Data protection information: social media
For the purpose of promoting our business activities and advertising our offers, we maintain presences in social networks as well as on comparable platforms. The processing of your data in this context is based on our legitimate interests pursuant to Art 6 (1) (f) GDPR, which are to increase our reach and to provide users of social networks and platforms with additional information and communication channels (for the "right to object", see "Your rights"). In order to best achieve these purposes, reach measurement (access statistics, recognition of returning users, etc.) may be carried out within the framework of the offer of the respective service provider. In the course of accessing one of the online presences illustrated below, we process the general information that is evident from your profile with the respective provider and, if applicable, further inventory data, contact data or content data, insofar as you make these available to us by interacting with our respective online presence and its content. We do not store this data separately outside the respective social network. Since we decide jointly with the respective provider (or the entity otherwise designated as responsible) on the purposes and means with regard to the data processing that takes place within the scope of our respective online presence, joint responsibility within the meaning of Article 26 of the GDPR applies in each case. In this context, the provider of the respective platform is the central contact for all general and technical questions in connection with our online presence; this also applies to the fulfilment of data subject rights. However, if enquiries concern the actual operation of our online presence, your interactions with it and the information published/collected about it, we are the primary contact; your rights and the other statements in this data protection declaration apply accordingly.
Tracking and analysis tools
Conversion tracking is used on the website as part of our social media presence. Conversion tracking, or visit action analysis, allows us to track the behaviour of users after they have been directed to our website by clicking on a link. This procedure is used to evaluate the effectiveness of marketing campaigns for statistical and market research purposes and can help to optimise future advertising measures. The data collected by our tracking and analysis tools does not offer any inferences about your identity. However, the data is stored and processed by the companies listed below, so that a connection to the respective user profile is possible and these companies can use the data for their own advertising purposes, in accordance with the respective data usage policy. Furthermore, a cookie or pixel may be stored on your computer for these purposes. (further information can be found under “Information on data protection: Homepages of F.Trenka”).
Social Media platforms
From a data protection perspective, the social network "Facebook" is the responsibility of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Meta Ireland") in the European Economic Area. With regard to the operation of our Facebook fan pages, we are jointly responsible with Meta Ireland for the processing of your personal data carried out in this context within the meaning of Art 26 GDPR. Your data may also be transferred to companies affiliated with Meta Ireland, in particular Meta Platforms Inc, 1601 Willow Road, Menlo Park, California 94025, USA; any transfer of your data by Meta Ireland to such affiliated companies is based on standard data protection clauses of the EU Commission within the meaning of Art 46 (2) lit c GDPR. Please note that we have no influence on the programming and design of the social network, but can only personalise and manage our Facebook fan page to the extent provided by Facebook. Please therefore take into account the conditions that the service provider places on the use of the social network (https://www.facebook.com/terms), the separately provided data protection information (https://www.facebook.com/policy.php) and the existing settings options in your Facebook account. We are, of course, fully responsible for the information we make available through the mechanisms provided by Facebook (posts, shares, etc.).
Moreover, Meta offers the operators of fan pages the service "page insights", with which anonymous statistics on the page interactions of visitors to the fan page can be created. In the meantime, Meta has supplemented the "guidelines for pages, groups and events" applicable to the operators of a fan page with a "page insights supplement regarding the responsible party", which is automatically concluded with the operators of a fan page when the "page insights" are used:
The social network "Instagram" is operated by Instagram Inc, 1601 Willow Road, Menlo Park, California 94025, USA, which is part of the Facebook group. The data protection controller for the EEA region is Meta Ireland (see "Facebook"). With regard to the operation of our Instagram accounts, we are jointly responsible with Meta Ireland for the processing of your personal data carried out in this context within the meaning of Art 26 GDPR. Your data may also be transferred to companies affiliated with Meta Ireland, in particular Instagram Inc or Meta Platforms Inc, 1601 Willow Road, Menlo Park, California 94025, USA; any transfer of your data by Meta Ireland to such affiliated companies is based on standard data protection clauses of the EU Commission within the meaning of Art 46 (2) lit c GDPR. Please note that we have no influence on the programming and design of the social network but can only personalise and manage our Instagram account to the extent provided by Instagram. Please therefore take into account the conditions that the service provider places on the use of the social network (https://help.instagram.com/581066165581870), the separately provided data protection information (https://privacycenter.instagram.com/policy) and the existing settings options in your Instagram account. We are, of course, fully responsible for the information we provide via the mechanisms provided by Instagram (posts, stories, etc.).
