization (Art. 4 No. 5. GDPR)

"pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;

§ 9 Controller (Art. 4 point 7. GDPR)

"controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

§ 10 Processor (Art. 4 No. 8. GDPR)

"processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

§ 11 Recipients (Art. 4 number 9. GDPR)

"recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. 2However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

§ 12 Third party (Art. 4 num. 10. GDPR)

"third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

§ 13 Consent (Art. 4 number 11. GDPR)

"consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Chapter III - Information pursuant to Section 13 TMG

§ 14 General data collection

When you visit our websites, the browser used on your end device sends information to the server of our website. This information is only stored temporarily in a so-called log file. The following information can be collected without your intervention and stored until automated deletion:

  • IP address of the requesting computer

  • Date and time of access

  • Name and URL of the retrieved file

  • Referrer - URL = website from which the access is made

  • Browser used and, if applicable, operating system of your computer

  • Name of your access provider

The purposes of the aforementioned general data collection are:

  • Ensuring a smooth connection of the website

  • Ensuring comfortable use of our website

  • Evaluation of system security and stability

  • Other administrative purposes

The data collection is based on a legitimate interest on our part pursuant to Art. 6 para. 1 p. 1 lit. f) GDPR. Our legitimate interest follows from the aforementioned purposes for data collection. We expressly point out that we do not use data for the purpose of drawing conclusions about your person.

§ 15 Dealing with comments and contributions

If you leave a post or comment on this website, your IP address will be stored. In addition, we store the name and email address you provide. This is done on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR and serves the security of us as website operator: Because if your comment violates applicable law, we can be prosecuted for it, which is why we have an interest in the identity of the comment or post author.

§ 16 Special data collection

(1) Cookies

We use cookies on our site. These are small text files that are automatically created by your browser and stored on your end device (laptop, tablet, smartphone, or similar) when you visit our site. Cookies do not cause any damage to your end device, do not contain viruses, Trojans, or other malware.

In the cookie, information is stored that arises in each case in connection with the specific end device used. However, this does not mean that we gain direct knowledge of your identity.

The use of cookies serves on the one hand to make the use of our offer more pleasant for you. We use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site.

In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your end device for a certain fixed period of time. If you visit our site again to use our services, it is automatically recognized that you have already been with us and which entries and settings you have made, so that you do not have to enter them again.

On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These cookies enable us to automatically recognize that you have already been to our site when you visit it again. These cookies are automatically deleted after a defined period of time.

The data processed by cookies is necessary for the aforementioned purposes to protect our legitimate interests as well as those of third parties pursuant to Art. 6 (1) p. 1 lit. f GDPR.

Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you cannot use all the functions of our website.

(2) Analysis tools

a) Tracking-Tools

The tracking measures listed below and used by us are carried out on the basis of Art. 6 (1) p. 1 lit. f) GDPR. With the tracking measures used, we want to ensure a needs-based design and continuous optimization of our website. Furthermore, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These interests are to be regarded as legitimate within the meaning of the aforementioned provision.

The respective data processing purposes and data categories can be found in the corresponding tracking tools.

b) Matomo

For statistical analysis, we use "Matomo" on this website. This is an open source tool for web analysis. With Matomo, no data is transmitted to servers that are outside of our control. Matomo is disabled when you visit our website. Only if you actively consent, your usage behavior is recorded anonymously.

Matomo uses so-called cookies. These are text files that are stored on your computer and enable us to analyze the use of the website. For this purpose, the information about usage obtained by the cookie is transferred to our server and stored so that usage behavior can be evaluated. Your IP address is immediately anonymized; thus, you remain anonymous as a user. The information generated by the cookie about your use of this website will not be disclosed to third parties.

(3) Embedded media

a) YouTube (videos)

Some media from YouTube are embedded on our website.

When you call up a page of our website that contains such a medium, your browser establishes a direct connection with the YouTube servers. The content is transmitted by YouTube directly to your browser, which then integrates it into the website.

By integrating the media, YouTube receives the information that your browser has accessed the corresponding page of our website, even if you do not have a YouTube account or are not currently logged in to YouTube. This information (including your IP address) is transmitted by your browser directly to a YouTube server in the USA and stored there.

