DATA PRIVACY STATEMENT

From §11 for users of the Videoconferencing and Collaboration Platform CISCO Webex

DATA PROTECTION DECLARATION
 

§ 1 Information on the collection of personal data

In the following, we provide information about the collection of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, email addresses, user behaviour. The controller pursuant to Art. 4 (7) of the EU General Data Protection Regulation (GDPR) is PLATH GmbH & Co. KG, Gotenstraße 18, 20097 Hamburg (see also under Imprint). You can contact our data protection officer at datenschutz@plath.de or at our postal address with the addition "the data protection officer". Contact form: For questions of any kind, we offer you the opportunity to contact us using a form provided on the website. It is necessary to provide a valid e-mail address so that we know who sent the enquiry and can respond to it. Further information can be provided voluntarily. Data processing for the purpose of contacting us is carried out in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR on the basis of your voluntarily given consent. The personal data collected by us for the use of the contact form will be automatically deleted after your enquiry has been dealt with.

If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail below about the respective processes. We will also state the specified criteria for the storage period.
 

§ 2 Your rights

You have the following rights with regard to the personal data concerning you:

- Right of access,

- Right to rectification or erasure,

- Right to restriction of processing,

- Right to object to processing,

- right to data portability.

You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us. You can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.
 

§ 3 Collection of personal data when visiting our website

When using the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR):

- IP address

- Date and time of the enquiry

- Time zone difference to Greenwich Mean Time (GMT)

- Content of the request (specific page)

- Access status / HTTP status code

- Amount of data transferred in each case

- Website from which the request originates

- browser

- Operating system and its interface

- Language and version of the browser software.

This data is only stored temporarily and is automatically deleted after a short time.

In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using and through which certain information flows to the organisation that sets the cookie (in this case, us). Cookies cannot execute programmes or transfer viruses to your computer. They are used to make the website more user-friendly and effective overall.

This website uses the following types of cookies, the scope and function of which are explained below: Transient cookies. Transient cookies are automatically deleted when you close the browser. These include session cookies in particular. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognised when you return to our website. The session cookies are deleted when you close your browser. of user profiles. These purposes also constitute our legitimate interest in the processing of personal data in accordance with Art. 6 para. 1 lit. f GDPR.

You can configure your browser settings according to your wishes and, for example, refuse to accept third-party cookies or all cookies. We would like to point out that you may not be able to use all functions of this website.

 

§ 4 Collection of personal data when using the career portal

If you would like to apply for a job in a PLATH Group company via our website, it is necessary to provide and transmit certain personal data via the contact form provided.

If you apply for an advertised position, your data will only be processed for the purpose of applying for this specific position. Once this position has been filled and a period of 6 months has elapsed, this data will be deleted.

If you send us a speculative or unsolicited application via the career portal, your data may be viewed by HR managers who have vacancies to fill and by HR advisors. We will contact you and invite you to apply if your profile matches a vacant position. This data will also be deleted after a period of 6 months, unless you have specified otherwise in your application.

The data you enter will be temporarily stored in a database on the web server § 5 Objection or revocation against the processing of your data

If you have given your consent to the processing of your data, you can revoke this at any time. Such a revocation affects the permissibility of the processing of your personal data after you have given it to us. Insofar as we base the processing of your personal data on the balancing of interests, you can object to the processing. This is the case if, in particular, the processing is not necessary for the fulfilment of a contract with you, which is described by us in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either discontinue or adapt the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing. Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us of your objection to advertising using the following contact details: PLATH GmbH & Co. KG, Gotenstraße 18, 20097 Hamburg, datenschutz@plath.de, see also under Imprint.

 

§ 6 Data security

We use the widespread SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser when you visit our website. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can recognise whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser. We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
 

§ 7 Web Analytics

We use the web analysis service Matomo to analyse and regularly improve the use of our website. The statistics obtained enable us to improve our offer and make it more interesting for you as a user. The Matomo software and the data collected with Matomo are operated, stored and processed exclusively on our own servers.

We use Matomo with an extension to anonymise IP addresses. This means that the IP addresses are further processed in abbreviated form and a direct personal reference is excluded. Your IP address collected in this way is neither merged with other data collected by us nor passed on to third parties.

If you do not agree with the anonymous storage and evaluation of the data, you can

with the anonymous storage and analysis of the data, you have the option to object to this at any time with a click of the mouse. An opt-out cookie will then be set in your browser with the result that Matomo will no longer collect session data. To do this, you must follow this link to our cookie consent banner www.plath.de/de/, click the "Change settings" button and set the Matomo slider at the bottom to inactive under "Measurement". Finally, "Save+Exit" at the bottom.

 

§ 8 Social networks

Our website does not use any social media plugins. Social media plugins such as the Like button are small buttons, e.g. under articles, with which the user can share them with others in a practical way, without having to click on them.

