Data processing outside the European Union 
"Zoom" is a service provided by a provider from the USA. Processing of personal data therefore also takes place in a third country. We have concluded a contract with the provider of "Zoom" that meets the requirements of Art. 28 GDPR. 

An adequate level of data protection is guaranteed on the one hand by the "Privacy Shield" certification of Zoom Video Communications, Inc. but also by the conclusion of the so-called EU standard contract clauses. 

Data protection officer 
We have appointed a data protection officer. You can reach him at:

legitimis GmbH
Herrn Sebastian Feik, Dipl.-WJur. (FH)
Ball 1
51429 Bergisch Gladbach
Tel.: +49 2202 28 941 - 0
Fax: +49 2202 28 941 - 47
E-Mail : datenschutz-IWkoeln@legitimis.com

Your rights as data subject 

You have the right to be informed about the personal data regarding you. You can contact us for information at any time.  

In the case of a request for information that is not made in writing, we ask for your understanding that we may require you to provide evidence that proves that you are the person you claim to be.  

Furthermore, you have the right to correction or deletion or to restriction of processing, as far as you are legally entitled to do so. 

Finally, you have the right to object to the processing within the scope of the statutory provisions. 

You also have a right to data transferability within the framework of the data protection regulations. 

Deletion of data 

As a matter of principle, we delete personal data when there is no need for further storage. A requirement can exist in particular if the data is still needed to fulfil contractual services, to check and grant or ward off warranty and guarantee claims. In the case of legal storage obligations, deletion only comes into consideration after expiry of the respective storage obligation. 

Right of complaint to a supervisory authority 

You have the right to complain about the processing of personal data by us to a data protection supervisory authority. 

If no contractual relationship exists, the legal basis is Art. 6 para. 1 lit. f) GDPR. Here too, we are interested in the effective implementation of "online meetings". 

Recipient / passing on of data 

Personal data that is processed in connection with participation in "online meetings" is generally not passed on to third parties, unless it is specifically intended to be passed on. Please note that content from "online meetings" as well as personal meetings often serves the purpose of communicating information with customers, interested parties or third parties and is therefore intended for disclosure. 

If you have provided an email address in the "Online Meeting", the "Gravatar" service of Automattic Inc. (USA) is called up. The use of "Gravatar" does not constitute order processing for us. The provider himself determines the purpose and means of data processing. If you have created an account with "Gravatar", these terms and conditions apply. 

Data processing outside the European Union 

Data processing outside the European Union (EU) does not take place. However, we cannot exclude the possibility that data is routed via Internet servers located outside the EU. This may be the case in particular if participants in "online meetings" are in a third country. 

However, the data is encrypted during transport over the Internet and thus protected against unauthorized access by third parties. 

If you have provided an e-mail address in the "Online Meeting", the "Gravatar" service of Automattic Inc. (USA) is called. Automattic Inc.'s servers may be located outside the EU. The appropriate level of data protection is ensured by Automattic Inc.'s Privacy Shield certification. 

Privacy Officer 

We have appointed a data protection officer. You can reach him at:

legitimis GmbH
Herrn Sebastian Feik, Dipl.-WJur. (FH)
Ball 1
51429 Bergisch Gladbach
Tel.: +49 2202 28 941 - 0
Fax: +49 2202 28 941 - 47
E-Mail : datenschutz-IWkoeln@legitimis.com

Your rights as data subject 

You have the right to be informed about the personal data regarding you. You can contact us for information at any time.  

In the case of a request for information that is not made in writing, we ask for your understanding that we may require you to provide evidence that proves that you are the person you claim to be.  

Furthermore, you have the right to correction or deletion or to restriction of processing, as far as you are legally entitled to do so. 

Finally, you have the right to object to the processing within the scope of the statutory provisions. 

You also have a right to data transferability within the framework of the data protection regulations. 

Deletion of data 

As a matter of principle, we delete personal data when there is no need for further storage. A requirement can exist in particular if the data is still needed to fulfil contractual services, to check and grant or ward off warranty and guarantee claims. In the case of legal storage obligations, deletion only comes into consideration after expiry of the respective storage obligation. 

Right of complaint to a supervisory authority 

You have the right to complain about the processing of personal data by us to a data protection supervisory authority. 

Variant: Hosted by Jitsi

We would like to inform you in the following about the processing of personal data in connection with the use of "Jitsi Meet". 