If you are logged in to YouTube, YouTube can assign your visit to our website directly to your YouTube account.

YouTube may use this information for the purposes of advertising, market research and demand-oriented design of the YouTube pages. For this purpose, YouTube creates usage, interest and relationship profiles, e.g. to evaluate your use of our website with regard to the advertisements displayed to you on YouTube, to inform other YouTube users about your activities on our website and to provide other services associated with the use of YouTube.

If you do not want YouTube to assign the data collected via our website to your YouTube account, you must log out of YouTube before visiting our website.

For the purpose and scope of data collection and the further processing and use of data by YouTube, as well as your rights in this regard and setting options for protecting your privacy, please refer to YouTube's privacy policy (https://www.youtube.com/ -> Privacy -> https://policies.google.com/privacy?hl=de&gl=de).

b) Sound Cloud

Plugins of the social network SoundCloud (SoundCloud Limited, Berners House, 47-48 Berners Street, London W1T 3NF, United Kingdom.) are integrated on our website. You can recognize the SoundCloud plugins by the SoundCloud logo on the affected pages.

When you visit our pages, a direct connection between your browser and the SoundCloud server is established after activation of the plugin. SoundCloud thereby receives the information that you have visited our site with your IP address. If you click the "Like button" or "Share button" while logged into your SoundCloud user account, you can link and/or share the content of our pages with your SoundCloud profile. This allows SoundCloud to associate your visit to our pages with your user account. As the provider of the pages, we would like to point out that we have no knowledge of the content of the transmitted data or its use by SoundCloud. For more information, please see the privacy policy of SoundCloud at: https://soundcloud.com/pages/privacy.

If you do not want SoundCloud to associate your visit to our pages with your SoundCloud user account, please log out of your SoundCloud user account before activating SoundCloud plugin content.

(4) Interactive tools

Chapter IV – Processing Framework

§ 17 Purposes and legal bases3

(1) We process personal data in accordance with the provisions of the German Data Protection Regulation (DS-GVO), the German Federal Data Protection Act (BDSG) and the German Telemedia Act (TMG):

a) For the fulfillment of contractual obligations according to Art. 6 para. 1 lit b) GDPR. The processing of data is carried out for the provision of services within the framework of the contractual relationship or for the implementation of pre-contractual measures, which are carried out upon request. The purposes of data processing are primarily based on the respective use of our websites or services. For example, whether contact data is entered in the contact form, orders are placed, or services are used as part of an order.

b) In the context of the balancing of interests pursuant to Art. 6 (1) f GDPR, the processing of personal data is carried out for the purposes of the legitimate interests of the controller or a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child. "Third party" means a natural or legal person, public authority, agency, or other body, other than the data subject, the controller, the processor, and the persons authorized to process the personal data under the direct responsibility of the controller or the processor. The legitimate interests of the controller or a third party are:

  1. Ensuring a smooth connection setup to our IT systems

  2. Ensuring comfortable use of our website and other services

  3. Evaluation of system security and stability

  4. Other administrative purposes

  5. Testing and optimization of demand analysis procedures for the purpose of direct customer contact,

  6. advertising or market and opinion research, unless you have objected to the use of your data,

  7. Assertion of legal claims and defense in legal disputes,

  8. Ensuring IT security and IT operations

  9. Prevention and detection of crime,

  10. Building and facility security measures (e.g., access controls),

  11. Measures to ensure the right of domicile,

  12. Measures for business management and further development of services and products.

  13. for the analysis of the indent

c) Based on your consent pursuant to Art. 6 (1) lit a) GDPR. Insofar as you have given us consent to process personal data for certain purposes (for example, in the context of using the contact form or by transmitting contact data for the use of digital services in particular), the legality of this processing is based on your consent. You can revoke the granted consent to the processing of personal data at any time vis-à-vis us. This also applies to the revocation of declarations of consent given to us before the applicability of the GDPR, i.e. before 25.05.2018. The revocation does not affect the legality of the data processed until the revocation.

d) Due to legal requirements according to Art. 6 para. 1 lit. c) GDPR or in the public interest according to Art. 6 para. 1 lit. e) GDPR. As a company, we are subject to various legal obligations (for example, the BGB, HGB, tax laws, etc.).

