Privacy Policy

1.) Name and Contact Details of the Controller Responsible for Processing and the Company Data Protection Officer

This privacy notice applies to data processing by:
Controller: Isabellenhütte Heusler GmbH & Co. KG, Eibacher Weg 3-5, 35683 Dillenburg, Email: info@isabellenhuette.com

The company data protection officer of Isabellenhütte Heusler GmbH & Co. KG can be contacted at the above address, Attn: Data Protection Officer, or via LAN-Security Gesellschaft für Netzwerktechnik und -sicherheit mbH, Konnwiese 13, 56477 Rennerod, Email: dsb@lan-security.de

2.) Collection and Storage of Personal Data and Types and Purposes of Its Use

Purposes and Legal Bases for Processing Prospective Customers’ and Customers’ Data

We process and use the personal data you provide only for the initiation, establishment, content design, or amendment of a legal relationship between you and us (Art. 6(1)(b) GDPR), as long as there is a legitimate interest in the processing (Art. 6(1)(f) GDPR), you have consented to the data processing (Art. 6(1)(a) GDPR), or another legal norm permits the processing.
The provision of your personal data is necessary for the creation of offers or contract processing. If you do not provide your data, we cannot create an offer or establish a contractual relationship.

Categories of Personal Data

Salutation, first name and last name, academic title, job title, department, company, email address, phone number.

Origin of Data

We process personal data collected in the context of prospective customer or customer management or data you transmit to us via contact forms on our website.

Note on Data Transfer to the USA and Other Third Countries

We use tools from companies based in the USA or other countries that are not legally secure from a data protection perspective. This is detailed in the description of tools in section 5 "Analytics and Third Party Tools" of this document. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that these countries cannot guarantee a data protection level comparable to that of the EU. For example, US companies are obliged to release personal data to security authorities without you being able to take legal action as a data subject. It cannot be excluded that US authorities (e.g., intelligence agencies) process, evaluate, and permanently store your data located on US servers for surveillance purposes. We have no control over these processing activities.

Duration of Data Storage

The duration of data storage depends on the purpose of use and is described in the relevant sections. Additionally, we store your personal data only as long as it is legally required or necessary in individual cases for the establishment, exercise, or defense of legal claims for the duration of a legal dispute. If you have consented to a longer storage period of your personal data, we store it according to your declaration of consent.

When Visiting the Website

When you access our website www.isabellenhuette.com your browser automatically sends information to the server of our website. This information is temporarily stored in a log file. The following information is automatically collected and stored until automated deletion:

IP address of the requesting computer,

Date and time of access,

Name and URL of the retrieved file,

Website from which access is made (referrer URL),

Browser used and, if applicable, the operating system of your computer as well as the name of your access provider.

The mentioned data is processed by us for the following purposes:

Ensuring a smooth connection setup of the website,
Ensuring comfortable use of our website,

Evaluation of system security and stability, as well as for further administrative purposes.

The legal basis for data processing is Art. 6(1)(f) GDPR (German law). Our legitimate interest arises from the purposes of data collection listed above. Under no circumstances do we use the collected data to draw conclusions about you personally.

Additionally, we use cookies and external tools when visiting our website. Further explanations are provided in sections 4 and 5 of this privacy policy.

When Using Our Contact Form

If you have any questions, we offer you the opportunity to contact us via a form provided on the website. It is necessary to provide your name and a valid email address so that we know who the request came from and can answer it. Further information can be provided voluntarily.

Data processing for the purpose of contacting us is carried out under Art. 6(1)(a) GDPR based on your voluntarily given consent.

Personal data collected by us for the use of the contact form will be automatically deleted after the request you made has been dealt with, provided that further data processing is not required for exercising the right to free expression of opinion and information, fulfilling a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims.