Purpose of processing 

We use the "Jitsi" tool to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: "online meetings"). "Jitsi" is an open source software for online meetings, which we use via a service provider by way of a so-called order processing. 

Responsible person 

Responsible for data processing directly related to the execution of "online meetings" is the Institut der deutschen Wirtschaft Köln e.V.

P.O. Box 10 19 42
50459 Cologne
Visitor address:
Konrad-Adenauer-Ufer 21
50668 Cologne
Phone: 0221 4981-1
Fax: 0221 4981-99547
welcome@iwkoeln.de

Which data is processed? 

When using "Jitsi" different types of data are processed. If you participate in a "Jitsi" meeting, you will be asked for your name at the beginning of the meeting. This name is processed for the duration of your participation in the respective online meeting and then deleted. 

Also, any audio, video or chat content will only be processed during the online meeting. 

For technical operation, the following data is processed or the following personal data is subject to processing: 

IP address: In order to be able to conduct the online meeting, the IP address used by your end device is processed. The logging of the IP address is deactivated on our "Jitsi" server. 

Meeting name and password (if applicable): When setting up an online meeting, a name for the online meeting is chosen by the organizer. Additionally, a password can be provided for participation in the online meeting. This data is only processed until the end of the respective online meeting and then deleted. Please note, however, that the name of "Online Meeting" as well as the date, time and duration of the "Online Meeting" can be stored locally in your browser. If you no longer wish to see these data, you should delete your browser cache. 

Email address: You can optionally enter an e-mail address. This e-mail address will then be used to retrieve and display a profile photo from the "Gravatar" service. Gravatar profile photos will only be displayed if a public Gravatar image can be retrieved for the e-mail address provided. 

Scope of processing 

We use "Jitsi" to conduct "online meetings". If we want to record "online meetings", we will inform you transparently in advance and - if necessary - ask for your consent. 

Legal basis of data processing 

As far as personal data of employees of the Institut der deutschen Wirtschaft Köln e.V. are processed, § 26 BDSG is the legal basis for data processing. If, in connection with the use of "Jitsi", personal data are not required for the establishment, execution or termination of the employment relationship, but are nevertheless an elementary component of the use of "Jitsi", Art. 6 Par. 1 letter f) GDPR is the legal basis for data processing. In these cases, we are interested in the effective implementation of "online meetings". 

In all other respects, the legal basis for data processing in the conduct of "online meetings" is Art. 6 para. 1 lit. b) GDPR, insofar as the meetings are conducted within the framework of contractual relationships. 

If no contractual relationship exists, the legal basis is Art. 6 para. 1 lit. f) GDPR. Here too, we are interested in the effective implementation of "online meetings". 

Recipient / passing on of data 

Personal data that is processed in connection with participation in "online meetings" is generally not passed on to third parties, unless it is specifically intended to be passed on. Please note that content from "online meetings" as well as personal meetings often serves the purpose of communicating information with customers, interested parties or third parties and is therefore intended for disclosure. 

The technical service provider we use to operate "Jitsi" is also the recipient of data. We have concluded an order processing contract with the service provider that complies with the requirements of Art. 28 GDPR. In particular, the service provider shall ensure that all necessary technical and organizational measures for data security in accordance with Art. 32 GDPR are complied with. 

If you have provided an e-mail address in the "Online Meeting", the "Gravatar" service of Automattic Inc. (USA) will be called up. The use of "Gravatar" does not constitute order processing for us. The provider himself determines the purpose and means of data processing. If you have created an account with "Gravatar", these terms and conditions apply. 

Data processing outside the European Union 

Data processing outside the European Union (EU) does not take place. However, we cannot exclude the possibility that data is routed via Internet servers located outside the EU. This may be the case in particular if participants in "online meetings" are in a third country. 

However, the data is encrypted during transport over the Internet and thus protected against unauthorized access by third parties. 

If you have provided an e-mail address in the "Online Meeting", the "Gravatar" service of Automattic Inc. (USA) is called. Automattic Inc.'s servers may be located outside the EU. The appropriate level of data protection is ensured by Automattic Inc.'s Privacy Shield certification. 

Privacy Officer 

We have appointed a data protection officer. You can reach him at:
Mr. Sebastian Feik, Dipl.-WJur. (FH)
legitimis GmbH Dellbrücker Straße 116
51469 Bergisch Gladbach
Phone: +49 2202 28 941 - 0
Fax: +49 2202 28 941 - 47
e-mail : Datenschutz-iwkoeln.de@legitimis.com

Your rights as data subject 

You have the right to be informed about the personal data regarding you. You can contact us for information at any time.  

