Privacy policy – www.legamaster.com

 

Date effective : 25th of May 2018

 

Table of contents

1  About us         
2  What are personal data?       
3  Use of personal data        
4  How we share personal data      
5  International transfers of personal data     
6  Processing of sensitive data       
7  Security         
8  Your legal rights        
9  Retention of your personal data      
10  Changes to this Privacy Policy      
11  Contact information  

Last revised: 25th of May 2022

Unnoticed you share all kinds of personal data with us. “We”, "Legamaster" are responsible for the processing of personal data that we collect from or about “you”. For example, we collect your personal data during a business relationship or when you visit our website. Since we are based in the European Union, we process your personal data in compliance with applicable European data protection laws and other statutory provisions.

 

Personal data are information that directly or indirectly identifies you as an individual, indirectly meaning when combined with other information, for example, your name, postal address, email address or phone number.

 

We will use your personal data for the purposes as described below. We do not collect and process more or other types of personal data than are necessary to fulfill the respective purposes. We will only use personal data as set forth in this privacy policy and would like to emphasize that we never sell personal data to third parties, unless you have specifically provided your consent to another use of your personal data. If we intend to use your personal data that we process with your consent for purposes other than communicated in such consent, we will inform you in advance and, in cases where the processing is based on your consent, use your personal data for a different purpose only with your permission.

1. Registration data and direct communication
For many services we collect your personal data, like: name, postal address, phone number and email address (“Registration Data”). We use your Registration Data to communicate with you about our services and let you know about our policies and terms. We also use your Registration Data as well as the content of our communication to respond to you when you contact us.

2. Use of customer data for advertising purposes
To continuously improve and enhance our services, we may send you marketing communications via email relating to our business which may be of interest to you. You can choose the types of communications you want to receive at any time by updating your email preferences. You may also unsubscribe at any time. - Consent: We will not use your personal data for advertising purposes unless you have freely given your explicit and prior consent. - However, for existing customers, we may use your email address that we obtained from you in the context of our existing customer relationship to provide you with marketing materials relating to similar products or services that you have previously requested, used or participated in. You may, however, object to such use at the time of collection and each time a message is sent. To opt-out of email marketing, follow the instructions within the email that you receive. Under no circumstances will we advertise to participants in market research projects.
 

3. Competitions
If you participate in one of our competitions on our Website or Social Media Accounts, we process personal data of the participants on the organization of the competition. This includes, depending on the individual case and on the type of platform used, as far as necessary, in particular the following data:

• Titel,

• First and last name,

• Your account name of the respective social media platform,

• E-mail Address,

• Date of birth,

• Postal Address,

• Telephone Number,

• Competition entry.

The personal data will be stored, processed and used for the purpose of carrying out and processing the respective competition. The legal basis for this is Art. 6 (1) b) GDPR. Accordingly, we may process your personal data insofar as it is necessary to carrying out, which includes in particular the assessment of the entry fee, the verification of compliance with the terms of use and the notification and delivery of the prize.

To the extent necessary, your data may be passed on to our cooperation partners in the implementation of the competition and to shipping service providers in compliance with applicable data protection law.

Insofar as the winner or winners are announced on the websites / social media channels of the organizer after the conclusion of the competition, this is done based on Art. 6 (1) f) GDPR. Our overriding legitimate interest is to communicate the successful completion of the sweepstakes to the community in a promotional manner. You can object to this at any time by sending an informal message to Legamaster (Art. 21 GDPR).

We will delete your data if it is no longer required for the aforementioned purposes and we are not legally obliged or entitled to continue storing the data, in particular for verification purposes in connection with participation in the competition. In this case, we will block the data for all other purposes and restrict access rights accordingly. 

 

4. Video conference systems

Hereinafter we would like to inform you which video conference systems we and/or the respective edding subsidiary (Legamaster International B.V., Legamaster B.V.B.A) use to communicate with business partners and customers (e.g. to hold video conferences, online seminars, and workshops; hereinafter referred to as “video conference”) and which personal data are processed by the respective edding subsidiary as the responsible data controller and by the respective provider of the video conference system used.

One of the following video conference systems (hereinafter referred to as “providers”) are used to hold video conferences:

  • Microsoft Teams – A service of the provider Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, USA (“Microsoft”).

For more information on the purpose and extent of data collection and processing through Microsoft, please see Microsoft’s privacy statement at privacy.microsoft.com/en-US/privacystatement and, for Microsoft Teams specifically, at

https://docs.microsoft.com/en-US/microsoftteams/teams-privacy.

If your usual place of residence is in the European Economic Area or Switzerland, Microsoft Ireland Operations Ltd. (The Atrium Building Block B, Carmanhall Road, Sandyford Business Estate, Dublin 18, Ireland) is the data controller responsible for your personal data.

  • Cisco Meeting Service – A service of the provider Cisco Systems, Inc., 170 West Tasman Drive San Jose, CA 95134-1706 USA (“Cisco”).