When Using the Partner Login

At https://www.isabellenhuette.com/partner-login, we offer you the opportunity to register as a distributor of our products. To use the distributor login, you must register an account. The registration of your account is handled through our distribution manager. You are required to provide your name, email address, company, and address so we can create a user account for you and know which user the account is assigned to. Additional information can be provided voluntarily.

In addition, cookies may be set when using the distributor login. Google Analytics is also used. Further explanations are provided in sections 4 and 5 of this privacy policy.

Data processing for the purpose of using the distributor login is carried out under Art. 6(1)(b) GDPR.

Personal data collected by us for the use of the partner-login will be automatically deleted after your account is deleted, unless further data processing is required for exercising the right to free expression of opinion and information, fulfilling a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims.

When Using the Job Application Portal

We offer you the opportunity to submit applications to our company via a job application portal on our website. When sending your application, the data you enter is processed in our applicant management system. Your data is always treated with strict confidentiality. The following information is collected and stored until deletion:

Name
Address
Email Address
Phone Number
Resume
Cover Letter
Certificates / Proof of Qualifications
Educational Background / Work Experience

The mentioned data is processed for the following purposes:

Processing your application
In anonymized form for internal statistical purposes

In addition, cookies and external tools are used on our job application portal. Further explanations are provided in sections 4 and 5 of this privacy policy.

Data processing for the purpose of processing your application is carried out under Art. 6(1)(a) GDPR based on your voluntarily given consent.

After entering and submitting your data, they are transmitted via a connection to the server of our external service provider rexx systems GmbH, Süderstrasse 75-79, 20097 Hamburg, which operates the used applicant management system and hosts the applicant data it collects on its server as a processor according to Art. 28 GDPR. All data is encrypted based on the SSL procedure.

Data protection policy of rexx systems GmbH: https://www.rexx-systems.com/data-protection/

After the selection process, and at the latest 6 months after the data was collected, we will automatically delete the personal data collected and stored, unless further storage is required to fulfill a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims.

We may continue to use anonymized applicant data for internal statistical purposes. We ensure that the data used no longer has a personal reference.

Hosting

We host the content of our website with the following provider: HubSpot, Inc., Two Canal Park, Cambridge, MA 02141 USA (The website is hosted via HubSpot’s EU data center). More information on HubSpot can be found in section 5 of this privacy policy.

3.) Transfer of Data

Your personal data will not be transferred to third parties for any purposes other than those listed below.

We only share your personal data with third parties if:

You have given your explicit consent according to Art. 6(1)(a) GDPR, the transfer is required for the establishment, exercise, or defense of legal claims and there is no reason to assume that you have an overriding interest in not disclosing your data (Art. 6(1)(f) GDPR), the transfer is required by law (Art. 6(1)(c) GDPR), or it is necessary for the performance of a contract (Art. 6(1)(b) GDPR).

4.) Cookies

Our websites use "cookies". Cookies are small data packets that do no harm to your device. They can be temporarily stored during a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted after your visit ends. Persistent cookies remain stored on your device until you delete them yourself or they are automatically deleted by your web browser. Third-party cookies may also be stored on your device when you access our site (third-party cookies). These allow us or you to use specific services provided by the third party (e.g., cookies for payment processing). Cookies serve various functions. Many cookies are technically necessary because certain website functions wouldn’t work without them (e.g., the shopping cart function or displaying videos). Other cookies are used to evaluate user behavior or display advertisements.

Cookies required for electronic communication, to provide certain functions you have requested (e.g., for the shopping cart function), or to optimize the website (e.g., cookies for audience measurement) are stored based on Art. 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of necessary cookies for the technically flawless and optimized provision of its services. If consent for the storage of cookies and comparable recognition technologies has been requested, processing will be carried out exclusively based on this consent (Art. 6(1)(a) GDPR and § 25(1) TTDSG). You can revoke your consent at any time. You can configure your browser to notify you when cookies are set, to allow cookies in individual cases, to block cookies in specific situations or generally, and to enable the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website. If cookies are used by third-party companies or for analysis purposes, we will inform you about this separately in this privacy policy and, if necessary, request your consent.