In the case of a request for information that is not made in writing, we ask for your understanding that we may require you to provide evidence that proves that you are the person you claim to be.  

Furthermore, you have the right to correction or deletion or to restriction of processing, as far as you are legally entitled to do so. 

Finally, you have the right to object to the processing within the scope of the statutory provisions. 

You also have a right to data transferability within the framework of the data protection regulations. 

Deletion of data 

As a matter of principle, we delete personal data when there is no need for further storage. A requirement can exist in particular if the data is still needed to fulfil contractual services, to check and grant or ward off warranty and guarantee claims. In the case of legal storage obligations, deletion only comes into consideration after expiry of the respective storage obligation. 

Right of complaint to a supervisory authority 

You have the right to complain about the processing of personal data by us to a data protection supervisory authority. 

What data is processed? 

When using "Blizz", different types of data are processed. The scope of the data also depends on the information you provide before or during participation in an "online meeting". 

The following personal data is processed: 

User information: user name, display name, e-mail address, profile picture (optional), preferred language 

Meeting metadata: Meeting ID, participant IP addresses, phone numbers, location 

Text, audio and video data: You may be able to use the chat function in an "online meeting". To this extent, the text entries you make are processed in order to display them in the "online meeting". In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time using the "Blizz" applications. 

Scope of processing 

We use "Blizz" to conduct "online meetings". If we want to record "online meetings", we will inform you transparently in advance and - if necessary - ask for your consent. 

If necessary for the purposes of recording the results of an online meeting, we will log the chat content. However, this will usually not be the case. Automated decision making in the sense of Art. 22 GDPR is not used. 

Legal basis of the data processing 

As far as personal data of employees of the Institut der deutschen Wirtschaft Köln e.V. are processed, § 26 BDSG is the legal basis for data processing. If, in connection with the use of "Blizz", personal data is not required for the establishment, execution or termination of the employment relationship, but is nevertheless an elementary component of the use of "Blizz", Art. 6 para. 1 lit. f) GDPR is the legal basis for data processing. In these cases, we are interested in the effective implementation of "online meetings". 

In all other respects, the legal basis for data processing in the conduct of "online meetings" is Art. 6 para. 1 lit. b) GDPR, insofar as the meetings are conducted within the framework of contractual relationships. 

If no contractual relationship exists, the legal basis is Art. 6 para. 1 lit. f) GDPR. Here too, we are interested in the effective implementation of "online meetings". 

Recipient / passing on of data 

Personal data that is processed in connection with participation in "online meetings" is generally not passed on to third parties, unless it is specifically intended to be passed on. Please note that content from "online meetings" as well as personal meetings often serves the purpose of communicating information with customers, interested parties or third parties and is therefore intended for disclosure. 

Other Recipients: The "Blizz" provider necessarily obtains knowledge of the above-mentioned data to the extent provided for in our contract processing agreement with "Blizz". 

Data processing outside the European Union 

Data processing outside the European Union (EU) does not take place. However, we cannot exclude the possibility that data is routed via Internet servers located outside the EU. This may be the case in particular if participants in "online meetings" are in a third country. 

However, the data is encrypted during transport over the Internet and thus protected against unauthorized access by third parties. 

Data protection officer 

We have appointed a data protection officer. You can reach him at:

legitimis GmbH
Herrn Sebastian Feik, Dipl.-WJur. (FH)
Ball 1
51429 Bergisch Gladbach
Tel.: +49 2202 28 941 - 0
Fax: +49 2202 28 941 - 47
E-Mail : datenschutz-IWkoeln@legitimis.com

Your rights as data subject 

You have the right to be informed about the personal data regarding you. You can contact us for information at any time.  

In the case of a request for information that is not made in writing, we ask for your understanding that we may require you to provide evidence that proves that you are the person you claim to be.  

Furthermore, you have the right to correction or deletion or to restriction of processing, as far as you are legally entitled to do so. 

Finally, you have the right to object to the processing within the scope of the statutory provisions. 

You also have a right to data transferability within the framework of the data protection regulations. 

