Data protection

Climate Alliance

Data protection information according to Art. 13 DSGVO

Name and address of the responsible party

The responsible body within the meaning of the General Data Protection Regulation (DSGVO) and other data protection regulations is:

 

Klima-Bündnis der europäischen Städte mit indigenen Völkern der Regenwälder | Alianza del Clima e.V.
Eschborner Landstr. 42 – 50
60489 Frankfurt am Main
Germany
Telephone: +49 69 717 13 90
E-Mail: europe@climatealliance.org

Name and address of the data protection officer

The data protection officer of the responsible party is:

 

Jota Rechtsanwälte PartG mbB
Dr. Christian Velten
Schiffenberger Weg 61
35394 Gießen
Germany
Telephone: +49 641 97 27 668
Email: info@datenschutz-mittelhessen.de 

Legal basis for the processing of personal data

In accordance with Art. 13 DSGVO, we inform you of the legal basis for our data processing. If the legal basis is not specified in the data protection notice, the following applies:

The legal basis for obtaining consent is Art. 6 para. 1 lit. a in conjunction with. Art. 7 DSGVO. The legal basis for processing for the fulfilment of our services and implementation of contractual measures, as well as answering enquiries, is Art. 6 (1) lit. b DSGVO. The legal basis for processing for the fulfilment of our legal obligations is Art. 6 para. 1 lit. c DSGVO. If the processing of your data is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 (1) lit. f DSGVO serves as the legal basis for the processing. In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Art. 6 (1) (d) DSGVO serves as the legal basis.

 

Data deletion and storage period

We adhere to the principles of data avoidance and data economy. We only store your personal data for as long as is necessary to achieve the purposes stated here or as stipulated by the retention periods provided for by law. After the respective purpose ceases to apply or after the expiry of these retention periods, the corresponding data is routinely blocked or deleted in accordance with statutory regulations.

 

Note on data transfer to third countries

On our website, we have also integrated tools from companies based in third countries (including the USA). If these tools are active, your personal data may be transferred to the servers of the respective companies. As a rule, the level of data protection in third countries does not correspond to EU data protection law. This means that there is a risk that your data will have to be handed over to security authorities in these countries and may be processed by authorities in these countries for control and monitoring purposes, possibly without any legal remedy on your part. We have no influence over these processing activities.

 

Rights of the data subject

You have the right to obtain information free of charge at any time about the origin, recipient and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority. You can contact us at any time about this and other questions on the subject of data protection. You will find the contact details in the Legal Notice.

 

As a data subject within the meaning of the GDPR, you have the possibility to assert various rights. The data subject rights resulting from the DSGVO are the right to information (Article 15), the right to rectification (Article 16), the right to erasure (Article 17), the right to restriction of processing (Article 18), the right to object (Article 21), the right to complain to a supervisory authority and the right to data portability (Article 20).

 

Right of withdrawal

Some data processing can only take place with your explicit consent. You have the possibility to revoke your consent at any time. However, the lawfulness of the data processing until the revocation is not affected by this.

 

Right of objection

If the processing is based on Art. 6(1)(e) or (f) DSGVO, you as the data subject may object to the processing of personal data relating to you at any time on grounds relating to your particular situation. You also have this right in the case of profiling based on these provisions. Unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims, we will no longer process the relevant data following an objection.

If the processing of personal data serves the purpose of direct marketing, you also have the right to object at any time. The same applies to profiling that is related to direct advertising. Here too, we will no longer process personal data as soon as you object.

 

Right to complain to a supervisory authority

If you consider that the processing of personal data concerning you infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, place of work or place of the alleged infringement, without prejudice to any other administrative or judicial remedy.

 

Right to data portability

If your data is processed automatically on the basis of consent or performance of a contract, you have the right to receive this data in a structured, common and machine-readable format. You also have the right to request that the data be transferred and made available to another controller, insofar as this is technically feasible.

 

Right of access, rectification and erasure

You have the right to obtain information about your processed personal data regarding the purpose of the data processing, the categories, the recipients as well as the duration of the storage. Furthermore, you have the right to know whether there is a right to correction, deletion or restriction of the personal data concerning you. If you have any questions on this topic or on other topics concerning personal data, you can of course contact us via the contact options given in the imprint.