Consent with HubSpot Consent Management

Our website uses HubSpot’s consent technology to obtain your consent to store specific cookies on your device or use specific technologies and to document this in a manner compliant with data protection regulations. The provider of this technology is HubSpot, Inc., Two Canal Park, Cambridge, MA 02141 USA (EU data center).

When you access our website, a connection to HubSpot’s servers is established to obtain your consents and other declarations regarding the use of cookies. HubSpot then stores cookies in your browser to associate the consents or their revocation with you. The data collected in this manner will be stored until you request us to delete it, you delete the HubSpot cookies yourself, or the purpose for data storage no longer applies. Mandatory legal retention periods remain unaffected.

The use of HubSpot’s consent management banner is to comply with the legal obligation to obtain the necessary consents for the use of cookies. The legal basis is Art. 6(1)(c) GDPR.

5.) Analytics and Third-Party Tools

Tracking Tools

The following tracking measures we use are carried out based on Art. 6(1)(f) GDPR. With the use of tracking measures, we want to ensure a needs-based design and the continuous optimization of our website. In addition, we use tracking measures to statistically record the use of our website and evaluate it to optimize our offerings for you. These interests are considered legitimate in the context of the GDPR.

The respective processing purposes and data categories can be found in the corresponding tracking tools.

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. Google Tag Manager itself does not create user profiles, store cookies, or conduct independent analyses. It only manages and plays the tools embedded via it. Google Tag Manager does, however, collect your IP address, which may be transmitted to the parent company of Google in the United States.

The use of Google Tag Manager is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in a quick and easy integration and management of various tools on its website. If a corresponding consent was requested, processing is carried out exclusively based on Art. 6(1)(a) GDPR and § 25(1) TTDSG, to the extent that the consent allows the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) in the sense of the TTDSG. Consent can be revoked at any time.

Google Analytics

We use Google Analytics based on your consent according to Art. 6(1)(a), Art. 7 GDPR. The provider is Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). Google Analytics is used to analyze website usage by users. The service uses "cookies", which are text files stored on your device. The information collected by the cookies is generally transmitted to a Google server in the USA and stored there.

This website uses IP anonymization. The IP address of users within member states of the EU and the European Economic Area is truncated. As a result, your IP address cannot be directly linked to your identity. In the framework of the data processing agreement concluded between the website operator and Google Inc., Google uses the collected information to evaluate website use and activity and to provide services related to internet usage.

You can prevent cookies from being stored by setting your browser accordingly. However, please note that this may result in limited functionality of the website.

Furthermore, you can prevent Google from collecting the information generated by the cookies (including your IP address) and processing it by installing a browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout
More information about data usage by Google can be found at: https://support.google.com/analytics/answer/6004245?hl=de

The data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/

Further information on data protection in connection with Google Analytics can be found in Google Analytics help: https://support.google.com/analytics/answer/6004245?hl=de.

Google Ads and Conversion Tracking

This website uses the online advertising program “Google Ads” and, within the framework of this, conversion tracking by Google Inc. (“Google”). If you click on an ad placed by Google, a cookie for conversion tracking will be set on your device. These cookies have a limited validity, do not contain personal data, and are not used for personal identification. If you visit certain pages of our website and the cookie has not expired, Google and we can recognize that you clicked on the ad and were redirected to this page. Every Google Ads customer receives a different cookie. Therefore, it is not possible to track cookies across the websites of Ads customers.
The information collected with the help of the conversion cookie is used to create conversion statistics. We learn the total number of users who clicked on an ad and were redirected to a page with a conversion tracking tag. We do not receive any information that allows users to be personally identified.

You can prevent cookies from being stored by selecting the appropriate technical settings in your browser. You will then not be included in the conversion tracking statistics. You can also deactivate personalized advertising in the Google ads settings. Instructions can be found at https://support.google.com/ads/answer/2662922?hl=de.