Deletion of data 

As a matter of principle, we delete personal data when there is no need for further storage. A requirement can exist in particular if the data is still needed to fulfil contractual services, to check and grant or ward off warranty and guarantee claims. In the case of legal storage obligations, deletion only comes into consideration after expiry of the respective storage obligation. 

Right of complaint to a supervisory authority 

You have the right to complain about the processing of personal data by us to a data protection supervisory authority. 

We would like to inform you in the following about the processing of personal data in connection with the use of "Skype for Business".

Purpose of processing

We use the "Skype for Business" tool to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter referred to as "Online Meetings"). "Skype for Business" is a service of Microsoft Corporation.

Responsible person

The person responsible for data processing directly related to the holding of "online meetings" is 
Institute of the German Economy Cologne e.V.
Konrad-Adenauer-Ufer 21
50668 Cologne
Phone: +49 221 4981 1
fax: +49 221 4981 99547
E-mail: welcome@iwkoeln.de
Note: If you access the "Skype for Business" website, the provider of "Skype for Business" is responsible for data processing. However, calling up the website is only necessary to use "Skype for Business" in order to download the software for using "Skype for Business".
If you do not want to or cannot use the "Skype for Business" app, you can also use "Skype for Business" via the Browser Web App. The service will then also be provided via the "Skype for Business" website.

What data is processed?

When using "Skype for Business" different types of data are processed. The scope of the data also depends on the information you provide before or during participation in an "online meeting".
The following personal data are subject to processing:

User details: e.g. display name, e-mail address (if applicable), profile picture (optional), preferred language
Meeting metadata: e.g. date, time, meeting ID, phone numbers, location
Text, audio and video data: You may be able to use the chat function in an "online meeting". To this extent, the text entries you make are processed in order to display them in the "online meeting". In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time using the "Skype for Business" applications.

Scope of processing

We use "Skype for Business" to conduct "online meetings". If we want to record "online meetings", we will inform you transparently in advance and - if necessary - ask for your consent.
If necessary for the purposes of recording the results of an online meeting, we will log the chat content. However, this will usually not be the case.
Automated decision making in the sense of Art. 22 GDPR is not used.

Legal basis of the data processing

As far as personal data of employees of the Institut der deutschen Wirtschaft Köln e.V. are processed, § 26 BDSG is the legal basis for data processing. If, in connection with the use of "Skype for Business", personal data are not required for the establishment, execution or termination of the employment relationship, but are nevertheless an elementary component of the use of "Skype for Business", Art. 6 para. 1 lit. f) DPA is the legal basis for data processing. In these cases we are interested in the effective implementation of "online meetings".
In other respects, the legal basis for data processing in the conduct of "online meetings" is Art. 6 para. 1 lit. b) GDPR, insofar as the meetings are conducted within the framework of contractual relationships.
If no contractual relationship exists, the legal basis is Art. 6 para. 1 lit. f) GDPR. Here too, we are interested in the effective implementation of "online meetings".

Receiver / passing on of data

Personal data that is processed in connection with participation in "online meetings" is generally not passed on to third parties, unless it is specifically intended to be passed on. Please note that content from "online meetings" as well as personal meetings often serves the purpose of communicating information with customers, interested parties or third parties and is therefore intended for disclosure.
Further recipients: The provider of "Skype for Business" necessarily obtains knowledge of the above-mentioned data, as far as this is intended within the scope of our contract processing agreement with "Skype for Business".

Data processing outside the European Union

Data processing outside the European Union (EU) does not take place as a matter of principle, since we have limited our storage location to data centers in the European Union. However, we cannot exclude the possibility that data is routed via Internet servers located outside the EU. This may be the case in particular if participants in "online meetings" are located in a third country.
However, the data is encrypted during transport over the Internet and thus protected against unauthorized access by third parties.

Data protection officer
We have appointed a data protection officer. You can reach him as follows: 

legitimis GmbH
Herrn Sebastian Feik, Dipl.-WJur. (FH)
Ball 1
51429 Bergisch Gladbach
Tel.: +49 2202 28 941 - 0
Fax: +49 2202 28 941 - 47
E-Mail : datenschutz-IWkoeln@legitimis.com

Your rights as data subject 

You have the right to be informed about the personal data regarding you. You can contact us for information at any time.  

In the case of a request for information that is not made in writing, we ask for your understanding that we may require you to provide evidence that proves that you are the person you claim to be.  

Furthermore, you have the right to correction or deletion or to restriction of processing, as far as you are legally entitled to do so. 