§ 18 Data sources and data categories4

(1) We process personal data that we receive from our customers or interested parties within the framework of the contractual relationship on the basis of consent.

(2) In addition, we process - to the extent necessary for the performance of the contractual relationship - personal data that we obtain from publicly accessible sources (for example, debtor lists, land registers, commercial and association registers, press, Internet) or that are transmitted to us by other third parties (for example, information from the population register).

(3) Relevant personal data are personal details (name, company, address) and other contact data (birthday, place of birth, and nationality), legitimation data (for example, ID card data), and authentication data (for example, signature). In addition, this may also include order data (for example, payment order), data from the fulfillment of our contractual obligations (for example, billing data), information about your financial situation (for example, creditworthiness data, the origin of assets), advertising and sales data, documentation data (for example, contact form) and other data comparable with the above categories.

§ 19 Storage duration

(1) We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations. It should be noted that the duration of the storage of personal data for our prospects and customers is always dependent on the individual case. The regular storage period of personal data is, subject to the following notes, 3 years, but a maximum of 10 years after termination of the contractual relationship.

(2) If the personal data are no longer required for the fulfillment of contractual or legal obligations, they are regularly deleted unless their - temporary - further processing is necessary. In this context, further processing may be considered in particular for the following reasons:

a) Fulfillment of retention obligations under commercial and tax law in accordance with the German Commercial Code (HGB) and the German Fiscal Code (AO); the retention and documentation periods specified there are two to ten years.

b) Preservation of evidence under statutory limitation provisions. According to §§ 195 et seq. BGB, these limitation periods can be up to 30 years, with the regular limitation period being 3 years.

§ 20 Obligation to provide the data

(1) The provision of personal data is necessary for the conclusion of the contract for the justification and for the execution or the order.

(2) Failure to provide the data may mean that a contract / order cannot be established.

§ 21 Automated decision making and profiling

(1) In principle, we do not use fully automated decision-making pursuant to Art. 22 GDPR for the establishment and execution of the contract. Should we use these procedures in individual cases, we will inform you about this separately if this is required by law.

(2) Automated processing of your personal data with the aim of evaluating certain personal aspects (profiling, Art. 4 No. 4 GDPR) does not take place at our company. The exception is the classification into target groups (e.g. by topic), for example, for a direct customer approach.

Chapter V - Data transfer and foreign reference

§ 22 Recipients or categories of recipients

(1) Within our company, access to your data is granted to those departments that need it to fulfill our contractual and legal obligations. Service providers and vicarious agents employed by us may also receive data for this purpose if they comply with the applicable confidentiality obligations. These are companies in the categories of IT services, logistics, printing services, telecommunications, debt collection, consulting, and sales and marketing.

A list of our service providers and partners to whom we may transfer personal data in accordance with the provisions of this information can be found in the appendix.

(2) With regard to the transfer of data to recipients outside our company, it should first be noted that our employees are obliged to maintain confidentiality about all contract-related facts and evaluations. We may only pass on information about you if this is required by law, you have given your consent or the information is necessary within the framework of the contractual relationship. Under these conditions, recipients of personal data may be, for example:

a) other companies with which we cooperate
b) Cooperation partner
c) Public bodies and institutions (e.g. authorities),
d) Courts,
e) Opponents and their legal representation in legal disputes.

(3) Other data recipients may be those entities for which you have given us your consent to transfer data.

§ 23 Company with own responsibility

In the course of providing our services (seminars, workshops, etc.), we sometimes use the services of other companies that may also collect and process your data on their own responsibility. As a rule, oose eG has concluded contracts with these companies in order to use their services. Within this framework, links are generated that are made available to you. By calling up the links, you yourself transmit data to the IT systems of the companies without oose being involved or responsible in this transmission or processing. The data protection information and guidelines of the respective companies apply to the use and processing. To exercise your data subject rights in the context of data processing, you must contact the respective companies directly for everything concerning the use of these services.

