Data Privacy Information according to Art. 13, 14 and 21 GDPR Online meetings, video and telephone conferences via BigBlueButton

Data protection remains an important concern for us. In the following we will inform you how your data is processed in BigBlueButton and what rights you are entitled to. As the data controller, Forschungszentrum Jülich has implemented numerous technical and organisational measures to ensure that your personal data are protected as completely as possible.

The responsible body within the meaning of the data protection laws is:

Forschungszentrum Jülich GmbH Wilhelm-Johnen-Strasse
52428 Jülich/Deutschland
Tel: +49-2461-61-0
Website: https://www.fz-juelich.de

1.Processing purposes and legal basis BigBlueButton is an online conferencing system designed for conference calls, video conferences and online meetings for collaboration. It can also be used to conduct webinars. Recordings of the meetings are possible. Your personal data will be processed in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG-neu) and other relevant data protection regulations. The processing and use of individual data is required for the following purposes:

Our contract documents, forms, declarations of consent and the other information provided to you (e.g. on the website) provide you with further details and additions for processing purposes. The legal basis for this processing is Art. 6 I lit. f DS-GVO. Processing operations are based on this legal basis if the processing is necessary to safeguard a legitimate interest of our company, provided that your interests, fundamental rights and freedoms do not prevail. If the processing of personal data is necessary for the performance of a contract or a pre-contractual measure, then Art. 6 I lit. b DSGVO is the legal basis. In principle, BigBlueButton is an alternative to official presence meetings: we conscientiously protect your data from loss, misuse, unauthorised access, unauthorised disclosure, falsification or destruction. Within our company, your data is stored on password-protected servers to which only a limited group of people has access. By registering for the Service, you accept the BigBlueButton Terms of Use and Privacy Policy. Our contract documents, forms, declarations of consent and other information made available to you (e.g. on the website) provide you with further details and additions for processing purposes.

2. Categories of personal data processed by The following data is processed:

3. Who receives the data? We pass on your personal data within our company to the divisions, who need this data to fulfil contractual and legal obligations or to implement our legitimate interest.

4. Does a transfer of your data to a third country or to an international organisation take place? No data processing takes place outside the EU or the EEA. BigBlueButton is a service that is hosted independently at Forschungszentrum Jülich.

5. How long do we store your data? Non-recorded meetings: Data will be deleted after the meeting has ended. Recorded meetings: In the rare cases of a recording, we generally delete the personal data when there is no need for further storage, e.g. webinars. In addition, we are subject to various storage and documentation obligations, which result from the German Commercial Code (HGB) and the German Fiscal Code (AO), among others. The periods of retention and documentation stipulated there are up to ten years after the end of your activity at the research centre or the pre-contractual legal relationship.

6.To what extent is there automated decision-making in individual cases (including profiling)? As a responsible company, we refrain from an automated decision-making procedure or profiling in accordance with Article 22 GDPR.

7.Your Privacy Rights You have the right of access pursuant to Art. 15 GDPR, the right of rectification pursuant to Art. 16 GDPR, the right of deletion pursuant to Art. 17 GDPR, the right of restriction of processing pursuant to Art. 18 GDPR and the right of data transfer pursuant to Art. 20 GDPR. In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 GDPR).

8.Your right to appeal to the competent supervisory authority In addition, you have the right to appeal to the data protection supervisory authority (Art. 77 GDPR). The supervisory authority responsible for us is:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen Postfach 20 04 44
40102 Düsseldorf

Or contact directly our Data Protection Officer:
Frank Rinkens Forschungszentrum Jülich GmbH Wilhelm-Johnen-Strasse
52428 Jülich/Deutschland
Tel: +49-2461-61-9005
Email: DSB@fz-juelich.de

9.Scope of your obligations to provide us with your data You only need to provide the data required for usage of the service or which we are legally obliged to collect. If we also request data from you, you will be informed of the voluntary nature of the information separately.