Finally, you have the right to object to the processing within the scope of the statutory provisions. 

You also have a right to data transferability within the framework of the data protection regulations. 

Deletion of data 

As a matter of principle, we delete personal data when there is no need for further storage. A requirement can exist in particular if the data is still needed to fulfil contractual services, to check and grant or ward off warranty and guarantee claims. In the case of legal storage obligations, deletion only comes into consideration after expiry of the respective storage obligation. 

Right of complaint to a supervisory authority 

You have the right to complain about the processing of personal data by us to a data protection supervisory authority. 

We would like to inform you in the following about the processing of personal data in connection with the use of "Webex".

Purpose of the processing
We use the "Webex" tool to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: "Online Meetings"). "Webex" is a service of Cisco Systems GmbH, which has its registered office in Germany.

Responsible person
The person responsible for data processing directly related to the holding of "online meetings" is 
Institute of the German Economy Cologne e.V.
Konrad-Adenauer-Ufer 21
50668 Cologne
Phone: +49 221 4981 1
fax: +49 221 4981 99547
E-mail: welcome@iwkoeln.de

Note: As far as you call up the internet page of "Webex", the provider of "Webex" is responsible for the data processing. A call of the Internet side is necessary for the use of "Webex" however only, in order to download the software for the use of "Webex".
If you do not want to or cannot use the "Webex" app, the basic functions can also be used via a browser app, which you can also find on the website of "Webex".

Which data are processed?
When using "Webex" different types of data are processed. The extent of the data also depends on the information you provide before or during participation in an "online meeting".
The following personal data are subject of the processing:
User information: first name, last name, telephone (optional), e-mail address, password (if "Single-Sign-On" is not used), profile picture (optional), department (optional)
Meeting metadata: Topic, description (optional), participant IP addresses, device/hardware information
For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online meeting chat.
When dialing in by phone: information on incoming and outgoing phone number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be saved.
Text, audio and video data: You may be able to use the chat, question or survey functions in an "online meeting". To this extent, the text entries you make are processed in order to display and, if necessary, log them in the "online meeting". In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time using the "Webex" applications.
In order to participate in an "online meeting" or to enter the "meeting room", you must at least provide information about your name.

Scope of processing

We use "Webex" to conduct "online meetings". If we want to record "online meetings", we will inform you transparently in advance and - if necessary - ask for your consent. The fact of the recording will also be displayed in the "Webex" app.
If it is necessary for the purpose of logging the results of an online meeting, we will log the chat content. However, this will usually not be the case.
In the case of webinars, we may also process questions asked by webinar participants for the purposes of recording and follow-up of webinars.
If you are registered as a user at "Webex", reports on "online meetings" (meeting meta data, telephone dial-in data, questions and answers in webinars, survey function in webinars) can be stored at "Webex" for up to one month.
The possibility of software-based "attention tracking" in "online meeting" tools like "Webex" is deactivated.
An automated decision making in the sense of Art. 22 GDPR is not used.

Legal basis of the data processing

As far as personal data of employees of the Institut der deutschen Wirtschaft Köln e.V. are processed, § 26 BDSG is the legal basis for data processing. If, in connection with the use of "Webex", personal data are not required for the establishment, execution or termination of the employment relationship, but are nevertheless an elementary component in the use of "Webex", Art. 6 para. 1 lit. f) GDPR is the legal basis for the data processing. In these cases we are interested in the effective execution of "online meetings".
Furthermore, the legal basis for data processing in the execution of "online meetings" is Art. 6 para. 1 lit. b) GDPR, insofar as the meetings are carried out within the framework of contractual relationships.
If no contractual relationship exists, the legal basis is Art. 6 para. 1 lit. f) GDPR. Here too, we are interested in the effective implementation of "online meetings".

Receiver / passing on of data

Personal data that is processed in connection with participation in "online meetings" is generally not passed on to third parties, unless it is specifically intended to be passed on. Please note that content from "online meetings" as well as personal meetings often serves the purpose of communicating information with customers, interested parties or third parties and is therefore intended for disclosure.
Further recipients: The provider of "Webex" necessarily obtains knowledge of the above-mentioned data, as far as this is provided for in the context of our order processing contract with "Webex".

Data processing outside the European Union

"Webex" is a service provided by a provider from the USA. A processing of the personal data takes place thereby also in a third country. We have concluded an order processing contract with the provider of "Webex", which complies with the requirements of Art. 28 GDPR.
A data protection level is regulated by the conclusion of the so-called EU standard contract clauses.