 

Right to restriction of processing

You can assert the restriction of the processing of your personal data at any time. To do so, you must fulfil one of the following conditions:

  • You dispute the accuracy of the personal data. For the duration of the verification of the accuracy, you have the right to request a restriction of the processing.
  • If processing is carried out unlawfully, you can request the restriction of the use of the data as an alternative to erasure.
  • If we no longer need your personal data for the purposes of processing, but you need the data for the assertion, exercise or defence of legal claims, you can request the restriction of processing as an alternative to erasure.
  • If you object to the processing pursuant to Art. 21 (1) DSGVO, a balancing of your and our interests will be carried out. Until this balancing has taken place, you have the right to request the restriction of processing.

The effect of a restriction of processing is that, apart from storage, the personal data may only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

 

Provision of the website (web host)

When you visit our website, we automatically collect and store information in so-called server log files. Your browser automatically transmits this information to our server or to the server of our hosting company. These are:

  • IP address of the end device of the website visitor
  • Device used
  • Host name of the accessing computer
  • Operating system of the visitor
  • Browser type and version
  • Name of the file accessed
  • Time of the server request
  • Amount of data
  • Information as to whether the retrieval of the data was successful

We do not combine this data with other data sources.

The legal basis for the processing of this data is Art. 6 para. 1 lit. f DSGVO. Our legitimate interest is the technically error-free presentation and optimisation of this website.

Instead of operating this website on our own server, we can also have it operated on the server of an external service provider (hosting company). In this case, the personal data collected on this website will be stored on the servers of the hosting company. In addition to the data mentioned above, this may include, for example, contact requests, contact details, names, website access data, meta and communication data, contract data and other data generated via a website.

The legal basis for processing data by engaging a hosting company is our interest in a secure, fast and efficient provision of our website (Art. 6 para. 1 lit. f DSGVO). Another legal basis may be for the purpose of fulfilling contracts with our future and existing customers (Art. 6 para. 1 lit. b DSGVO). In the event that we have commissioned a hosting company, there is an order processing contract with this service provider.

 

Use of cookies

Our website uses “cookies”. Cookies are pieces of information that a web server (server that provides web content) stores on your terminal device in order to be able to identify this terminal device. They are either stored temporarily for the duration of a session (session cookies) and deleted at the end of your visit to a website or permanently (permanent cookies) on your end device until you delete them yourself or until they are automatically deleted by your web browser. Cookies can also be stored on your end device by third-party companies when you enter our site (third-party requests). This enables us as the operator and you as a visitor to this website to use certain services provided by third parties installed on this website. Examples of this are cookies for processing payment services or cookies for displaying videos. Cookies have a variety of uses. They can be used to improve the functionality of a website, to control shopping cart functions, to increase the security and comfort of website use and to analyse visitor flows and behaviour. Depending on the individual functions, cookies must be classified in terms of data protection law. If they are necessary for the operation of the website and intended to provide certain functions (shopping cart function) or if they serve to optimise the website (e.g. cookies to measure web audience), then their use is based on Art. 6 (1) lit. f DSGVO. As website operators, we have a legitimate interest in storing cookies for the technically error-free and optimised provision of our services. In all other cases, we request your consent to store cookies, which can be revoked at any time (Art. 6 para. 1 lit. a DSGVO). If cookies are used by third-party companies or for analysis purposes, we will inform you about this separately within the scope of this data protection notice. Your required consent will be requested and can be revoked at any time.

View the cookies we use

 

Use of external services

External services are used on our website. External services are third-party services that are used on our website. This may be for a variety of reasons, such as embedding videos or for website security. When using these services, personal data will also be shared with the respective providers of these external services. If we do not have a legitimate interest in using these services, we will obtain your consent as a visitor to our website, which can be revoked at any time, before using them (Art. 6 para. 1 lit. a DSGVO).

 

Analytics

The processing of the personal data of our website visitors enables us to analyse the surfing behaviour of our website visitors. By evaluating the data obtained, we are able to compile information on the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. By means of the analysis tools used, user profiles could, for example, be created for the playout of targeted or interest-related advertising messages, our website visitors could be recognised the next time they visit our website, their click/scroll behaviour, their downloads could be measured, heat maps could be created, page impressions could be recognised, the duration of the visit or the bounce rates could be measured, but also, as a further example, the origin of the website visitors (city, country, from which page the visitor comes) could be recognised. With the help of the analysis tools, our market research and marketing activities can be improved. The processing of the data is based on the legal basis of consent (Art. 6 para. 1 lit. a DSGVO). As a website visitor, you have consented to the processing of your personal data with your voluntary, explicit and prior consent. Without separate consent, the personal data will not be processed by us in the manner described above, provided that there is no other legal basis within the meaning of Art. 6 (1) DSGVO on which we base the processing. We proceed in the same way if you revoke your consent. The lawfulness of the processing carried out until the revocation remains unaffected.

