Privacy policy - AGYA

Privacy policy

The Berlin-Brandenburg Academy of Sciences and Humanities offers a digital event platform with the help of which event participants (hereinafter also referred to as: users) can visit virtual events or participate as speakers or exhibitors, provide information for other participants, exchange information with them and network. This data protection declaration provides information on the processing of personal data relating to the use of the event platform and the services associated with it.

The protection of your personal data has top priority for us. The aim of this privacy policy is therefore to inform you as a user of the event platform in a transparent manner,

  • when we collect or process which personal data,
  • why this happens,
  • how we handle your data,
  • when and how these data are deleted and
  • what rights you have as a data subject,

so that you can assess the admissibility of the data processing. As the body responsible under the data protection regulations, we undertake to protect the personal data and privacy of users and to treat them confidentially. The collection, storage, modification, transmission, blocking, deletion and use of personal data is based on the applicable legal provisions, in particular the General Data Protection Regulation (GDPR).

User data is protected by technical and organisational measures against access by unauthorised persons, accidental or deliberate manipulation, destruction or loss.

Responsible

Responsible in terms of the applicable data protection laws is

Berlin-Brandenburg Academy of Sciences and Humanities
Rudower Chaussee 12, 12489 Berlin

Telefon +49 (0)30 1208 434 0
E-Mail: bbaw@bbaw.de

I. Defnition and lawfulness of processing

“Participants” in the sense of this privacy policy are the active users of the event platform, e.g. visitors, speakers or other participants.

The processing of personal data is lawful only if there is a legal basis for the processing. According to Art. 6 para. 1 sentence 1 lit. a ) – f) GDPR, the legal basis for processing may be, in particular

a. the data subject has given his or her consent to the processing of personal data relating to him or her for one or more specified purposes;
b. the processing is necessary for the performance of a contract to which the data subject is party or in order to implement pre-contractual measures taken at the request of the data subject;
c. the processing is necessary for compliance with a legal obligation to which the controller is subject
d. the processing is necessary in order to protect the vital interests of the data subject or of another natural person
e. the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
f. the processing is necessary in order to protect the legitimate interests of the controller or of a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child

II. Contact

If you have any questions regarding data protection, you can contact us by mail or post with the addition “data protection”:

If you contact us by e-mail or post, we will save your name, e-mail or postal address and telephone number, if you have name them, so that we can reply to you. If the correspondence with you is completed, i.e. if the storage of data is no longer necessary, we will delete the data immediately or limit the processing. The legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. a) GDPR.

III. Data processing when using the event platform

By using our event platform, connection data can be collected automatically in addition to the data you provide yourself.
1. Data that can be collected automatically
a) Access data
By using our event platform, information of a technical nature is automatically transmitted from your end device to our server and temporarily stored there, so-called log files. These data can include in particular

  • the IP address,
  • the browser used,
  • the operating system of the terminal device used,
  • the network,
  • the date and time of the recall,
  • the website from which the request comes,
  • or the transmitted data volume.

We need this data to enable you to provide the functions of the event platform and to ensure its stability and security. It is stored for a maximum of seven days and then deleted, unless a threat has been identified by the user. This data processing is carried out in accordance with Art. 6 Para. 1 S. 1 lit. f) GDPR in order to safeguard our predominantly legitimate interest in the correct presentation of our services in the context of a weighing of interests.
b) Local storage and cache
In order that the software can be adapted to your personal needs and use, we use local storage technology (also called “local data” or “local storage”). When local storage is used, data is stored locally in the cache of your browser, which continues to exist and can be read out even after closing the browser window or exiting the program – as long as you do not delete the cache. This enables us to store your preferences when using our services on your computer so that they are available when you visit us again. The following information can be stored as local data:

  • your last login name,
  • the language you use,
  • your chat messages,
  • your contact requests,
  • the list of participants of your event,
  • your filter settings.

Third parties cannot access the data stored in the local storage. They are not passed on to third parties and are not used for advertising purposes. We use this technology on the basis of our overriding legitimate interest in accordance with Art. 6 Para. 1 S. 1 lit. f) GDPR to be able to offer you a user-friendly user experience.

If you do not want local storage functions to be used, you can control this in your browser settings in the operating system. This will also give you an overview of the stored local data. Corresponding local storage functions can also be deactivated on mobile devices. You can find out how this works in the help function of your device or browser. Please note, however, that it may not be possible to use all the functions of our services.