Data protection officer

We have appointed a data protection officer. You can reach him under:

legitimis GmbH
Herrn Sebastian Feik, Dipl.-WJur. (FH)
Ball 1
51429 Bergisch Gladbach
Tel.: +49 2202 28 941 - 0
Fax: +49 2202 28 941 - 47
E-Mail : datenschutz-IWkoeln@legitimis.com

Your rights as data subject 

You have the right to be informed about the personal data regarding you. You can contact us for information at any time.  

In the case of a request for information that is not made in writing, we ask for your understanding that we may require you to provide evidence that proves that you are the person you claim to be.  

Furthermore, you have the right to correction or deletion or to restriction of processing, as far as you are legally entitled to do so. 

Finally, you have the right to object to the processing within the scope of the statutory provisions. 

You also have a right to data transferability within the framework of the data protection regulations. 

Deletion of data 

As a matter of principle, we delete personal data when there is no need for further storage. A requirement can exist in particular if the data is still needed to fulfil contractual services, to check and grant or ward off warranty and guarantee claims. In the case of legal storage obligations, deletion only comes into consideration after expiry of the respective storage obligation. 

Right of complaint to a supervisory authority 

You have the right to complain about the processing of personal data by us to a data protection supervisory authority. 

In the following we would like to inform you about the processing of personal data in connection with the use of "GoToWebinar".

Purpose of processing

We use the "GoToWebinar" tool to conduct conference calls, online meetings, video conferences and/or webinars (hereinafter collectively referred to as "Online Meetings"). "GoToWebinar" is a service provided by LogMeIn, Inc. which is based in the USA. 

Responsible

The person responsible for data processing directly related to the execution of "online meetings" is
Institute of the German Economy Cologne e.V.
Konrad-Adenauer-Ufer 21
50668 Cologne
Phone: +49 221 4981 1
fax: +49 221 4981 99547
E-mail: welcome@iwkoeln.de

Note: If you access the internet site of "GoToWebinar", the provider of "GoToWebinar" is responsible for data processing. However, calling up the Internet site is only necessary for the use of "GoToWebinar" in order to download the software for the use of "GoToWebinar". 

You can also use "GoToWebinar" if you enter the respective meeting ID and, if necessary, additional access data for the meeting directly in the "GoToWebinar" app. 

If you do not want to or cannot use the "GoToWebinar" app, the basic functions can also be used via a browser version, which you can also find on the "GoToWebinar" website. 

What data is processed?

When using "GoToWebinar" different types of data are processed. The amount of data processed also depends on the information you provide before or during your participation in an "online meeting". 

The following personal data are subject to processing: 

User information: first name, last name, telephone (optional), e-mail address, password (if "Single-Sign-On" is not used), profile picture (optional), department (optional) 

Meeting metadata: Topic, description (optional), participant IP addresses, device/hardware information 

For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online meeting chat. 

When dialing in by phone: information on incoming and outgoing phone number, country name, start and end time. If necessary, further connection data, such as the IP address of the device can be saved 

Text, audio and video data: You may be able to use the chat, question or survey functions in an "online meeting". To this extent, the text entries you make are processed in order to display and, if necessary, log them in the "online meeting". In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time using the "GoToWebinar" applications.  

In order to participate in an "online meeting" or to enter the "meeting room", you must at least provide information about your name. 

Scope of processing

We use "GoToWebinar" to conduct "online meetings". If we want to record "online meetings", we will inform you transparently in advance and - if necessary - ask for your consent. The fact of the recording will also be displayed in the "GoToWebinar" app. 

If necessary for the purpose of recording the results of an online meeting, we will log the chat content. However, this will usually not be the case. 

In the case of webinars, we may also process questions asked by webinar participants for the purposes of recording and follow-up of webinars. 

If you are registered as a user of "GoToWebinar", reports of "online meetings" (meeting meta data, telephone dial-in data, questions and answers in webinars, survey function in webinars) can be stored for up to 90 days at "GoToWebinar". 

An automated decision making process in the sense of Art. 22 GDPR is not used. 