Further information and Google’s privacy policy can be found at: https://www.google.de/policies/privacy/

The processing is based on our legitimate interest in targeted advertising and the analysis of the effectiveness and efficiency of this advertising, and the fact that your legitimate interests do not override it (Art. 6(1)(f) GDPR).

DoubleClick (Subservice of Google Ads)

DoubleClick by Google is a service provided by Google. DoubleClick by Google uses cookies to present you with relevant ads. Your browser is assigned a pseudonymous identification number (ID) to check which ads were shown in your browser and which ads were clicked. DoubleClick cookies enable Google and its partner websites to place ads based on previous visits to our or other websites. The information generated by the cookies is transmitted to and stored on a server in the USA. Otherwise, the notice about Google Analytics applies equally to the transmission of data to DoubleClick by Google. Google’s privacy policy and terms of use are available at: https://policies.google.com/?hl=de. You can deactivate the Google service at any time and thus prevent the data transfer to Google by disabling JavaScript in your browser. However, please note that you may not be able to fully use the website in this case.

Additionally, you can prevent the collection of data generated by the cookies and related to your use of the websites by Google and the processing of this data by Google by downloading and installing the browser plug-in available under the DoubleClick deactivation extension.

YouTube

We use YouTube to embed videos. YouTube is operated by YouTube LLC, with its main business address at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc., headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

We use YouTube plugins on some of our internet pages. When you visit a page on our website that contains a YouTube plugin – such as our media library – a connection to YouTube’s servers is established, and the plugin is displayed. This transmits to YouTube’s server which of our internet pages you have visited. If you are logged in as a YouTube member, YouTube assigns this information to your personal user account. If you use the plugin, such as by clicking the start button of a video, this information is also assigned to your user account. You can prevent this assignment by logging out of your YouTube account and other Google Inc. user accounts before using our website and deleting the corresponding cookies from these companies.

Subservices: Google uses additional internal services within YouTube, which may also be loaded when embedding YouTube videos. These include Google Fonts, Google Cloud Services, Google Ads, and Google APIs.

More information on how YouTube (Google) handles user data can be found in the YouTube privacy policy: www.google.de/intl/de/policies/privacy/.

Google Maps

This site uses the Google Maps mapping service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

To use the Google Maps features, it is necessary to store your IP address. This information is generally transmitted to and stored on a Google server in the USA. The provider of this site has no influence over this data transmission. When Google Maps is activated, Google may use Google Fonts to ensure uniform representation of fonts. When you call up Google Maps, your browser loads the required web fonts into your browser cache to display text and fonts correctly.

The use of Google Maps is in the interest of an appealing presentation of our online offerings and easy location of the places we indicate on the website. This constitutes a legitimate interest pursuant to Art. 6(1)(f) GDPR. If corresponding consent was requested, processing will be carried out exclusively based on Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent allows the storage of cookies or access to information in the user’s device (e.g., device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

Subservices:
Google uses additional internal services within Google Maps, which may also be loaded when embedding maps on our website. These include Google Fonts, Google Cloud Services, Google Ads, and Google APIs.

More information on how user data is handled can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

Newsletter (Microsoft)

We use technologies from Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, USA) for the automated sending of email newsletters. These can be subscribed to on the website or upon conclusion of a contract. In the course of subscribing to newsletters, we collect personal data such as name and email address.

Purpose and Content of the Newsletter

Isabellenhütte sends electronic newsletters (hereinafter “newsletters”) with promotional information to users who have expressly consented to receive them by registering and confirming their email address.

Registration Logging

Registration for the newsletter only takes place after successfully confirming the email address by the recipient. For this purpose, the recipient receives a so-called double opt-in email with a confirmation link immediately after submitting the newsletter registration form. The registration for the newsletter is only completed when the confirmation link is called up.

To prove valid consent for receiving the newsletter, the date and time of the confirmation link, the IP address of the accessing user, and the email address of the recipient are jointly stored in a log file.

