1. General information
Transparency and a confidential processing of your personal data is a fundamental basis for a good cooperation. Therefore, we hereby inform you how we process your personal data in accordance with the statutory provisions in the context of your participation in our events and how you can exercise your rights.
2. Who is the data controller?
The company that has sent you the invitation is data controller and therefore responsible for the processing of your personal data related to the organization and realization of events (live and or virtual meetings, audio and video conferences, chats and webinars) - we kindly refer to the information contained therein.
3. How to contact the data protection officer?
You can contact our data protection officer at:
RWE AG
Data Protection Officer
RWE Platz 6
45141 Essen
E-Mail at dataprotection@rwe.com
4. Event participation
4.1. Which personal data is processed by us for which purposes and from which source does it originate?
As part of the organization and realization of events, we process various types of data that we receive or have received from you, your contractor/employer or from publicly available sources. The scope of the processing depends to some extent on the information you or your contractor/employer provide before or during participation in the above-mentioned events.
The invitation and any registration or login will usually include the processing of the following personal data:
Surname, first name, title, company, position in the company, office/location, telephone number, e-mail address, password (if no "Single-Sign-On" is used) as well as other event-specific information (if applicable), e. g. preferences regarding catering, etc. [so-called registration/login information].
When participating in the events, the following personal data may be processed in addition to registration/login information, which will be explained in more detail below: Host and usage information for the purpose of technical operation as well as meeting metadata and user-generated information (depending on the use of functions) for content design.
Host and usage information
IP address, user agent ID, hardware type, type and version of operating system, client version, IP addresses along the network path, endpoint MAC address (if applicable), service version, meeting session information (title, date and time, frequency, average and actual duration, number, quality, network activity and network connectivity), number of sessions, number of screen sharing and non-screen sharing sessions, number of attendees, host name, screen resolution, join method, performance information, troubleshooting and diagnostics.
Meeting metadata
Subject, description
User-generated Information
Avatar/image
Text, audio and video data
You may have the option of using the chat, question or survey functions. To this extent, the text entries you make are processed in order to display and, if necessary, log them during the event. In order to enable the display of video and the playback of audio, the data from a microphone and from a video camera will be processed during the event. You can switch off or mute the camera or microphone yourself at any time via the application used or the settings of your device. For the purpose of post-processing of the event, questions asked by the participants orally or via chat can be processed in transcribed and aggregated form.
Photographs and recordings (if announced/activated)
If we intend to record the event (or parts thereof), we will inform you transparently in advance and - as far as legally required - ask for your consent. There will be no automatic recording, the recording function must rather be set to active.
When dialing in via telephone
Information on incoming and outgoing telephone number, country name, start and end time. If necessary, further connection data can be saved.
4.2. On which legal basis is your personal data processed?
Insofar as your personal data is processed in your role as an employee, this takes place regularly for the purposes of carrying out the employment contract. If your participation in the event takes place within the framework of a contractual relationship, the performance of the contract which you are party to constitutes the legal basis for the data processing.
If, in connection with your participation in the event, personal data is not required for the establishment, performance or termination of your employment relationship or the fulfilment of a contract with you, but are nevertheless a technical requirement or elementary component in the use of the corresponding tools, or if the processing is indicative of the character of the event, our legitimate interest is the legal basis for data processing. In these cases, our interest lies in the effective realization and documentation of the event, i. a. in ensuring security, user registration, provision of access data and (media) coverage.
If you grant us your explicit consent to process personal data for specific purposes (e. g. for the recording of the digital event including your voice and image data), the lawfulness of this processing is based on this consent. A given consent can be revoked at any time with effect for the future by using the contact data provided in the invitation.
4.3. Who will receive your personal data?
Carefully selected service providers are involved in the processing of your personal data in the course of invitation mailing as well as the realization of the event, whom we have also obliged to adhere to data protection. Your personal data, which is processed in connection with your participation in the event, will not be disclosed to third parties. In justified cases, where the contents of the event are also relevant to employees of other subsidiaries and/or for the general public and thus a legitimate interest is given, they can be shared within the RWE Group – for example via intranet or published on our website. In the latter case, we will separately notify you.