(1) Mentimeter Online Surveys

We use the service "Mentimeter" to conduct interactive surveys and polls. They recognize the use of Mentimeter by links to the domains "menti.com" "mentimeter.com". The responsible company is: Mentimeter AB, Alströmergatan 22SE-112 47 Stockholm, Sweden. The privacy information (English) is located here: https://www.mentimeter.com/privacy. For more information about Mentimeter's assessment of the autonomy of its data processing, see here: https://www.mentimeter.com/dpa-statement.

§ 24 Third country transfer

Data is transferred to bodies outside the European Union (so-called third countries) if this is necessary for the execution of the contractual relationship, if this is required by law or if you have given us your consent to do so.

For our online events (seminar, webinar, eCoaching) we use, among others, the tools and online platforms listed below, whose operating companies have their headquarters in the USA.

The legal basis for data processing when conducting "online events" is Art. 6 para. 1 lit. b) GDPR, insofar as the events are conducted within the framework of contractual relationships.

If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f) GDPR. Here, too, our interest is in the effective implementation of "online events".

Due to the fact that the EU - US Privacyshield no longer exists and has been declared invalid by the European Court of Justice (ECJ), the current legal basis for the transfer of data to the USA is Art. 49 para. 1, sentence 1 lit. a) GDPR. However, if you do not consent to the use of tools and platforms and thus to the possible transfer of personal data to the USA, please note that you will unfortunately not be able to actively participate in our online events, but we may only be able to provide you with recordings of these events, if available.

We would also like to point out that it is possible that our service providers may be obliged under US law to hand over your personal data to a US authority without a court order to do so. It is also possible that you may not be able to exercise your data subject rights pursuant to Article 12 et seq. GDPR cannot be enforced against companies in the USA, or only to a limited extent.

We have also entered into contracts and agreements with these service providers to protect our and your data within the scope of our possibilities and those given due to the different legal frameworks in the USA and the EU (“standard contractual clauses - SSC).

The responsible party for data processing directly related to the implementation of "online events" is oose eG.

Note: Insofar as you call up the website of the respective company, the corresponding provider is responsible for data processing. Calling up the website is necessary for downloading the software required for use and/or for direct use of the platform. In some cases, an individual access (account) must also be created there. Details on this can be found in the description of the companies below.

All Internet pages of the third-party companies listed here automatically collect information about the IP address, information about the operating system used, further information of the device used (e.g. web browser, language, plugins installed), and the time of access. In addition, all of the companies' websites use cookies to operate and improve the platform. These data and cookies are used exclusively by the companies and not by oose eG.

We may disclose, or you may be required to disclose, data to the following companies in the course of using our services:

(1) Zoom video conferencing system

Purpose of processing

We use the "Zoom" tool (https://zoom.us) to conduct conference calls, online meetings, video conferences and/or webinars (hereinafter: "Online Events"). "Zoom" is a service of Zoom Video Communications, Inc. which is based in the USA.

Zoom's privacy information (in English) can be viewed here: https://zoom.us/privacy/

What data is processed?

You can use "Zoom" if you enter the respective meeting ID and, if necessary, further access data for the meeting directly in the "Zoom" app. It is not necessary to create your own user account with Zoom.

If you do not want to or cannot use the "Zoom" app, then the basic functions can also be used via a browser version, which you can also find on the "Zoom" website.

Various types of data are processed when using "Zoom". The scope of the data also depends on the data you provide before or during participation in an "online event".

The following personal data are subject to processing:

User details: name, phone (optional), email address (optional), password (if "single sign-on" is not used), profile picture (optional), department (optional).

Meeting metadata: Attendee IP addresses, device/hardware information.

For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online event chat.

In the case of dial-up with the telephone: information on the incoming and outgoing call number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be stored.

w You may have the opportunity to use the chat, question or survey functions in an "online event". To this extent, the text entries you make are processed in order to display them in an "online event" and, if necessary, to log them. To enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time via the "Zoom" applications. To participate in an "online event" or to enter the "meeting room", you must at least provide information about your name.