User Registration Data

To register for the newsletter, the user's email address is sufficient. Voluntary information such as salutation, first name, and last name is only used to personalize the newsletter.

When registering for the newsletter, the user expressly consents to the collection, storage, and processing of the entered data for sending the newsletter.

Notes on Evaluating Usage Behavior

Isabellenhütte always uses so-called anonymized tracking in newsletters. Recipient reactions (opening a mailing, clicking on text and image links, downloading images with an email program) are recorded and stored anonymously for statistical purposes. It is not possible to infer individual users from the stored data without explicit consent.

If you have consented to receive our newsletter tailored to your individual interests and the use of personalized usage profiles, we will process your email address and name, in particular, for the purpose of sending the newsletter.

With your consent, we track your user behavior on the websites connected to www.isabellenhuette.com, mobile apps, and newsletters.

The evaluation of user behavior particularly includes which areas of the respective website, mobile app, or newsletter you visit, and which links you activate. Personalized usage profiles are created by associating your person and/or email address to better tailor advertising communications, particularly in the form of newsletters and print advertising, to your personal interests and to improve our web offerings.

You can revoke your consent to receive the newsletter or to create personalized usage profiles at any time with effect for the future, e.g., by unsubscribing from the newsletter on our website. You can find the link to the unsubscribe page here: www.isabellenhuette.com/unsubscribe or at the end of every newsletter. The revocation will lead to the deletion of the user data collected.

Cancellation/Revocation

The user can cancel the newsletter at any time and thus revoke their consent to receive the newsletter. Any existing consent to personalized tracking in the newsletter will also expire. Any existing personal recipient responses will then be deleted or anonymized.

The user also has the option to revoke consent for storing and processing personal recipient responses separately from the consent to receive the newsletter. Any personal recipient responses will then be deleted or anonymized.

To cancel the newsletter or revoke consent to store and process personal recipient responses, simply send an email to Marketing@isabellenhuette.com.

The user also has the option to cancel the newsletter or revoke consent to store and process personal recipient responses by calling up the unsubscribe or opt-out link contained in every newsletter.

Notice regarding the processing of your data collected on this website in the USA by Google: By clicking on "I accept", you also agree in accordance with Art. 49(1)(a) GDPR that your data will be processed in the USA. The USA is regarded by the European Court of Justice as a country with insufficient data protection standards according to EU standards. In particular, there is a risk that your data may be processed by US authorities for control and monitoring purposes, possibly without any legal remedy. If you click on "Accept only essential cookies", the described data transmission will not take place.

Hubspot

We use HubSpot software on this website. The provider is Hubspot Inc., 25 Street, Cambridge, MA 02141, USA (hereinafter HubSpot). The provision is made via HubSpot’s EU data center.

We use HubSpot software for hosting and operating our website. HubSpot is a marketing and sales software that includes website content management features and a CRM. The CRM allows us to manage existing and potential customers and customer contacts. With HubSpot, we can record, sort, and analyze customer interactions via email, social media, or telephone across different channels. The personal data collected in this way can be evaluated and used for communication with the potential customer or for marketing measures (e.g., newsletter mailings). HubSpot also allows us to track and analyze the user behavior of our contacts on our website.

The use of HubSpot CRM is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in efficient customer management and communication. If corresponding consent was requested, processing will be carried out exclusively based on Art. 6(1)(a) GDPR and § 25(1) TTDSG, provided that the consent allows the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Details can be found in HubSpot’s privacy policy: https://legal.hubspot.com/de/privacy-policy.

Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://www.hubspot.de/data-privacy/privacy-shield.

The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA to ensure compliance with European data protection standards in data processing in the USA. Every company certified under the DPF commits to adhering to these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5812

Data Processing Agreement

The data processing for using the above-mentioned service is based on HubSpot’s DPA (Data Processing Agreement) (https://legal.hubspot.com/de/dpa). This is a legally required contract that ensures that HubSpot processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Cloudflare (Subservice of HubSpot)

HubSpot uses the “Cloudflare” service as a subservice. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter “Cloudflare”).