4.4. How long will your personal data be stored?
The data is generally deleted as soon as it is no longer required to achieve the purpose it was collected for. Legal retention obligations or legitimate interests (e. g. assertion, exercise or defense of legal claims) are taken into account in the context of deletion.
5. Event-App use
5.1. Which personal data is processed by us for which purposes and from which source does it originate?
Each time you access or use the event app, our system automatically collects data and information from your end device. In addition to non-personal data (e.g. the names of the files accessed; the date and time of access; the name of your Internet service provider; and, if applicable, the operating system and browser version of your device; the host name of the accessing system; language settings), your IP address is processed. As a rule, the following personal data are subject to processing:
Name, first name, e-mail address, password, and other event-specific information (if relevant) and furthermore information that you might enter in the in-app chat, should you agree to use it, as well as the avatar photo, if you upload this voluntarily.
The data is collected from you by being automatically transmitted to our system by the device you are using or by you entering it yourself in the application.
5.2. Cookies
We use cookies in our app. Cookies are text files that contain a characteristic string of characters. They enable unique identification of the end device. Cookies are saved when the app is opened. When the app is opened again, the system can be identified in this way and certain information can be transferred automatically. We only use cookies that are technically necessary for the provision and use of the app.
The data collected from you in this way is pseudonymized by technical precautions and not stored together with other personal data concerning you. In this way, we can no longer assign the data to you personally.
5.3. On which legal basis is your personal data processed?
The data is initially collected to enable the technical provision of the app. In addition, we store the data - in pseudonymized form in log files - for security purposes, in particular to detect and counteract attacks on our app, for statistical purposes and to optimize our systems and to grant you access to the app. In these cases, our legitimate interest constitutes the legal basis for data processing. The legitimate interest lies in ensuring the aforementioned purposes.
5.4. Who will receive your personal data?
In certain cases, the data may be passed on to other Group companies. In addition, we use external service providers who also receive personal data in certain cases as part of the performance of their tasks. In these cases, we ensure that your personal data is processed in accordance with data protection regulations.
5.5. How long will your personal data be stored?
Your account data will be stored for 6 months after your last participation in an event and then deleted. Information that you have provided in a chat will be deleted after 7 days.
6. Is your data transferred to countries outside the European Union and the European Economic Area (so-called "third countries")?
For the processing your personal data, we may also use service providers based in third countries. The third-country transfer of personal data is carried out in full compliance with the Chapter V of the GDPR and the relevant national data protection legislation. In the absence of an adequacy decision by the European Commission pursuant to Art. 45 GDPR – a list of countries with an adequacy decision can be found here –, appropriate safeguards that ensure an adequate level of data protection are provided. As a standard procedure we enter into contracts with data importers that include standard data protection clauses also known as the “standard contractual clauses”. A copy of the standard data protection clauses approved by the European Commission is available under: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en
You have the option to request further information and to receive copies of the relevant agreements at any time. You can contact our Data Protection Officer by using the options listed under no. 3.
7. Automated individual decision-making and profiling
An automated individual decision-making including profiling does not take place.
8. Is there an obligation to provide your personal data?
The provision of personal data is not required by law, contract or for any other reason. However, you cannot participate in the event or use the event app without providing personal data.
9. What rights do you have?
Under the conditions laid down by law, you can assert the following rights:
- the right to obtain access to the personal data and a copy of the personal data undergoing processing,
- the right to obtain rectification of inaccurate personal data,
- the right to obtain the erasure of personal data, provided there is no legal reason for further storage,
- the right to obtain restriction of the processing,
- the right to data portability with regard to all data which you have provided us with. This means that we will make them available to you in a structured, commonly used and machine-readable format and