Legal basis of the data processing

As far as personal data of employees of the Institut der deutschen Wirtschaft Köln e.V. are processed, § 26 BDSG is the legal basis for data processing. If, in connection with the use of "GoToWebinar", personal data are not required for the establishment, execution or termination of the employment relationship, but are nevertheless an elementary component of the use of "GoToWebinar", Art. 6 para. 1 letter f) GDPR is the legal basis for data processing. In these cases we are interested in the effective execution of "online meetings". 

Otherwise, the legal basis for data processing when conducting "online meetings" is Art. 6 para. 1 lit. b) GDPR, insofar as the meetings are conducted within the framework of contractual relationships. 

If no contractual relationship exists, the legal basis is Art. 6 para. 1 lit. f) GDPR. Here too, we are interested in the effective implementation of "online meetings". 

Recipient / passing on of data

Personal data that is processed in connection with participation in "online meetings" is generally not passed on to third parties, unless it is specifically intended to be passed on. Please note that content from "online meetings" as well as personal meetings often serves the purpose of communicating information with customers, interested parties or third parties and is therefore intended for disclosure. 

Other recipients: The provider of "GoToWebinar" necessarily obtains knowledge of the above-mentioned data, insofar as this is provided for in our contract processing agreement with "GoToWebinar". 

Data processing outside the European Union

"GoToWebinar" is a service of LogMeIn Ireland Limited (Bloodstone Building Block C 70 Sir John Rogerson's Quay Dublin 2, Ireland), a subsidiary of LogMeIn Inc. (Log-MeIn, 320 Summer Street, Boston, MA 02210, USA). Personal data is therefore also processed in a third country. We have entered into a contract with the provider of "GoToWebinar" that meets the requirements of article 28 GDPR. 

A data protection level is regulated by the conclusion of the so-called EU standard contract clauses. 

Data protection officer

We have appointed a data protection officer. You can reach him under:

legitimis GmbH
Herrn Sebastian Feik, Dipl.-WJur. (FH)
Ball 1
51429 Bergisch Gladbach
Tel.: +49 2202 28 941 - 0
Fax: +49 2202 28 941 - 47
E-Mail : datenschutz-IWkoeln@legitimis.com

Your rights as a data subject

You have the right to be informed about the personal data concerning you. You can contact us for information at any time. 

In the case of a request for information that is not made in writing, we ask for your understanding that we may require you to provide evidence that proves that you are the person you claim to be. 

Furthermore, you have the right to correction or deletion or to restriction of processing, as far as you are legally entitled to do so. 

Finally, you have the right to object to the processing within the scope of the statutory provisions. 

You also have a right to data transferability within the framework of the data protection regulations. 

Deletion of data

As a matter of principle, we delete personal data when there is no need for further storage. A requirement can exist in particular if the data is still needed to fulfill contractual services, to check and grant or ward off warranty and guarantee claims. In the case of legal storage obligations, deletion only comes into consideration after expiry of the respective storage obligation. 

Right of appeal to a supervisory authority

You have the right to complain about the processing of personal data by us to a data protection supervisory authority.

We would like to inform you in the following about the processing of personal data in connection with the use of "GoToMeeting".

Purpose of processing

We use the "GoToMeeting" tool to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: "Online Meetings"). "GoToMeeting" is a service provided by LogMeIn, Inc. 

Responsible

The person responsible for data processing directly related to the holding of "online meetings" is 
Institute of the German Economy Cologne e.V.
Konrad-Adenauer-Ufer 21
50668 Cologne
Phone: +49 221 4981 1
fax: +49 221 4981 99547
E-mail: welcome@iwkoeln.de

Note: If you access the "GoToMeeting" website, the provider of "GoToMeeting" is responsible for data processing. However, calling up the Internet site is only necessary for the use of "GoToMeeting" in order to download the software for the use of "GoToMeeting". 

If you do not want to or cannot use the "GoToMeeting" software, the basic functions can also be used via a browser version, which you can also find on the "GoToMeeting" website. 

What data is processed?

When using "GoToMeeting" different types of data are processed. The extent of the data depends on the data you provide before or during your participation in an "online meeting". 

The following personal data are subject to processing: 

Customer account and registration data: This includes data that is provided to create an account or to register for events, webinars, surveys, etc. This may include first and last name, billing information, a password and a valid e-mail address. 

Service Data (including session and usage data):  

When you visit the Provider's website and use its services, the Provider receives data that either you or others have voluntarily entered (for example, schedules, participant information, etc.) or that is passively logged by the website or the 2 Service itself (for example, session duration, webcam usage, connection information, etc.). This may include usage and log data, how the Services are accessed and used, including information about the device you use to access the Services, IP addresses, location information, language settings, the operating system you use, unique device IDs and other diagnostic information that helps the Service Provider to support and improve the Services. 