Scope of processing

We use "Zoom" to conduct "online events". If we want to record "online events", we will transparently communicate this to you in advance and - if necessary - ask for consent. The fact of the recording will also be displayed to you in the "Zoom" app.

If it is necessary for the purposes of logging the results of an online event, we will log the chat content. However, this will usually not be the case.

In the case of webinars, we may also process questions asked by webinar participants for the purposes of recording and following up webinars.

If you are registered as a user at "Zoom", then reports on "online events" (meeting metadata, phone dial-in data, questions and answers in webinars, survey function in webinars) can be stored at "Zoom" for up to one month.

The possibility of software-based "attention monitoring" ("attention tracking") that exists in "online event" tools such as "Zoom" is deactivated.

(2) Miro whiteboard

Purpose of processing

We use the tool "Miro" (https://miro.com) of the company "RealtimeBoard, Inc." with headquarters in San Francisco, USA, to create and present content (text, graphics, drawings) in the context of online meetings, trainings and webinars.

Miro's privacy information (in English) can be viewed here: https://miro.com/legal/privacy-policy/

What data is processed?

For the use of Miro within the scope of our service, no installation of software and no registration with Miro is necessary. The software is used exclusively through an Internet browser by opening a hyperlink provided by a representative of oose eG as part of an order or service.

The following personal data are subject to processing:

User details: Name, a pseudonym is also possible (optional)

Scope of processing

All content created or uploaded by you on the Site can and will be used by all participants of the online meeting, webinar or similar. ("Event") and oose eG only for the purpose for which the Event takes place and, if necessary, archived and made available to a closed, internal user group for the purpose of securing the results and optimizing the products and services of oose eG. Do not create or share secret, confidential content or content protected by third-party copyrights. The content created will be stored on servers under the control of a US company in the EU.

(3) Mural whiteboard

Purpose of processing

We use the tool "Mural" (https://mural.co) of the company "Tactivos, Inc." with headquarters in San Francisco, USA, to create and present content (text, graphics, drawings) in the context of online meetings, trainings and webinars.

Mural's privacy information (in English) can be viewed here: https://www.mural.co/terms/privacy-policy

What data is processed?

For the use of Mural within the scope of our service, no installation of software and no registration with Miro is necessary. The software is used exclusively through an Internet browser by opening a hyperlink provided by a representative of oose eG as part of an order or service.

The following personal data are subject to processing:

User details: Name, a pseudonym is also possible (optional)

Scope of processing

All content created or uploaded by you on the Site can and will be used by all participants of the online meeting, webinar or similar. ("Event") and oose eG only for the purpose for which the Event takes place and, if necessary, archived and made available to a closed, internal user group for the purpose of securing the results and optimizing the products and services of oose eG. Do not create or share secret, confidential content or content protected by third-party copyrights. The content created will be stored on servers under the control of a US company in the USA.

(4) Gnowbe Microlearning PlatPurpose of processing

We use the tool "Gnowbe" (https://www.gnowbe.com) of the company "Gnowbe Group Ltd.", headquartered in San Francisco, USA, to create online trainings, online surveys and other microlearning formats and make them available to our customers.

Gnowbe's privacy information (in English) can be read here: https://www.gnowbe.com/privacy-policy/

What data is processed?

To use the Gnowbe Platform, you must create a personal account with Gnowbe. For this purpose, the following data must necessarily be provided:

Name, first name, email address

Further data can be entered optionally, but are not necessary for the use of our offer.

Scope of processing

The information about the training units you use and the results obtained in surveys and tests are used by employees of oose eG to manage and optimize your personal learning path and to improve the products and services.

All content created or uploaded by you on the Site can and will be used by all participants of the online meeting, webinar or similar. ("Event") and oose eG only for the purpose for which the Event takes place and, if necessary, archived and made available to a closed, internal user group for the purpose of securing the results and optimizing the products and services of oose eG. Do not create or share secret, confidential content or content protected by third-party copyrights.