2. Data provided by the participant

Sharing information and contact details among participants is the nature of our digital event platform. By registering on the platform, completing your profile data, leaving comments, taking part in voting and exchanging messages, you are passing on personal data, the processing of which we will explain to you below. If this data is not required for the provision and optimisation of our services or the processing of this data is not required by law, we do not process it beyond simply storing it on the servers of our service providers.
a) Registration data
To use our event platform, the creation of a user account is required. Your name and e-mail address must be entered (mandatory information). In principle, there is no obligation to give your name, i.e. you are not forced to reveal your true identity, but you can also choose a pseudonym (“nickname”). Please note that we may require you to register to use the services or to log in with a nickname. This data processing is carried out for the purpose of fulfilling the user contract via our event platform so that you can use it. The legal basis is Art. 6 para. 1 sentence 1 lit. b) GDPR.

You may also voluntarily add other information to personalise your profile, such as title, date of birth, telephone number, address, profession or company. This data processing takes place on the basis of your voluntarily given consent in accordance with Art. 6 Para. 1 S. 1 lit. a) GDPR.
b) Communication data
Our event platform offers you the possibility to communicate with other participants in the feed during an event, to take part in voting, to give your feedback on the lectures or to communicate with other participants via the chat in the networking area (please note our terms of use). Depending on which functions you use and whether you have registered with a pseudonym or your real name, the following personal data is processed:

• clear name or pseudonym (“nickname”)
• Comments left by you in the feed of an event
• Your participation in votes
• Your chat messages in the networking area
• Photos uploaded by you

These are core functionalities of our event platform, which you as a participant do not necessarily have to use. However, if you decide to use these functions, your personal data will be processed in this context on the basis of your voluntarily given consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR.
The photos stored on your terminal or the camera of your terminal will never be accessed without your prior consent. Even with your consent, only the photo you have selected will be accessed, never your entire library. You can revoke or reinstate your consent at any time in the future using the contact details provided in this Privacy Policy or directly in the settings of your device.
If you wish to delete your user account, your posted content and comments will remain in the feed. However, your user name or your first and last name will be anonymised in every feed or comment and usually displayed as “deleted user”. If you wish to have specific content shared by you deleted, please contact our data protection officer named in this privacy policy.
c) Data analysis
Functions integrated in the event platform help to collect, organize and analyze data to make relevant information usable, e.g. how many participants watch a presentation and participate in surveys. This data processing is carried out in the context of providing the services of the event platform and mostly in an anonymous way. The data processing, which is carried out within the framework of the analysis of our event platform use, serves the following purposes:

  • Production of statistics
    We collect anonymous information about speakers, events and contributions that you like, as well as information about how you interact with other users on our event platform, such as information about the number of people or accounts that have accessed or remembered events. We collect this information (subject to your selection) to provide anonymous statistics on how participants interact with the event platform
    We also collect data on the number of contact and appointment requests that you make and arrange with lecturers or other participants. We use this data, for example, to increase the efficiency of networking at events.
  • Voting and feedback function
    We collect information about questions you ask during a presentation, feedback you give after a presentation or votes you participate in. These questions are usually controlled and managed by us or the presenter (i.e. the person who sent or provided the survey). Collected data is first aggregated and made anonymous. The data from a vote can be introduced into the discussion during a presentation and the result of the survey can be viewed by all active participants of the presentation. The data is collected in order to optimise the participant experience and to identify or track industry trends. You can decide whether or not your data should be included in this function. To do so, you can always choose to abstain when voting or giving feedback. If you participate in voting during a presentation or in feedback after an event, we may collect data resulting from a statistical analysis in addition to the information you provide in your user account. This data processing takes place on the basis of your voluntarily given consent, the legal basis is Art. 6 para. 1 sentence 1 lit. a) GDPR.

d) Sending of advertising
We use personal data to inform you about upcoming events and other news about our company, for example in the form of an e-mail newsletter, if you have given your prior consent to this use.
You can revoke your consent to the sending of advertising to us at any time for the future.
This data processing takes place on the basis of the consent given, the legal basis is Art. 6 para. 1 sentence 1 lit. a DSGVO.

IV. Data processing when using the WebView App

In addition to using the software on your desktop, we also provide a corresponding WebView App, which you can download from an App Store on your mobile device.

1. Download the app
Data that is transferred by you to the App Store as part of the download, such as your payment information, is collected and processed by the respective App Store operator as the person responsible. In this context we refer you to the data protection declaration of the respective App Store operator.