In addition to the services offered by Meta Platforms Inc. and Facebook Ireland Ltd, Meta owns WhatsApp, which operate their services in accordance with their respective terms of service and privacy policies. For more information on WhatsApp's privacy practices please see the following links: https://www.whatsapp.com/privacy and https://www.whatsapp.com/legal
The social network "LinkedIn" is operated by LinkedIn Corporation, 1000 W. Maude Ave, Sunnyvale, California 94085, USA. The data protection controller and operator for the EEA region is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn Ireland"). With regard to the operation of our LinkedIn accounts, we are jointly responsible with LinkedIn Ireland for the processing of your personal data carried out in this context within the meaning of Art 26 GDPR. If applicable, your data may also be transferred to companies affiliated with LinkedIn Ireland in third countries. Any transfer of your data by LinkedIn Ireland to such affiliated companies is based on standard data protection clauses of the EU Commission within the meaning of Art 46 (2) lit c GDPR. Please bear in mind that we have no influence on the programming and design of the social network but can only personalise and manage our LinkedIn account to the extent provided by LinkedIn. Please therefore observe the conditions that the service provider places on the use of the social network (https://www.linkedin.com/legal/user-agreement), the separately provided data protection information (https://www.linkedin.com/legal/privacy-policy) and the existing settings options in your LinkedIn account. We are, of course, fully responsible for the information we provide via the mechanisms provided by LinkedIn (postings, chats, etc.).
Google Ireland Limited, Gordon House, 4 Barrow Street, Dublin, Ireland ("Google Ireland") is responsible for the "YouTube" video platform in the EEA. With regard to the operation of our YouTube channels, we are jointly responsible with Google Ireland for the processing of your personal data carried out in this context within the meaning of Art 26 GDPR.
Google Ireland tries to process the data of users from the EEA region in European data centres as far as possible, but your data may be transferred to companies affiliated with Google Ireland, in particular to the parent company based in the USA, Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. An overview of all Google data centre locations can be found here: https://www.google.com/about/datacenters/inside/locations/?hl=en. Please bear in mind that we have no influence on the programming and design of YouTube but can only personalise and manage our YouTube channels to the extent provided by YouTube. Please therefore observe the conditions imposed by the service provider on the use of the video platform (https://www.youtube.com/t/terms), the separately provided data protection information (https://policies.google.com/privacy?hl=en-GB&gl=uk) and the existing settings options in your YouTube account. We are, of course, fully responsible for the videos and content we make available.
Marketing tools related to social media
The following social media marketing tools are used for the pre-planning and automatic publication of posts via social media. No direct data is collected by F.Trenka. However, please find in the following which data is collected by the app provider:
In addition, video development tools are used to create videos for advertising and/or information purposes and publish them directly via specific social media channels. No direct data is collected by F.Trenka. However, please find in the following which data is collected by the app provider:
Within the framework of our social media presence, surveys can be conducted on a temporary basis. For the survey, we use the online survey tool SurveyMonkey, which is offered by SurveyMonkey Europe, located at 2 Shelbourne Buildings, Second Floor, Shelbourne Road, Dublin 4, Ireland ("SurveyMonkey"). In order to participate in the survey, it may be necessary to provide information such as your age, gender, email address, postcode and country, which will be collected and used for the purposes of improving e.g. the customer service or promotional materials. The processing is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.
Data protection information: Online meetings and webinars
In the following we inform you about the processing of personal data in connection with the use of our online meeting and webinar platforms.
If you provide your data via a Zoom registration form as part of our meetings or webinars, this data will be stored by F.Trenka for the purpose of processing the registration, for the event of follow-up questions and for advertising measures. This data is available to F.Trenka and F.Trenka's contractual partner, which co-organised the respective webinar. The data will not be passed on to other third parties without your consent.
Purpose of processing
We use the tool "Zoom" to conduct telephone conferences, online meetings, video conferences and/or webinars. In the following, we are mainly referring to “meetings”.
Zoom is a service of Zoom Video Communications, Inc. which is based in the USA.
More information on the data protection declaration of Zoom: https://zoom.us/privacy
Note: If you access the Zoom website (www.zoom.us), the provider of Zoom is responsible for data processing. However, accessing the website is only necessary for the use of Zoom in order to download the software for the use of Zoom.