(5) Microsoft Teams

Purpose of processing

We use the Microsoft Teams tool ("Teams") to conduct conference calls, online meetings, video conferences and/or webinars (hereinafter: "Online Events"). Microsoft Teams is a product from the Microsoft Office 365 product suite, and Microsoft's parent company is headquartered in the United States. Microsoft Office365 is software from the company

Microsoft Ireland Operations Limited
One Microsoft Place
South County Business Park Leopardstown
Dublin 18
D18 P521
Irland.

If you need information about Microsoft's processing, we invite you to view the relevant Microsoft statement: https://privacy.microsoft.com/de-de/privacystatement.

What data is processed?

You can use "Teams" if you use the access information provided by oose. It is not necessary to create your own user account with Teams.

If you do not want to or cannot use the "Teams" app, then the basic functions can also be used via a browser version, which you can also find on the "Teams" website.

Various types of data are processed when using "Teams". The scope of the data also depends on the data you provide before or during participation in an "online event".

The following personal data are subject to processing:

User details: name, phone (optional), email address (optional), password (if "single sign-on" is not used), profile picture (optional), department (optional).

Meeting metadata: Attendee IP addresses, device/hardware information.

For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online event chat.

In the case of dial-up with the telephone: information on the incoming and outgoing call number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be stored.

Text, audio and video data: You may have the opportunity to use the chat, question or survey functions in an "online event". To this extent, the text entries you make are processed in order to display them in an "online event" and, if necessary, to log them. To enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time via the "Zoom" applications. To participate in an "online event" or to enter the "meeting room", you must at least provide information about your name.

Scope of processing

We use "teams" to conduct "online events". If we want to record "online events", we will transparently communicate this to you in advance and - if necessary - ask for consent.

If it is necessary for the purposes of logging the results of an online event, we will log the chat content. However, this will usually not be the case.

In the case of webinars, we may also process questions asked by webinar participants for the purposes of recording and following up webinars.

If you are registered as a user at "Teams", then reports about "Online Events" (meeting metadata, phone dial-in data, questions and answers in webinars, survey function in webinars) can be stored at "Teams".

(6) GotoMeeting / GotoTraining

We use the tools "GotoMeeting" "GotoTraining" to conduct conference calls, online meetings, video conferences and/or webinars (hereinafter: "Online Events"). "GotoMeeting" and "GotoTraining" are services of LogMeIn, Inc. headquartered in Boston, USA.

Zoom's privacy information can be viewed here: https://www.logmeininc.com/de/trust/privacy

What data is processed?

To use GotoMeeting or GotoTraining, you need to download and install the corresponding app from the manufacturer. It is not necessary to create your own user account.

Various types of data are processed when using the services. The scope of the data also depends on the data you provide before or during participation in an "online event".

The following personal data are subject to processing:

User details: name, phone (optional), email address (optional), password (if "single sign-on" is not used), profile picture (optional), department (optional).

Meeting metadata: Attendee IP addresses, device/hardware information.

For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online event chat.

In the case of dial-up with the telephone: information on the incoming and outgoing call number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be stored.

Text, audio and video data: You may have the opportunity to use the chat, question or survey functions in an "online event". To this extent, the text entries you make are processed in order to display them in an "online event" and, if necessary, to log them. To enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time via the "Zoom" applications.

To participate in an "online event" or to enter the "meeting room", you must at least provide information about your name.

Scope of processing

We use "GotoMeeting" and "GotoTraining" to conduct "online events". If we want to record "online events", we will transparently communicate this to you in advance and - if necessary - ask for consent. The fact of recording will also be displayed to you in their user interface.

If it is necessary for the purposes of logging the results of an online event, we will log the chat content. However, this will usually not be the case.

In the case of webinars, we may also process questions asked by webinar participants for the purposes of recording and following up webinars.

If you are registered as a user with "GotoMeeting" or "GotoTraining", then reports on "online events" (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) can be stored with the provider.

(7) Gathertown

Purpose of processing

We use the tool "Gathertown" to promote an exchange between participants of an online event. "Gathertown" is a service of Gather Presence Inc. headquartered in San Francisco, USA.

Gathertown's privacy information can be viewed here: https://www.gather.town/privacy-policy

What data is processed?