Third-Party Data: Provider may receive information about you from other sources, including publicly accessible databases or third parties from which Provider has purchased data, and may combine that data with information it already has about you. It may also receive information from other affiliates that are part of its group of companies. This third-party data is collected to protect his legitimate business interests and helps him to update, expand and analyze his records, identify new marketing opportunities and offer products and services that may be of interest to you. 

location information: The Provider collects your location information for the purposes of providing and supporting the Service, fraud prevention and security monitoring. If you wish to opt out of the collection and use of your location information, you may do so by disabling location services on your mobile device. 

Device Information: If you use the Provider's online and mobile services, the Provider may automatically collect information about the type of device you are using, such as the operating system version or device ID (or "UDID"). 

Scope of Processing

We use "GoToMeeting" to conduct "online meetings". If we want to record "online meetings", we will inform you transparently in advance and - if necessary - ask for your consent. 

If necessary for the purposes of recording the results of an online meeting, we will log the chat content. However, this will usually not be the case. 

In the case of webinars, we may also process the questions asked by webinar participants for the purposes of recording and follow-up of webinars. 

An automated decision making process in the sense of Art. 22 GDPR is not used. 

Legal basis of data processing

If personal data is processed by employees of Mustermann GmbH, § 26 BDSG is the legal basis for data processing. If, in connection with the use of "GoToMeeting", personal data is not required for the establishment, execution or termination of the employment relationship, but is nevertheless an elementary component of the use of "GoToMeeting", Art. 6 Para. 1 letter f) GDPR is the legal basis for data processing. In these cases, we are interested in the effective implementation of "online meetings". 

Otherwise, the legal basis for data processing when conducting "online meetings" is Art. 6 para. 1 lit. b) GDPR, insofar as the meetings are conducted within the framework of contractual relationships. 

If no contractual relationship exists, the legal basis is Art. 6 para. 1 lit. f) GDPR. Here too, we are interested in the effective implementation of "online meetings. If no contractual relationship exists, the legal basis is Art. 6 para. 1 lit. f) GDPR. Here too, we are interested in the effective implementation of "online meetings". 

Receiver / passing on of data

Personal data processed in connection with participation in "Online Meetings" is generally not passed on to third parties, unless it is specifically intended to be passed on. Please note that content from "online meetings" as well as personal meetings often serves the purpose of communicating information with customers, interested parties or third parties and is therefore intended for disclosure. 

Other recipients: The provider of "GoToMeeting" necessarily obtains knowledge of the above-mentioned data to the extent that this is provided for in our contract processing agreement with "GoToMeeting". 

Data processing outside the European Union
"GoToMeeting" is a service provided by a provider from the USA. Processing of personal data therefore also takes place in a third country. We have concluded a contract with the provider of "GoToMeeting" that meets the requirements of Art. 28 GDPR. 

A data protection level is regulated by the conclusion of the so-called EU standard contract clauses. 

Data protection officer

We have appointed a data protection officer. You can reach him under:

legitimis GmbH
Herrn Sebastian Feik, Dipl.-WJur. (FH)
Ball 1
51429 Bergisch Gladbach
Tel.: +49 2202 28 941 - 0
Fax: +49 2202 28 941 - 47
E-Mail : datenschutz-IWkoeln@legitimis.com

Your rights as a data subject

You have the right to be informed about the personal data regarding you. You can contact us for information at any time.  

In the case of a request for information that is not made in writing, we ask for your understanding that we may require you to provide evidence that proves that you are the person you claim to be.  

Furthermore, you have the right to correction or deletion or to restriction of processing, as far as you are legally entitled to do so. 

Finally, you have the right to object to the processing within the scope of the statutory provisions. 

You also have a right to data transferability within the framework of the data protection regulations. 

Deletion of data 

As a matter of principle, we delete personal data when there is no need for further storage. A requirement can exist in particular if the data is still needed to fulfil contractual services, to check and grant or ward off warranty and guarantee claims. In the case of legal storage obligations, deletion only comes into consideration after expiry of the respective storage obligation. 

Right of complaint to a supervisory authority 

You have the right to complain about the processing of personal data by us to a data protection supervisory authority.