Meet-the-Experts Data Privacy Policy

Data Privacy Regulation according to Art. 13, 14 and 21 GDPR:

For the ”Meet-the-Experts from de.KCD” consultation hour via web conference system “Zoom”


As the controller, Forschungszentrum Jülich has implemented numerous technical and organizational measures to ensure the most complete protection of your personal data. Since Zoom is a cloud-based SaaS solution, the service provider was examined for appropriate instruments to ensure IT and data security. In accordance with Article 32 GDPR, Zoom meets the requirements for the security of processing through appropriate technical and organizational measures in accordance with the state of the art technology. Zoom is a service of Zoom Video Communications, Inc. based in the USA.

Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier. The following information must be provided to you in accordance with Art. 13 of the General Data Protection Regulation (GDPR) when the personal data is collected:

Name and Address of the controller

Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:

  • Forschungszentrum Jülich GmbH
  • Wilhelm-Johnen-Straße
  • 52428 Jülich
  • Deutschland
  • Website: www.fz-juelich.de E-Mail: info@fz-juelich.de

Name and Address of the Data Protection Officer

The Data Protection Officer of the controller is:

  • Frank Rinkens
  • Forschungszentrum Jülich GmbH
  • Wilhelm-Johnen-Strasse
  • 52428 Jülich
  • Deutschland
  • Tel.: +49-2461-61-9005
  • Website: www.fz-juelich.de E-Mail: DSB@fz-juelich.de

Purpose and legal basis

Art. 6 I lit. f GDPR serves as the legal basis for this processing. Processing operations are based on this legal basis if processing is necessary for the purposes of the legitimate interests of our company, except where such interests are overridden by your interests or fundamental rights and freedoms. If the processing of personal data is necessary for the performance of a contract or a pre-contractual measure, then Art. 6 para. 1 lit. b GDPR is the legal basis.

We conscientiously protect your data against loss, misuse, unauthorized access, unauthorized disclosure, falsification or destruction. Within our company, your data is stored on password-protected servers to which only a limited group of people have access.

By registering for the service, you accept the terms of use and privacy policy of Zoom.

Purpose

The purpose of this Data Protection Regulation (DPR) is to ensure that personal data collected during the bi-weekly Zoom meetings, entitled "Meet the Experts from de.KCD", is processed in a transparent and lawful manner. The specific goal of these meetings is to generate transcripts, which will be further processed to provide us with a catalogue of questions and related answers. This question-answer catalogue will eventually be incorporated into a FAQ that will be made publicly accessible at the datenkompetenz.cloud website.

Scope

This DPR applies to all participants who attend the Zoom meetings, including:

  • Internal employees
  • External guests
  • Speakers/presenters

Personal Data Collected

The following personal data may be collected during the Zoom meetings:

  • Personal data (e.g. surname, first name, title, department, company), if provided
  • Contact details (e.g. e-mail address, OU/institute, home institution, business telephone number), if provided
  • Event metadata: topic, description (optional), IP addresses of participants
  • Audio and video recordings of participants (note: image recording is not required and will be deleted without further processing). You can switch off or mute the camera and microphone yourself at any time.
  • Text recording of the integrated chat history
  • Transcripts generated by Zoom's AI auto-transcription feature

Processing of Personal Data

To achieve our purpose, we will process the personal data as follows:

  1. Transcript generation: We will use Zoom's AI auto-transcription feature to generate transcripts of the audio recordings.
  2. Data anonymization: We will process the transcripts to erase or anonymize names, email addresses, postal addresses and other personally identifiable data.
  3. Question-answer catalogue creation: We will create a catalogue of questions and related answers based on the processed transcripts.
  4. FAQ creation: We will incorporate the question-answer catalogue into a FAQ that will be made publicly accessible at the datenkompetenz.cloud website.

Data transfer to a third country or to an international organization

Data processing of the recordings and the AI transcript creation takes place outside the EU or the EEA. The server location is in the USA. An adequate level of data protection is ensured by standard contractual clauses of the European Commission and individual agreements.

Data Retention

We will retain personal data for no longer than necessary to achieve our purpose:

  1. Recordings: All audio and video recordings will be completely deleted after 4 weeks.
  2. Basic unprocessed transcripts: All basic unprocessed transcripts will be deleted after 8 weeks.
  3. Processed transcripts: Processed transcripts (i.e., transcripts with personally identifiable data erased or anonymized) will be retained for as long as necessary to maintain the question-answer catalogue and FAQ.

Consent

We will obtain consent from participants upon entering the Zoom room. If a participant does not agree to this processing, they are free to not enter the Zoom room or leave at any time.

Additional Measures

To ensure transparency and fairness:

  1. No camera activation required: Participants do not need to activate their cameras, as image recording is of no use and will be deleted without further processing.
  2. No raw data sharing: No raw/unprocessed data will be handed out to any different organization, person, institution or alike.
  3. Data usage limitation: The data will only be used for the described purpose.

Rights of Participants

Participants have the following rights:

  1. Right to access: Participants can request a copy of their personal data (if applicable).
  2. Right to rectification: Participants can request that inaccurate or incomplete personal data be corrected.
  3. Right to erasure: Participants can request that their personal data be deleted.
  4. Right to restriction of processing: Participants can request that the processing of their personal data be restricted.

By attending the "Meet the Data Experts from de.KCD" Zoom meetings, participants acknowledge that they have read and understood this DPR and provide consent for their personal data to be processed in accordance with its terms.