 

Matomo

We use the Matomo service on our website. The provider of the service is InnoCraft Ltd. This company has its branch office at 150 Willis St, 6011 Wellington, New Zealand. As this service is hosted locally on the web server, there is no data transfer to third parties.

 

Consent Management

In order to comply with data protection requirements, we use a consent management tool on our website. With this tool, we obtain the necessary consents for the setting of cookies or the use of external services. The consents are stored.

The processing is necessary for compliance with a legal obligation to which the controller (website operator) is subject. The legal basis of the processing is therefore Art. 6 (1) lit. c DSGVO.

 

Typo3 Cookie Manager

We use the service Typo3 Cookie Manager on our website. The provider of the service is the TYPO3 Association. This has its branch office at Sihlbruggstrasse 105, 6340 Baar, Switzerland. As this service is hosted locally on the web server, no data is transmitted to third parties.

 

Content Delivery Network (CDN)

We use a Content Delivery Network (CDN) to optimise the performance and availability of our website. For this purpose, this service provider, which makes this network available, processes your IP address and the information about when you visited our website. You can find all further information on data processing by this service provider in its data protection information. We base this processing on a legitimate interest (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest in using a content delivery network is to be able to present our website as quickly, securely and reliably as possible.

 

CloudFlare

We use the CloudFlare service on our website. The provider of the service is Cloudflare Ltd. This company has its branch office at 2nd Floor 25 Lavington Street London SE1 0NZ, United Kingdom. The use of the service may result in data transfer to a third country (USA). Further information can be found in the manufacturer’s data protection information at the following URL: https://www.cloudflare.com/de-de/privacypolicy

 

Content Management System

A content management system enables the creation, editing, organisation and presentation of digital content. We use a content management system to create content for our website. This enables us to create a more engaging website. We base this processing on a legitimate interest (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest is the technically error-free presentation and optimisation of the website.

 

Typo3 CMS

Wir nutzen auf unserer Website den Dienst Typo3 CMS. Anbieter des Dienstes ist die TYPO3 Association. Diese hat ihre Niederlassung in Sihlbruggstrasse 105, 6340 Baar, Schweiz.

Da dieser Dienst lokal am Webserver gehostet wird, findet keine Datenübertragung an Dritte statt.

 

Software framework

Software frameworks facilitate interaction with a platform by creating a standardised interface to it. Frameworks are used to reduce the development effort for recurring software requirements. The processing of data is based on the legal basis of consent (Art. 6 para. 1 lit. a DSGVO). As a website visitor, you have consented to the processing of your personal data with your voluntary, explicit and prior consent. Without separate consent, the personal data will not be processed by us in the manner described above, provided that there is no other legal basis within the meaning of Art. 6 (1) DSGVO on which we base the processing. We proceed in the same way if you revoke your consent. The lawfulness of the processing carried out until the revocation remains unaffected.

 

PHP.net

We use the service PHP.net on our website. The provider of the service is the PHP Group. This company has its branch office at 1400 Parkmoor Ave, Ste 100, San Jose, California, 95126, USA. As this service is hosted locally on the web server, there is no data transfer to third parties. Here we refer to the following legal basis: Legitimate interest (Art. 6 para. 1 lit. f DSGVO). This application is required to ensure the unrestricted functionality of the website.

 

Contact form

On our website you have the possibility to contact us via a contact form. To contact us via this form, we ask for certain information. In particular, the request must be described and a contact option must be given. At least this information is mandatory and must be provided in order to use the contact form. The legal basis for answering the contact questions is the fulfilment of a contract or the implementation of pre-contractual measures. In addition, there may be a legitimate interest in order to maintain business relations or to answer your enquiry for any other reason. The legal basis for processing your data is therefore either Art. 6 para. 1 lit. f DSGVO or Art. 6 para. 1 lit. b DSGVO. The data will be deleted when we have answered your enquiry to your satisfaction and if no other retention periods exist (e.g. retention periods under tax or commercial law).