Cloudflare provides a globally distributed content delivery network with DNS. Technically, the information transfer between your browser and our website is routed through the Cloudflare network. This enables Cloudflare to analyze the data traffic between your browser and our website and serve as a filter between our servers and potentially malicious data traffic from the internet. Cloudflare may also use cookies or other technologies to recognize internet users, but these are used solely for the purposes described here.

The use of Cloudflare is based on our legitimate interest in the most error-free and secure provision of our web offering (Art. 6(1)(f) GDPR).

Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details and further information on security and privacy at Cloudflare can be found here: https://www.cloudflare.com/privacypolicy/.

6.) Rights of Data Subjects

You have the right:

Every data subject has the right of access under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR, the right to notification under Art. 19 GDPR, and the right to data portability under Art. 20 GDPR. In addition, you have the right to lodge a complaint with a supervisory authority under Art. 77 GDPR if you believe that the processing of your personal data is not lawful. This right to lodge a complaint applies without prejudice to any other administrative or judicial remedy. If the processing of data is based on your consent, you have the right to revoke your consent to the use of your personal data at any time under Art. 7 GDPR. Please note that the revocation is only effective for the future. Processing carried out before the revocation is not affected. Please also note that we may be required to retain certain data for a specific period to comply with legal obligations (see section 8 of this privacy policy).

7.) Right to Object

If the processing of your personal data is based on Art. 6(1)(f) GDPR to safeguard legitimate interests, you have the right under Art. 21 GDPR to object at any time to the processing of this data for reasons arising from your particular situation. We will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights, and freedoms or the processing serves to establish, exercise, or defend legal claims.

If you wish to exercise your right of withdrawal or objection, simply send an email to dsb@lan-security.de.

8.) Data Security

We use the widespread SSL (Secure Socket Layer) method within the website visit in conjunction with the highest level of encryption supported by your browser. In general, this is 256-bit encryption. If your browser does not support 256-bit encryption, we instead use 128-bit v3 technology. Whether a specific page on our website is transmitted in encrypted form can be identified by the closed display of the key or lock symbol in your browser’s status bar.

We also take appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

9.) Data protection information: automatic transcription

Introduction

Dear participant,

We would like to inform you about how we process your personal data in the context of our online meetings, in particular when the function for automatically creating meeting minutes is used.

Responsible body in terms of data protection

Isabellenhütte Heusler GmbH & Co. KG
Eibacher Weg 3-5
D-35683 Dillenburg
info@isabellenhuette.com
+49 (0)2771 / 934-0
https://www.isabellenhuette.com

Contact details of our data protection officer

LAN-Security Gesellschaft für Netzwerktechnik und -sicherheit mbH
Konnwiese 13
56477 Rennerod
E-mail dsb@lan-security.de

Collection and processing of your data

When the transcription function is activated in Microsoft Teams, your spoken contributions during the meeting are recorded and converted into text. At the beginning, all cameras and microphones are automatically muted and you are informed that the transcription is being activated. By turning on your microphone or camera, you actively consent to the transcription. Your contributions will not be recorded without your consent.

Purposes and legal bases of the processing

The data is processed for the following purposes:

The transcription is used solely to create minutes of the meeting in order to document the content and results of the meeting for all participants.
The aim is to increase efficiency and optimize processes by automating documentation and automating tasks.

The legal basis for the data processing is your consent before the start of the recording and transcription of the meeting. The consent is only valid for the respective meeting.