 

§ 9 Data portability

You have a right to data portability if the processing is based on your consent (Art. 6 para. 1 sentence 1 letter a) or Art. 9 para. 2 letter a) GDPR) or on a contract to which you are a party and the processing is carried out using automated procedures. In this case, the right to data portability includes the following rights, provided that this does not adversely affect the rights and freedoms of others

You may request to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format.

You have the right to transmit this data to another controller without hindrance from us.

Where technically feasible, you can request that we transfer your personal data directly to another controller.
 

§ 10 Up-to-dateness

Up-to-dateness and amendment of this privacy policy. This Privacy Policy is currently valid and was last updated in November 2020. It may become necessary to amend this Privacy Policy as a result of the further development of our website and services or due to changes in legal or official requirements. You can access and print out the current privacy policy at any time on the website at www.plath.de/de/datenschutz/.



§ 11 In the following, we provide information about the collection and processing of personal data     when using "Cisco Webex".

Personal data are all data that can be related to a natural person, for example name, address,
e-mail addresses, user behaviour and photographic images.

§ 12  The Cisco Webex platform is used:

  • for conducting video conferences or online meetings,
  • for communication via the chat function.

The Cisco Webex platform also offers other functions for active users (PLATH employees):

  • Teams,
  • Contacts,
  • Calls.

§ 13  Responsible pursuant to Article 4 Paragraph 7 EU General Data Protection Regulation (GDPR) is:

PLATH Corporation GmbH
Gotenstraße 18
20097 Hamburg
Germany

Phone +49 40 237 34 – 0
Fax     +49 40 237 34 – 222

infonoSpam@noSpamplath.de
www.plathgroup.com

Our Data Protection Officer may be reached via datenschutznoSpam@noSpamplath.de or via our postal address with the addition of “The Data Protection Officer”.


§ 14  The following data is collected and processed:

When conducting online meetings/video conferences, personal data is collected that your     browser transmits to the server. This data is technically necessary to display the website and to ensure stability and security:

  • User name and email address,
  • Meeting data such as the topic and description,
  • IP addresses of participants,
  • participants' device and hardware information,
  • for recordings, all video and audio recordings,
  • History and content of online meeting chats.

The following personal data are subject to processing:

  • User details: picture and sound, profile picture, department,
  • Display of own screen (e.g. content of shown documents),
  • Statements of the immediate environment (depending on the camera position).

When users dial in to participate in the online meeting by telephone:

  • the telephone number,
  • the country,
  • IP addresses of the devices, if applicable.

When using the function "Messages" for the execution of the communication via chat the following data is collected:

  • Name and first name of the participants,
  • Date and time of data transmission,
  • Content of the chat communication.


§ 15  Purpose and legal basis of data processing

The purpose of the data processing is to ensure and carry out the communication via video conferences and chats.

The legal basis for this data collection is Article 6 Paragraph 1 p. 1 lit. f GDPR. We process the data for the implementation or justification of contractual measures.

By participating in the online meeting and taking note of the data protection information you consent by conclusive action to the processing of the personal data that arises. As a participant in the meeting, you have the option of making your own data protection settings yourself. This includes, as an example, the fading out of the camera.


§ 16  Categories of recipients

Personal data which are processed with the participation in "Online Meetings", will not be passed on to third parties.

The provider of the Cisco Webex platform necessarily receives knowledge of the above-mentioned data.

 

§ 17  Data transfer to a third country

The video conferencing provider provides the service from the USA. The processing therefore also takes place in a third country.

It should be noted that the EU Commission has not generally determined an adequate level of data protection for the USA. The data may be subject to access by security authorities without adequate legal remedies. However, EU standard contractual clauses plus further implementation measures are applied as a basis for the transfer of data.

For the execution of "Online Meetings" data centers in Europe will be used. The personal data is therefore on servers in Europe. Nevertheless, it cannot be ruled out that U.S. authorities, based on the CLOUD Act, accessing data stored on EU servers.

When using the function "Messages" to communicate via chat, servers in the USA are used and the chat histories are also stored there.

 

§ 18  Storage period

Personal data collected during the use of Cisco Webex will be deleted after 30 days.


§ 19  Rights of the data subjects

You have the following data subject rights under the GDPR:

  • Right to information (Article 15 GDPR) to your personal data,
  • Right to correction or deletion (Article 16, 17 GDPR),
  • Right to limitation of processing (Article 18 GDPR),
  • Right to objection to processing (Article 21 GDPR),
  • Right to data portability (Article 20 GDPR).

You also have the right to complain to a Data Security Supervisory Authority about our processing of your personal data. To this end, you may contact the Supervisory Authority of your usual place of residence or workplace or of our corporate domicile.

Right of withdrawal

If the processing of data is based on your consent, you have the right to revoke your consent to the use of your personal data at any time in accordance with Article 7 GDPR. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected.

Obligation to provide personal data

There is no legal or contractual obligation to provide your personal data. However, you may be excluded from participating in "online meetings" if you do not provide the mandatory data. Should this be the case, you have the alternative of requesting contact by telephone.


§ 10  Automated decision-making

There is no automated decision-making in the sense of Article 22 I and IV GDPR.

 

Hamburg, 2023