 

Telephone or email contact

In accordance with legal requirements, we have provided a telephone number and e-mail address on our website. The data transmitted in these ways is automatically stored by us in order to process corresponding enquiries or to be able to contact the person making the enquiry. We will not pass on any data obtained in this way to third parties without your consent. If contact is made by telephone or via our e-mail address for pre-contractual or contractual purposes, the processing of personal data is based on the legal basis of Art. 6 Para. 1 lit. b DSGVO. In the case of all other contacts on your part, the processing of personal data by us is based on our legitimate interest (Art. 6 para. 1 lit. f DSGVO).

 

Handling of applicant data

It is possible to send us an application (e.g. by post, online application form or e-mail). We store and process the personal data received in this way for the purpose of deciding whether to enter into an employment relationship. The basis for the processing is Art. 6 para. 1 lit. b DSGVO as well as Art. 6 para. 1 lit. a DSGVO if consent has been given. Insofar as German law is applicable, Section 26 BDSG is also the legal basis for processing (initiation of an employment relationship). You can revoke your consent at any time. The lawfulness of the processing carried out until the revocation remains unaffected. If an employment relationship results from the application, the collected data will be stored for the processing of the employment relationship on the basis of Art. 6 para. 1 lit. b DSGVO. If no employment relationship results, the data will be stored for up to 6 months after the end of the application process on the basis of Art. 6 Para. 1 lit. f DSGVO. We have a legitimate interest in storing the data in order to be able to defend ourselves against any lawsuits or accusations. If consent has been given, the data will be stored for longer on the basis of Art. 6 Para. 1 lit. a DSGVO. You can revoke your consent at any time. The lawfulness of the processing carried out until the revocation remains unaffected.

 

Applicant pool

If no employment relationship is established, the applicant can be included in our applicant pool. In this case, all the details of the application are stored in order to be able to contact the relevant person in the event of suitable job vacancies. The storage of data in the applicant pool only takes place after consent has been given on the basis of Art. 6. para. 1 lit.a DSGVO. This consent can be revoked at any time, whereupon the corresponding data will be deleted unless there are legal reasons for retention. Deletion takes place no later than two years after consent has been given. The lawfulness of the processing carried out until the revocation remains unaffected.

 

Zoom and data protection

Data privacy notice for online meetings, conference calls and webinars via “Zoom” of Climate Alliance e.V.

Processing of personal data in the context of the use of “Zoom”

 

Purpose of Processing
We use “Zoom” as a tool to conduct conference calls, online meetings, video conferences, and/or webinars (in the following “online meetings”). “Zoom” is a service of Zoom Video Communications, Inc. which is based in the US.

 

Data Controller
Controller of data processing in the context of conducting online meetings is Climate Alliance e.V.

 

Notice: As soon as you access the webpage of “Zoom”, the provider of “Zoom” is responsible for data processing. This access of the webpage is however only necessary for downloading the software required for the use of “Zoom”. You may also use “Zoom”, when entering the respective meeting ID and possibly further login data directly in the “Zoom” app. Here, too, the “Zoom” webpage may be accessed. If you cannot or do not want to use the “Zoom” app, basic functions will be accessible through the browser version, which you also find on the “Zoom” webpage. If you do not have a suitable device available or want to refrain from visual presentation, you will be able to directly dial into the online meeting via telephone. This way, no metadata will be collected or processed, because no access to any computer or mobile device is given.

 

Which data is processed?
Various types of data are processed when using “Zoom”. The amount of data depends depends on which data you enter in advance or during the participation of an online meeting.

 

The following personal data are subject to processing:

  • User data: prename, surname, phone number (optional), email address, password (if “single-sign-on” is not used), profile picture (optional), department (optional)
  • Meeting metadata: topic, description (optional), participant IP address, device/hardware information
  • During recording (optional): MP4 files of all video, audio and presentation recordings; m4a files of all audio recordings; text files of the online-meeting chats
  • Phone dial: entries of incoming and outgoing phone number, country name, start and end time, in some cases further connection details like IP address of the device may be stored
  • Text, audio and video data: You potentially have the possibility to use chat, Q&A and polls during the online meeting. The data entered there is processed for the purpose of making it visible and possible to protocol. To enable the display of video and the rendering of audio, corresponding data will be collected from the microphone of you device and any video cameras of your device for the duration of the meeting. You can turn off the camera or microphone in the “Zoom” application at any point of the meeting.

To participate in an online meeting, or to enter the online meeting room, you have to enter a name. This name does not have to be your “real” name, but can also be a nickname.