You can also use Zoom if you enter the respective meeting ID and, if applicable, further access data for the meeting directly in the Zoom app.
If you do not want to or cannot use the Zoom app, the basic functions can also be used via a browser version, which you can also find on the Zoom website.
What data are processed?
Various types of data are processed when using Zoom. The scope of the data also depends on the data you provide before or during participation in a meeting. The following personal data are subject to processing:
- User details: first name, last name, telephone (optional), e-mail address, password (if "single sign-on" is not used), profile picture (optional), department (optional)
- Meeting metadata: Topic, description (optional), participant IP addresses, device/hardware information.
- Registration data: title, first name, last name, company, job title, country.
- For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.
- When dialling in with the telephone: information on the incoming and outgoing call number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be saved.
- Text, audio and video data: You may have the opportunity to use the chat, question or survey functions in a webinar. In this respect, the text entries you make are processed in order to display them in the webinar and, if necessary, to record them. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device are processed accordingly during the meeting. You can switch off or mute the camera or microphone yourself at any time via the Zoom applications. In order to participate in a webinar or to enter the "meeting room", you must at least provide information about your name.
Scope of processing
We use Zoom to conduct online meetings or webinars. If we want to record them, we will inform you transparently in advance and - if necessary - ask for your consent. The fact of the recording will also be displayed to you in the Zoom app.
If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will not usually be the case.
We may also process questions asked by participants for the purposes of recording and following up. If you are registered as a user at Zoom, then reports on webinars (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) may be stored at Zoom for up to one month.
Legal basis of data processing
If, in connection with the use of Zoom, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component of the use of Zoom, the legal basis for data processing is Art. 6 para. 1 lit. f) GDPR. In these cases, our interest lies in the effective implementation of meeting.
Otherwise, the legal basis for data processing when conducting meetings is Art. 6 para. 1 lit. b) GDPR, insofar as the meetings are conducted within the framework of contractual relationships.
If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f) GDPR. In this case, our interest is in the effective conduct of meetings.
Recipients / disclosure of data
Personal data processed in connection with participation in meetings will generally not be passed on to third parties unless it is intended to be passed on. Please note that the content of meetings, as well as personal meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.
Other recipients: The provider of Zoom necessarily receives knowledge of the above-mentioned data, insofar as this is provided for in the context of our order processing contract with Zoom.
Data processing outside the European Union
Zoom is a service provided by a provider from the USA. Processing of personal data therefore also takes place in a third country. We have concluded an order processing agreement with the provider of Zoom that meets the requirements of Art. 28 GDPR.
An appropriate level of data protection is guaranteed on the one hand by the conclusion of the so-called EU standard contractual clauses.
We would like to point out that the IP data of the connection owner are stored within the scope of cookies.
The registration data entered via the registration form on our homepage are processed by Zoom.
In addition, for the purpose of registration, contacting, as well as analysis and advertising measures, the following data will also be stored by F.Trenka: Name, e-mail address, organisation/company, country, job title, gender, age, participant status, user name, source of registration (web/mobile). The data you provide is necessary for successful registration. Without this data, we cannot complete the registration for the respective webinar with you.
No data will be transferred to third parties, with the exception of the transfer to the above-mentioned company partners who were directly involved in the creation of the respective webinar and for the purpose of web analysis and advertising measures.
After termination of the registration process, the data stored by us will be deleted. In the case of a registration termination, all data from the contractual relationship will be stored until the expiry of the retention period under tax law (7 years). The data processing is carried out on the basis of the legal provisions of § 96 para 3 TCG as well as Art 6 para 1 lit a (consent) and/or lit b (necessary for the fulfilment of the contract) of the GDPR.
As part of the meeting or webinar registration, one automatically qualifies for the newsletter, which informs about meeting-related topics (e.g. webinar dates, reminders). You will only be included in the newsletter distribution list after you have agreed to be contacted by F.Trenka via a double opt-in. The webinar certificates are sent once to all participants after the webinar. In order to provide you with targeted information, we also collect and process information voluntarily provided. Among other things, e-mails are sent via the e-mail software used by F.Trenka (Microsoft Outlook) in combination with the Word integration "Mail Merge Toolkit" by Mapilap.