2. Web Analysis Tools
We use so-called web analysis tools in our app. With the help of these tools we collect data regarding the behaviour of the App users and use the analysis of this data to optimise our services. For example, we want to know how many users use our app, which functions interest them most and where there is room for improvement. The aim of using web analysis tools is therefore to maximise the usability of our app.
The analysis tools identify individual users, but since the data is regularly collected in a purely statistical and anonymous form, it is not possible to identify the user personally.

We use the service “Application Insights” in our app. Application Insights is a service of the Azure cloud platform from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”). This service collects telemetry data of the application in use. This data is anonymous statistical data. It is not possible to establish a personal reference based on this data. The IP address used by the user is shortened and thus made anonymous.
Microsoft describes in detail on the following page what Application Insights does, which data is processed and how long it is stored: https://docs.microsoft.com/de-de/azure/application-insights/app-insights-data-retention-privacy
Further information from Microsoft on the subject of data protection and Azure can be found at: http://azure.microsoft.com/de-de/support/trust-center/privacy/

Application Insights enables us to monitor and improve the execution of our programs and Internet services. Application Insights gives us access to charts and tables that show, for example, at what times of day user interest is particularly high, how well the app responds and how well it is supplied by external services on which it may be dependent. In the event of malfunctions, errors or performance problems, we can search the telemetry data in detail to determine the cause of the error. You can disable the transmission of data in Application Insights via the settings in your app.

This data processing in connection with the web analysis tools is based on our predominant legitimate interest in constantly optimising the execution of our app and offering it to our users with high availability and quality. The legal basis is Art. 6 para. 1 sentence 1 lit. f) GDPR.

V. Data processing in the context of video conferences

Beta Verlag & Marketinggesellschaft offers on its digital event platform the possibility to visit virtual events via video conference or to participate in them as a speaker or exhibitor, to provide information for other participants, to exchange information with them and to network. This section of the Privacy Policy provides information on the processing of personal data in connection with participation in video conferences via the event platform.
We use the services of various providers (hereinafter also referred to as “Service Providers”), such as “Zoom” (a service provided by Zoom Video Communications, Inc., 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA) to hold video conferences via our event platform. The User shall be informed of the name of the respective Service Provider used before participating in a video conference (e.g. by the company logo of the Service Provider being displayed). With regard to the processing of personal data by the respective provider, we refer to the provider’s applicable data protection information, which the user can view on the provider’s website (e.g. the provider’s data protection declaration Zoom Video Communications, Inc. can be found here: https://zoom.us/de-de/privacy.html).
The person responsible for data processing directly related to the execution of a video conference is Beta Verlag & Marketinggesellschaft. If you access the website of one of the providers, that provider is responsible for data processing.

1. Data processing during participation in video conferences
When participating in video conferences, the extent to which your personal data is processed depends on the personal data you provide before or during participation. The following personal data can be processed in this context:

a) User details: first name, surname, if applicable pseudonym (nickname), telephone (optional), e-mail address, password (if “Single-Sign-On” is not used), profile picture (optional), company name (optional)
b) Videoconference metadata: Subject, description (optional), participant IP addresses, device/hardware information
c) When recording videoconferences: MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the video conference chat.
d) When dialling in by telephone: information on incoming and outgoing telephone number, country name, start and end time. If necessary, other connection data such as the IP address of the machine can be saved.
e) Text, audio and video data: You may be able to use the chat, question or survey functions in a video conference. In this respect, the text entries you make are processed in order to display and, if necessary, record them in the video conference. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device as well as from any video camera of the terminal device will be processed for the duration of the conference. You can switch off or mute the camera or microphone yourself at any time using the service provider’s settings.

2. Scope of the processing of your personal data
We use the services of providers to conduct video conferences. If we intend to record a videoconference, we will inform the participant before the videoconference is held and, if necessary, obtain their consent.
If necessary for the purposes of logging the results of a video conference, we will log the chat content
For the purpose of recording and follow-up of video conferences we can also process the questions asked by the participants.
If you are registered as a user with the service provider, reports on videoconferences (meeting meta data, dial-in data, questions and answers in videoconferences, survey function in videoconferences) can be stored with the service provider for up to one month.
The possibility of software-based “attention monitoring” (“attention tracking”) in video conferences is deactivated in advance.

3. Legal bases of data processing
The data processing during the execution of video conferences is carried out for the purpose of fulfilling the contract for the use of our event platform. The legal basis is Art. 6 para. 1 sentence 1 lit. b) GDPR. Insofar as a video conference is recorded together with the course of the chat, your personal data is processed on the basis of the consent you have given in accordance with Art. 6 Para. 1 S. 1 lit. a) GDPR

4. Passing on of personal data
Personal data that is processed in connection with participation in video conferences is generally not passed on to third parties unless it is specifically intended for passing on. Please note that the content of video conferences is intended for the exchange of information and is therefore intended to be passed on.
In addition, the service provider necessarily obtains knowledge of the above-mentioned personal data of the participants, insofar as this is provided for in the context of our order processing contract with the service provider.