 

Scope of Processing
We use “Zoom” to conduct online meetings. If we want to record online meetings, we will transparently inform you about this and – if required – ask you for permission. In case of a recording, this further will be signified in the “Zoom” app. If necessary for the purpose of recording the results of the online meeting, we will also log the chat content. However, this will usually not be the case. For the purpose of recording and reworking webinars, we may also log the questions posed by participants. If you are a registered user of “Zoom”, reports of online meetings (meeting metadata, phone dial data, questions and answers in webinars, polls in webinars) may be stored at “Zoom” for up to one month. Automated decision-making after Article 22 GDPR is not deployed.

 

Legal basis of data processing
As long as personal data of employees of Climate Alliance is processed, §26 BDSG is the legal basis of data processing. If in the context of using “Zoom” personal data is not required for the establishment, conduct, or termination of employment, but an essential part of the use of “Zoom”, Article 6(1) f) GDPR is the legal basis of data processing. In these cases our interest is the effective conduct of online meetings. In all other cases where online meetings are conducted in the context of a contractual relationship the legal basis of data processing is Article 6(1) b) GDPR. If no contractual relationship is present, the legal basis of data processing is Article 6(1) f) DSGVO. Here too, our interest is the effective conduct of online meetings.

 

Recipients / Disclosure of Data
Personal data processed within the context of the participation in online meetings are generally not passed on to third parties as long as they are not explicitly intended for disclosure. Please note that contents from online meetings like in physical meetings are often meant to communicate information with members, interested or third parties and are therefore meant for disclosure. Further recipients: The provider of “Zoom” takes necessarily notice of the above mentioned data as long as this is provided for by our data processing agreement with “Zoom”.

 

Data processing outside the European Union
“Zoom” is a service delivered by a provider from the US. Processing of personal data is therefore also conducted in a third country. We have concluded a data processing agreement with “Zoom” which meets the requirements of Article 28 GDPR. An appropriate data privacy level is guaranteed by the “privacy shield” certification of Zoom Video Communications, Inc., as well as by the conclusion of the so called EU standard contractual clauses.

 

Data protection officer
We have appointed a data protection officer.

Datenschutz Mittelhessen GbR
Herr Dr. Christian Velten
Bodenstraße 20
35606 Solms
info@datenschutz-mittelhessen.de

 

Your rights as affected person
You have the right to gain access to your stored personal data. You can contact us to gain access at any point. In case of an information inquiry, we ask for your understanding that we might ask for proof of identity to verify that you are the person you impersonate. Further, you have the right to correction or of erasure or of limitation of processing, as long as this is provided for by the legal basis. Finally, you have a right of objection towards processing within the scope of legal provisions. A right to data portability is also within the scope of data protection regulations.

 

Erasure of data
As a matter of principle, we delete personal data when there is no need for further storage. A requirement may exist in particular if the data is still needed to fulfil contractual services, to check and grant or ward off warranty and, if applicable, guarantee claims. In the case of statutory storage obligations, deletion shall only be considered after the expiry of the respective storage obligation.

 

Right of appeal to a supervisory authority
You have the right to complain about our processing of personal data to a supervisory authority for data protection.

 

Amendment of this data privacy notice
We revise this data privacy notice in the event of changes in data processing or other reasons that necessitate this. You will always find the current version on this website.

Status: 10.07.2020

 

Video conferences and webinars

Climate Alliance uses the Zoom for video conferences and webinars, as it is currently the most appropriate tool for our purposes. All other solutions that we have informed ourselves about and tested are not yet comparable in terms of reliability, functionality and user-friendliness. Below you will find information on usage, privacy and other issues we would like to encourage you to read.

 