To use Gathertown, you need to visit the corresponding website. It is not necessary to create your own user account.

When using the services, various types of data are processed. The scope of the data also depends on the data you provide before or during participation in a "Gathertown event".

The following personal data are subject to processing:

User details: username, email address
Text, audio, and video data: You can communicate with other participants via text, audio, or video in an "online event".

Scope of processing

We use "Gathertown" to conduct "online events".

(8) Docu Sign

Purpose of processing

We use the tool "DocuSign" (https://www.docusign.de/) of the company "Docusign International (EMEA) Ltd" based in Dublin, Ireland, and the parent company DocuSign in San Francisco, USA, to sign documents electronically and online.

DocuSign's privacy information can be viewed here: https://www.docusign.de/unternehmen/datenschutz

What data is processed?

If we require an (electronic) signature on a document from you, we will provide this to you via DocuSign if necessary and submit it for signature.

The following personal data are subject to processing:

User details: name, email address

Scope of processing

DocuSign and oose use the data exclusively to perform the signature process and to ensure trustworthiness. DocuSign also uses some data to optimize its services and to ensure operation, the details of which can also be found in the above-mentioned privacy information of DocuSign.

(9) Calendly

Purpose of processing

We use the tool "Calendly" (https://calendly.com) of the company "Calendly LLC" with headquarter in Atlanta, USA, in order to be able to quickly and easily set appointments for meetings, events and meetings.

The data protection information of Calendly (in English) can be viewed here: https://calendly.com/privacy/ and the order data processing in the form of a Data Processing Addendum here: https://calendly.com/dpa.

What data is processed?

For the use of Calendly as part of our service, no installation of software and no registration with Calendly is necessary. The software is used exclusively through an internet browser.

The following personal data are subject to processing:

User details: name, email
Scope of processing

All content created or uploaded by you will be used by oose eG only for the purpose of making appointments and, if necessary, archived to secure the results and to optimize the products and services of oose eG.

Do not create or share secret, confidential content or content protected by third-party copyrights. The created content will be stored on servers under the control of a US American company.

Chapater VI – Data subject rights

§ 25 Special data protection rights

(1) Every data subject has the right to information pursuant to Art. 15 GDPR, the right to rectification pursuant to Art. 16 GDPR, the right to erasure pursuant to Art. 17 GDPR, the right to restriction of processing pursuant to Art. 18 GDPR and the right to data portability pursuant to Art. 20 GDPR. Every data subject has the right to object according to Art. 21 GDPR.

(2) With regard to the right to information and the right to deletion, the restrictions pursuant to §§ 34 and 35 of the German Federal Data Protection Act (BDSG) shall apply.

§ 26 Right of appeal

In addition to the previous information, you have a right of appeal to a competent data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG).

§ 27 Revocation of consent

(1) You may revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent given to us before the applicability of the GDPR, i.e. before 25.05.2018.

(2) Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected.

Chapter VII – Amendment of privacy statements and privacy information

Data protection law in particular is very much in flux. Due to this and in order to ensure that our privacy policy always complies with the current legal requirements, we reserve the right to change this privacy policy at any time. This also applies in the event that the data protection declaration has to be adapted due to new or revised services, for example new services. The new data protection declaration will become valid with the next contract following the change, use of our services or visit to our Internet pages.

Information about your right to object according to Art. 21 GDPR

§ 1 Right to object to the processing of data for direct marketing purposes

1) Pursuant to Art. 21 GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you, which is carried out on the basis of Art. 6(1)(e) GDPR (data processing in the public interest) and Art. 6(1)(f) GDPR (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.

(2) If you object, your personal data will no longer be processed unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms. The processing serves to assert, exercise, or defend legal claims.

§ 2 Widerspruchsrecht gegen eine Verarbeitung von Daten für Zwecke der Direktwerbung

(1) In individual cases, we process your personal data for the purpose of direct marketing. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising.

(2) If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

The objection can be made form-free and be directed to:

oose eG
Schomburgstraße 50
22767 Hamburg
Telefon: +49 40 414250-0
E-Mail: info@oose.de

Stand: 10. Februar 2023