We, the Deutsche Forschungsgemeinschaft e. V. (DFG, German Research Foundation) take the protection of your personal data and its confidential treatment extremely seriously. Therefore, we wish to inform you about the processing of your personal data in connection with holding online meetings and video conferences (hereinafter referred to as “online meetings”) by the DFG and the rights to which you are entitled. The processing of your personal data takes place exclusively within the framework of the applicable statutory provisions of data protection laws, in particular the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
The subject matter of data protection is personal data. This is all information which relates to an identified or identifiable natural person (so-called data subject). For example, this includes information such as name, postal address, email address or telephone number.
1. The controller for the processing of your personal data is:
The party responsible for processing data which is directly related to holding online meetings is:
a) Own video conferencing systems
aa) Notes regarding “WebEx”:
Invitation to an online meeting is given via a meeting link. A person can participate via the browser by clicking on this link. However, it is only necessary to access the website to use “WebEx” when downloading the required software. “WebEx” is a service from Cisco Systems, Inc. (hereinafter “Cisco”), with its headquarters in the USA, which we obtain from T-Systems International GmbH / Telekom Deutschland GmbH (hereinafter “Telekom”) within the context of the processing agreement. This means that Cisco and Telekom only process your data for the purposes intended by DFG.
It is not necessary to register separately with Cisco or to use a WebEx app. You can however also use “WebEx” via the “WebEx” app by entering the respective meeting ID directly in the “WebEx” app, and where applicable any additional login details relating to the meeting. If you don’t want to use the “WebEx” app or can’t use it then the basic functions can also be used via a browser version, which you can also find on the Cisco website. You can also use “WebEx” on your phone.
bb) Notes regarding “Skype for Business”:
Invitation to an online meeting is given via a meeting link. A person can participate via the browser by clicking on this link. However, it is only necessary to access the Microsoft website to use “Skype for Business” when downloading the required software. “Skype for Business” is an on-premise solution, which means that Microsoft does not have any access to the video conferencing data.
It is also possible to use “Skype for Business” without a Microsoft account and without downloading the software if you use the “Skype for Business” function as a guest. You can also use “Skype for Business” function on your phone.
b) Video conferencing systems of third parties
Notes regarding “DFNconf”:
Invitation to an online meeting on “DFNconf” is given via a meeting link. A person can participate via the browser by clicking on this link. Those who have been invited to participate in the meeting are not required to register separately on “DFNconf”. You can also use “DFNconf” by other means (e.g. on your phone, your smartphone or via “Skype for Business”) if you enter the respective meeting ID and any additional login details for the online meeting.
The German National Research and Education Network (Verein zur Förderung eines Deutschen Forschungsnetzes e.V., hereinafter “DFN e.V.”), Alexanderplatz 1, 10178 Berlin is responsible for processing your data from a technical perspective within the context of holding the meeting. You can find additional information on how your personal data is processed by the DFN e.V. here:
The DFG only processes your data during the online meeting as part of interacting with you.
2. You can contact our data protection officer as follows:
By using “WebEx”, “DFNconf” and “Skype for Business” for an online meeting, information which is necessary for providing the video conferencing service is processed automatically when participating in an online meeting. This includes, for example, your IP address, your username and the length of the video conference.
Furthermore, we only process the personal data of those who are directly connected with the respective online meeting which is organised and led by the DFG.
Specifically, this may include:
“WebEx”:
“DFNconf”:
“Skype for Business”:
In order to participate in an online meeting or enter the “meeting room”, you must at minimum provide information about your name and e-mail address.
We use “WebEx”, “DFNconf” and “Skype for Business” for the purpose of holding online meetings. Below, we wish to provide you with an overview of the reasons and the legal basis for processing your personal data within the framework of an online meeting:
1. Processing your data as part of the employment relationship
Insofar as personal data is processed by DFG employees, Article 88 Paragraph 1 GDPR in conjunction with § 26 Paragraph 1 Sentence 1 BDSG shall form the legal basis of the data processing. If personal data is not required for justifying, implementing or terminating the employment relationship in connection with the use of “WebEx”, "DFNconf” and “Skype for Business”, but nonetheless forms an essential component of the use of “WebEx”, “DFNconf” and “Skype for Business”, point (f) of Article 6 Paragraph 1 GDPR shall form the legal basis for the data processing. In these cases, our interest is in holding the relevant online meeting effectively.
2. Processing the data of external users
The legal basis for processing the data of external users (e.g. members of a DFG committee, conference participants within the framework of research funding) when holding an online meeting is point (b) of Article 6 Paragraph 1 GDPR, insofar as the online meetings are held within the scope of contractual relationships between the DFG and external users.
If no contractual or precontractual relationship exists, the legal basis shall be point (f) of Article 6 Paragraph 1 GDPR. Here too, our interest is in holding an online meeting effectively.
3. Recording online meetings
Online meetings held when using “DFNconf” and “Skype for Business” are not recorded.