You can cancel your subscription to the newsletter at any time. Please send your cancellation to the following e-mail address: firstname.lastname@example.org. We will then immediately delete your data in connection with the newsletter dispatch. This cancellation does not affect the lawfulness of the processing carried out on the basis of the consent until the cancellation.
As an addendum to the above-mentioned software, the following software will also be used for sending e-mails:
Mailchimp are authorised to fulfil the contract and is entitled to process data in accordance with ART 6 para. 1 lit. b GDPR or ART 6 para. 1 lit. a GDPR. Mailchimp make use of the standard contractual clauses in order to process the data in a legally compliant manner.
In the case of sending via Mailchimp, it is proven in accordance with the double opt-in (DOI) procedure that you, as the owner of the email address, have subscribed to your newsletter (obligation to prove, see Art. 7 para. 1 GDPR).
In the context of sending e-mails via Mailchimp, your e-mail address, first name and surname are also used for the purpose of personalising the newsletter. In addition, a performance measurement is carried out.
You can find more information in the data protection regulation of Mailchimp (https://mailchimp.com/help/about-the-general-data-protection-regulation/) and in the Mailchimp and European Data Transfers file (https://mailchimp.com/help/mailchimp-european-data-transfers/).
For the integration of various databases and tools, we use Zapier, a service of Zapier Inc, 548 Market St #62411, San Francisco, California 94104, USA. In this process, customer data may be transmitted with the exception of payment data. Zapier is used to automatically transfer registration data from Zoom to Mailchimp. In particular, this includes data entered as part of the Zoom registration form (first and last name, e-mail-address, country, profession). For more information on data protection at Zapier, please visit https://zapier.com/privacy/
“Microsoft Teams” meetings
Processing of personal data
As part of our online meetings using Microsoft Teams, we process the following personal data:
- Communication data (e. g. email address)
- Log files, log data
- Metadata (e. g. IP address, date of participation)
- Profile data (e. g. username)
Microsoft Office 365, Microsoft Teams Video Conference
The video conferencing function of Microsoft Teams allows to participate in our online events via video / audio. We use the Team Meetings function of Microsoft Teams. In Team Meetings, audio input and video recordings are prevented by our Microsoft Teams settings.
In exceptional cases, a recording may take place under the following conditions:
- In advance, participants shall be explicitly notified about the planned recording (firstly at invitation and secondly at the beginning of the event to be recorded)
- Participants shall be provided with the link to this general data protection information
- The following additional data protection information shall be made available to participants:
- Specific purpose of recording
- Recipients of the recording or addressee to whom the recording will be made available
- Location and duration of recording
We carry out the data processing in accordance with Article 6(1)(f) GDPR on the basis of a legitimate interest. Our legitimate interest in data processing is: organize online conferences to inform participants about relevant topics and our business activities.
Microsoft Teams is part of Microsoft Office 365. Microsoft Teams is a productivity, collaboration and exchange platform for individual users, as well as teams, communities and networks; it is used across our group of companies. This includes a video conferencing function.
Microsoft Office 365 is a software of:
Microsoft Ireland Operations Limited
One Microsoft Place
South County Business Park
Microsoft Teams is part of the Cloud application Office 365, for which a user account must be created.
The Office 365 data processing is performed on servers in data centers in the European Union, Ireland and the Netherlands. We have concluded a data protection agreement with Microsoft in accordance with Art. 28 GDPR. Accordingly, we have agreed on extensive technical and organizational measures for Office 365 with Microsoft (https://docs.microsoft.com/en-us/microsoftteams/teams-privacy), which correspond to the current state of the art in IT security, for example regarding access authorization and end-to-end encryption concepts for data lines, databases and servers.
To guarantee an adequate level of data protection in the transfer of personal data to a third country such as the USA, we have concluded EU standard contractual clauses with Microsoft.
Microsoft reserves the right to process customer data for its own legitimate business purposes. We have no influence on these data processing operations of Microsoft. To the extent that Microsoft Teams processes personal data in connection with legitimate business purposes, Microsoft is an independent controller for these data processing activities and as such is responsible for compliance with all applicable data protection regulations. If you need information about Microsoft processing, please consult the Microsoft privacy statement (https://docs.microsoft.com/en-us/microsoftteams/teams-privacy) / (https://privacy.microsoft.com/en-us/data-privacy-notice).
As shown above, we use Microsoft for Office 365 as a processor acc. to Article 28 GDPR.