Processing procedure

After the meeting:

The transcript is downloaded via Microsoft Power Automate and the Graph API
Supplemented with meeting metadata (title, participants, time)
Stored in a Microsoft Azure Datalake with strictly limited access rights
Processed into a summary using a large language model (Mistral AI)
Inserted into a Word template and saved as a PDF document

Categories of personal data

We process the following types of personal data:

User data: name, email addresses and other contact details required for the use of Microsoft Teams.
Audio and, if applicable, video data of your speech
Text transcriptions of your speech
Usage data: meeting metadata (title, participants, time)

Origin of the data

The personal data processed comes directly from you as a participant in the online meeting. It is collected during the meeting by the Microsoft Teams transcription function when you activate your microphone or camera.

Recipients of the data

The meeting organizer receives:
- A PDF document with the meeting minutes
- An extended PDF with the meeting minutes and a full transcript
- A Word file with the meeting minutes and transcript for possible editing
All participants receive:
- A PDF document containing only the meeting's metadata and the summary

Processor

Your personal data will be processed on our behalf on the basis of data processing agreements in accordance with Art. 28 GDPR. In these cases, we ensure that the processing of personal data is carried out in accordance with the provisions of the GDPR.

The categories of recipients in this case are the providers of

Microsoft as the provider of the services used
- Teams
- Power Automate
- Graph API
- Azure Datalake
Mistral AI LLM to generate the summary

Data will only be transferred to recipients outside the company if this is permitted or required by law, if the transfer is necessary to fulfill legal obligations or if we have your consent.

Transfer to a third country

A transfer to a third country is not intended.

If personal data is transferred to third countries, this is done only in compliance with the legal requirements, in particular the EU standard contract clauses.

Duration of data storage

We store personal data for error analysis for a maximum of 30 days. After that, the data is automatically deleted.

Your rights

Every data subject has

the right of access under Article 15 of the GDPR,
the right to rectification under Article 16 of the GDPR,
the right to erasure under Article 17 of the GDPR,
the right to restriction of processing under Article 18 of the GDPR,
the right to notification under Article 19 of the GDPR and
the right to data portability under Article 20 of the GDPR.

Right to lodge a complaint

In addition, you have the right to lodge a complaint with a data protection supervisory authority pursuant to Article 77 of the GDPR if you believe that your personal data is being processed unlawfully. The right to complain is without prejudice to any other administrative or judicial remedy. If data is processed on the basis of your consent, you are entitled to revoke your consent to the use of your personal data at any time in accordance with Art. 7 GDPR. Please note that the revocation is only effective for the future. It does not affect processing that took place before the revocation. Please also note that we may have to store certain data for a certain period of time in order to comply with legal requirements (see section 8 of this data protection information).

Right to object

If your personal data is processed in order to protect legitimate interests in accordance with Article 6(1)(f) of the GDPR, you have the right to object to the processing of this data at any time for reasons arising from your particular situation, in accordance with Article 21 of the GDPR. We will then no longer process this personal data unless we can demonstrate compelling legitimate grounds for the processing. These must override your interests, rights and freedoms, or the processing must serve the establishment, exercise or defense of legal claims.

To protect your rights, you can contact us using the contact details provided in section 1.

Necessity of providing personal data

The provision of your personal data in the context of transcription is voluntary. However, we can only provide a transcription if you provide such personal data.

Automated decision-making

The decision is not based solely on automated processing. Thus, no automated decision is made in individual cases within the meaning of Art. 22 GDPR.

Security measures

We use technical and organizational measures to protect your data from unauthorized access, loss or damage. These include, among other things, access controls, encryption and regular security audits.

Amendments to this privacy policy

We reserve the right to change this data protection declaration at any time. The current version is available on our homepage.

This data protection declaration is intended to be transparent and comprehensible. Please do not hesitate to contact us with any questions or concerns.

10.) Changes to This Privacy Policy

This privacy policy is currently valid and has the status of October 2024.

Due to the further development of our website and its offerings or due to changes in legal or regulatory requirements, it may become necessary to change this privacy policy. The current privacy policy can be accessed and printed at any time on the website under www.isabellenhuette.com/privacy-policy.