If we want to record an online meeting when using “WebEx”, we will inform you of this transparently beforehand. It will also be displayed in the “WebEx” app that the meeting is being recorded. In the case of an online meeting, we can also process the questions asked by the participants for the purpose of recording and following up on an online meeting.
a) Providing the contractual relationship with you serves as a legal basis for recording the meeting, we process your data on the basis of point (b) of Article 6 Paragraph 1 GDPR.
b) In all other cases, the data is processed based on the consent of the participant (point (a) of Article 6 Paragraph 1 GDPR). It is not possible to participate without giving consent.
Consent can be withdrawn at any time. Please also note that this withdrawal shall only apply with future effect, meaning the lawfulness of the data processing which took place with your consent prior to withdrawing remains unaffected.
We primarily process the personal data which we receive from you directly in connection with your participation in an online meeting. In a few cases, we also obtain your personal data from third parties in advance in order to invite you to online meetings. These third parties may include, for example:
We do not use automated decision-making or profiling in accordance with Article 22 GDPR.
In connection with an online meeting of the DFG, you are required to provide the personal data which is necessary for holding the online meeting or which we are legally obliged to process. Without this data, you may not be able to participate in the online meeting held by the DFG.
Within the DFG, only employees of DFG Head Office have access to your personal data. Personal data which is processed in connection with participating in online meetings is generally not passed on to third parties, providing it is not specifically intended for this purpose. Please note that the contents of the online meetings serve the purpose of communicating information, and therefore are intended to be passed on to the participants of the online meeting to ensure they are informed.
We only pass your personal data on to external recipients if a legal basis exists for this or if you have given your consent to such. In such a case, we comply with the principle of data economy and as a general principle only pass on data to the extent which is necessary for the concrete purpose. This applies in particular to special categories of data. No data is shared with third parties solely for their commercial purposes.
Any external recipients of the data depend on the respective video conferencing system used. We use the following processors:
For this reason, we have signed a processing agreement with the companies named above which ensures that the processor and the sub-processor may only process your personal data for the purposes specified by us.
“WebEx” is a service which is provided by Cisco from the USA. Personal data is therefore also processed in third countries. We signed an order processing agreement with Telekom with regard to “WebEx” which meets the requirements of Art. 28 GDPR. In the event of data being transferred to a third country, an adequate level of data protection is ensured by suitable guarantees in the form of standard contractual clauses between us and Cisco. For further information, please read
We will erase the data once it is no longer necessary for the purposes pursued by us and provided that no other legal requirements, in particular statutory or contractual retention periods, apply. Insofar as we process your data in accordance with a consent, we will erase the data when the storage period specified in the declaration of consent has expired or should you have revoked the consent and no other legal basis is present. Should the latter situation apply, we erase the data once the other legal basis is no longer applicable.
If you are registered with “WebEx” as a user, reports relating to an online meeting (meeting metadata, telephone dial-in data, questions and answers, survey functions) can be stored by Cisco. More detailed information on the storage periods which are specified by Cisco for the use of “WebEx” can be found here:
1. Right of access
You have the right to receive confirmation from us as to whether we process personal data relating to you or not. Should this be the case, you have the right to receive information concerning your personal data and to receive further details concerning the processing.
2. Right to rectification
You have the right to request the rectification of incorrect personal data relating to you and to have incomplete personal data completed.
3. Right to erasure (“right to be forgotten”)
Under certain circumstances, you have the right to request that we erase your personal data. For example, this right exists if the personal data is no longer necessary for the purposes for which it was collected or otherwise processed or if the personal data was processed unlawfully.
4. Restriction of processing
Under certain circumstances, you have the right to request that the processing of your personal data be restricted. In such a case, we will only store such personal data in relation to which you have given your consent or processing is permitted by the GDPR. For example, you may have a right to restrict processing if you have disputed the correctness of your personal data.
5. Data portability
Should you have provided us with personal data under a contract or with your consent, then provided that the statutory requirements are met, you can request to receive the data which you have provided in a structured, commonly used and machine-readable format or request that we transfer this data to another controller.
6. Withdrawal of consent
Should you have given us your consent to the processing of your personal data, you can withdraw this at any time with effect for the future. The lawfulness of the processing of your personal data prior to the withdrawal remains unaffected by this.
7. Objection against processing on the basis of a “legitimate interest”
8. Right to complain to the supervisory authority
You also have the right to lodge a complaint with the responsible supervisory authority, should you consider that the processing of your data breaches applicable laws. For this purpose, you can contact the data protection authority which is responsible for your place of residence, place of employment or the location of the alleged breach or the data protection authority which has jurisdiction over us. The supervisory authority of the German Federal State in which you reside or work or where an alleged breach which forms the subject of the complaint has taken place holds jurisdiction.
Should you have any questions concerning the processing of your personal data or should you wish to assert your rights as a data subject which are set out in Number XI. 1-7, you can contact us free of charge. Please use the contact details under Number II., 1. To withdraw your consent, you can also use the contact channel which you selected when submitting the declaration of consent.