5. Data processing outside the EU
We may use the services of providers based in the USA or another third country (such as Zoom). We have concluded a contract with the service provider that meets the requirements of Art. 28 GDPR. In addition, an adequate level of data protection is guaranteed by the “Privacy Shield” certification of the service provider. Further information on data processing by the service provider can be found on their website (e.g. the data protection declaration of the provider Zoom Video Communications, Inc. can be found here: https://zoom.us/de-de/privacy.html).

VI. Your rights

In the following we inform you about the rights you are entitled to in connection with the protection of your personal data and how you can assert these rights. If, for example, you wish to correct or delete personal data with which you have registered, please contact the person responsible at the organiser.

1. Information, Art. 15 GDPR
You may at any time request to know whether personal data relating to you is being processed and if so, to be informed:
why this is being done, the categories of data processed, to whom the data are disclosed, how long they are stored or the criteria used, whether there is a right to rectify or erase data concerning you or to limit or object to the processing (see 7.), the supervisory authority with which you have a right of appeal and the guarantees for the transfer of data to a third country.

2. Corrigendum, Art. 16 GDPR
If any personal data concerning you is incorrect or incomplete, you may request that it be corrected or completed without delay.

3. Transferability, Art. 20 GDPR
You may request a copy of the personal data you have provided and request that it be transferred to another responsible party.

4. Restriction of processing, Art. 18 GDPR
You may request that the processing of personal data concerning you be restricted, if you have disputed its accuracy or objected to its processing, for the time necessary to verify its accuracy or to weigh up the grounds for objection. You may also request this if the data is no longer necessary for the purposes described but you need it to assert or defend your rights.
We then ensure that the data is still present but has been removed from our processing system and can no longer be processed. You will be informed in good time if the restriction is lifted again.

5. Deletion, Art. 17 GDPR
If your personal data are no longer required for the purposes described in each case, if you have objected to the processing or revoked any consent given for processing and if there is no other legal basis, you have the right to demand the immediate deletion of the data (“right to be forgotten”). The same applies if the data have been processed unlawfully, unless you object to their erasure and instead request their restriction of use.
However, if data processing is necessary to fulfil a legal obligation, your data will not be deleted. In such cases, however, we will restrict their processing. We proceed in the same way if the data is required for the assertion or defence of legal claims.

6. Complaint, Art. 77 GDPR
You also have the right to complain to a data protection supervisory authority about the processing of your personal data. The data protection supervisory authority responsible for us is: Landesbeauftragte für Datenschutz und Informationsfreiheit NRW, Kavalleriestr. 2-4, 40213 Düsseldorf.
A list of all data protection supervisory authorities can be found under the following link:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

7. Opposition according to Art. 21 GDPR and revocation
You may at any time object to the processing of personal data concerning you, which is carried out to protect legitimate interests. This is particularly the case if the processing is not necessary for the performance of a contract. When exercising your right to object, you should explain the reasons why your personal data should not be processed as performed. Your interest in stopping data processing must therefore outweigh the interest in processing. This may result from your particular situation. In the event of a justified objection, we will examine the situation and either stop or adapt the data processing or show you the compelling reasons for continuing the processing that merit protection. You can revoke your consent to the processing of your data at any time.

8. Data security
We have taken technical and organisational security measures to prevent unwanted access to your data. In particular, we encrypt any transfer according to the SSL/TLS standard in connection with the highest encryption level supported by your browser or terminal device. We have obligated our employees to handle personal data confidentially and carefully. Furthermore, all service providers have been checked by us. In accordance with our internal data protection concept, we also use suitable technical and organisational security measures to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

9. Processing purpose overview/summary
In order to better understand and facilitate the assertion of possible rights, we have listed here the type of data processed when using our event platform as well as their purposes, and at the same time have explained the legal basis on which they are based.

Fast geschafft! Bitte bestätigen Sie Ihre E-Mail

Herzlichen Dank für Ihr Interesse! Wir haben Ihnen eine Bestätigungsmail zugesendet, um sicherzustellen, dass Ihre Mailadresse korrekt eingetragen wird. Bitte prüfen Sie Ihr Mail-Postfach und klicken sie auf den Bestätigungslink. Sollten Sie keine Mail finden, schauen Sie bitte auch im SPAM-Ordner nach.