Usage

  • Take the time to familiarise yourself with the software and to check the functionality of your technology.
  • You do not need your own Zoom account to participate in our video conferences and webinars and therefore you do not have to provide an email address.
  • You can use Zoom via your browser or install the Zoom application software (low-interference use). (As far as we know, the connection via the Zoom app is more stable and less data is collected).
  • Once the Zoom app is installed, you will be able to dial into a meeting or webinar directly using the meeting ID and password without having to visit the Zoom website.
  • We would be pleased if you could identify yourself with your real name so that all participants know who they are dealing with. But you can also enter a pseudonym or nickname in the mask before the meeting begins.
  • It is important to be able to see and interact with each other during online meetings. In case you have a poor data connection, it may be useful to turn off the video to minimize the interference with voice communication and stabilize the connection quality. This further makes sense for energy saving reasons.
  • Especially if there are many participants, it is advisable to mute your microphone when you are not speaking to avoid unnecessary background noise. This also minimizes data traffic.
  • Like most other websites, the Zoom website uses cookies for statistics, advertising and tracking. If you do not want this, you must actively object to the use of cookies or remove the corresponding check mark.
  • You can also dial into the video conference or webinar by telephone if you do not have a suitable device available or if you do not want to use visual displays. No metadata will be collected or gathered in this process, as there is no access to the PC or a mobile device.
  • Zoom’s chat is end-to-end encrypted; the audio and video features are not. Chats can further be stored by us to record relevant exchanges and questions. In general, we therefore advise against sharing sensitive data via Zoom neither written nor verbal.

 

Recordings

  • Image and sound recordings as well as screenshots during a meeting/webinar by the participants themselves are not permitted in accordance with data protection regulations.
  • If the session or even chat messages are recorded, we will clearly point this out to you in advance. You can decide whether you want to leave the meeting/webinar at this point. Climate Alliance reserves the right to use screenshots, audio and video recordings of webinars/meetings for communication purposes in online, print and other media. If you stay with us, you agree to this.

At the beginning of a video conference or webinar, our moderator will explain some functions and rules to you and, if necessary, inform you about particularities for the work in breakout rooms.

 

Privacy

Zoom is a powerful, low-threshold and reliable tool that complies with the European General Data Protection Regulation (GDPR). As with other online tools, the use of Zoom generates data that may allow conclusions to be drawn about persons and their characteristics. This data is treated confidentially and is neither passed on nor sold to third parties by Climate Alliance or Zoom – as far as apparent from their privacy policy (www.zoom.us/de-de/privacy.html). Like many other webinar technology providers, Zoom is a US-based service provider. Like others, “Zoom” is certified under the EU-U.S. Privacy Shield, so that the legal requirements for an adequate level of data protection are met.

 

We do everything possible to protect your and our data and to ensure transparency. We have concluded a contract with Zoom Video Communications, Inc. However, it is up to you to decide whether you want to or are allowed to participate in our video conferences and webinars via Zoom. Only once you dial into the meeting or open the invitation link will data about you be collected. With your participation in a Zoom meeting you accept our data privacy policy and agree to the processing of the data necessary for the execution of the meeting. Alternatively, you can dial in by telephone, although this way not all functions of the meeting can be guaranteed. Further information on the processing of personal data (in accordance with article 13 GDPR) during a Zoom meeting can be found here: [insert link here – duty to inform art. 13 GDPR].

 

Concerning the criticism of Zoom

Technical vulnerabilities
Zoom has now integrated an encryption standard (AES 256 GCM) and closed further security gaps, e.g. with Facebook SDK on Apple devices. As administrator and host, Climate Alliance prevents so-called ZOOM bombing, i.e. the willful intrusion into an ongoing video conference, by means of appropriate settings such as the assignment of access restrictions.

 

Transfer of personal data to external service providers
Like many other internet services, also Zoom subcontracts data processors (external service providers, see list here) to provide its services, to whom personal data can be passed on. The commissioned data processors may only use this data to carry out the services requested by ZOOM and, in turn, may not pass this data on to third parties. Such commissioned processing of personal data is in accordance with European data protection law. In any case, little or no personal data about you will be collected if you only participate in the video conferences as a guest, i.e. do not use a ZOOM account.

 

Authorizations of the administrators and hosts
Climate Alliance has neither the interest nor the capacity to track you, to retrieve your location or device information or anything similar. If possible, we will disable these functions in the settings. Where it seems useful to us to record webinars or save chat protocols as meeting notes, we will of course inform you in advance and ask for your consent.

 

Hints

This way you minimise your data and CO2 footprint:

  •  Dial into the conferences on time.
  • If you are already familiar with the functionalities and the technology, do not enter the video conference or webinar earlier than necessary – the online waiting time generates unnecessary data traffic and thus CO2.
  • Only record meetings and webinars if absolutely necessary.
  • Only switch on your camera if necessary.

We very much regret that no comparable EU-wide solution currently meets our needs and requirements. We hope that in the future we will be able to fall back on a European service provider with comparable functionality. Climate Alliance does not assume any liability for the use of the software Zoom. The current data protection guidelines of Zoom can be found at https://zoom.us/de-de/privacy.html