Cisco Meeting Service is operated on servers of edding AG,  Bookkoppel 7
22926 Ahrensburg, Germany.

For general information about data processing by Cisco, please see Cisco’s privacy statement at https://www.cisco.com/c/en_uk/about/legal/privacy-full.html and at https://trustportal.cisco.com. You can find a comprehensive overview of Cisco’s data security measures and official certifications at https://trustportal.cisco.com.

You can check the invitation that was sent to you to see which video conference system the respective edding subsidiary will use to hold the respective video conference.

In order to use the respective video conference system and download the required software, it is regularly necessary to access the respective provider’s website. Once you access the respective provider’s website, the respective provider is responsible for data processing as the operator of the website. As an alternative to downloading, the providers offer apps where you have to enter the respective meeting ID, usually along with other access data, to access the video conference. If you don’t want to or cannot use both the app and the software of the respective provider, the providers also offer the basic functions of the respective video conference system as a browser version. You can also find the browser version on the website of the respective provider.

Depending on the provider, using a video conference system will entail the processing of different personal data. The extent of the personal data processed will depend on which personal data you provide or transmit before or during participation in a video conference.

The below personal data may be subject to processing when using the video conference system of the respective provider:

  • User information: First name, family name (required for participation in online seminars and workshops), phone number (optional), email address, password, profile data such as the username (optional);
     
  • Meeting metadata: Topic, description (optional), participants’ IP addresses, device/hardware information;
     
  • Where the video conference is recorded (optional): MP4 file of all video, audio, and presentation recordings, M4A file of all audio recordings, text file of online seminar chat;
     
  • Where participants dial in per phone: Incoming and outgoing phone number, country, start and stop time; other connection details may be stored, such as the device’s IP address;
     
  • Text, audio, and video data: Participants in video conferences can use features for chatting, asking questions, or conducting surveys. If you use these features, the text you input is subject to processing in order for it to be displayed during the video conference and logged (where online seminars or workshops are recorded). In order to display video and reproduce audio, the personal data transmitted by your terminal device’s microphone and/or camera during the video conference are processed. You can always turn off or mute your microphone or camera yourself from within the respective video conference system.

In order to participate in an online seminar or workshop and dial in using a video conference system, it is required that you provide your name. The use of a pseudonym is possible when participating in video conferences, except in the case of online seminars and workshops, if you are identifiable as a valid participant by some other means. In some cases, it might also be necessary that you create a user account with the respective provider. In such cases, your customer data will be also used by the respective provider for their own purposes.

To protect your personal data when using video conference systems, data processing agreements that comply with the requirements of Art. 28 GDPR have been concluded with the respective provider. As it cannot be precluded, especially when using Microsoft Teams, that using the provider’s service might entail your personal data being transferred to a third country (especially the USA), EU standard contractual clauses (SCCs) were concluded to ensure a level of data protection acceptable in the EU (Art. 46 Para. 2 c) GDPR). In accordance with these SCCs, Microsoft is obligated to comply with European data protection law and ensure an appropriate level of data protection.

The legal basis for data processing in the framework of holding online seminars and workshops is Art. 6 Para. 1 b) GDPR, since it is necessary to process data in order to effect the contractual relationship.

For all other video conferences, the legal basis for data processing is the legitimate interest (Art. 6 Para. 1 f) GDPR) of being able to offer you a suitable alternative for holding personal meetings as well as of simplifying and improving the means of communication. The provision of personal data to providers as the data processor is based on our legitimate interest in the economic and technical advantages involved in the use of specialized data processors (Art. 6 Para. 1 f) GDPR). In cases where data processing is based on legitimate interest (Art. 6 Para. 1 f) GDPR), you may object at any time to a video conference being held by means of the respective provider (Art. 21 GPDR). However, please note that in such cases, the respective edding subsidiary may not be able to initiate the video conference due to a lack of technical options.

Your personal data subject to processing are deleted as soon as they are no longer required in order for the respective provider to render and hold the video conference or ensure its services or as soon as you have given us your consent to process your data (e.g. to send you a newsletter or to record and publish a seminar).

 

5. Holding online seminars and workshops
 

5.1 Registering for online seminars and workshops

You can register via email for online seminars and workshops (hereinafter referred to as “seminars”). It is necessary for the respective edding subsidiary holding the seminar (Legamaster International B.V., Legamaster B.V.B.A) to process the below personal data to this end:

  • Your first name and family name,
  • Your email address,
  • Information on the seminar in question, and
  • Other personal data in your email.

It is unfortunately not possible to register for a seminar without providing these data. Your personal data are subject to processing in order to provide you with all the information you need prior to the seminar, to register you for the seminar, and finally in order to hold the seminar itself. Thus, the legal basis for processing your personal data is the initiation and/or execution of a contractual relationship (Art. 6 Para. 1 b) GDPR).

Your personal data are deleted as soon as they are no longer required to hold the seminar and provided there is no legal justification or obligation for us to continue processing your personal data. If there is, in addition to your participation in the seminar, already a contractual relationship in place between you and the respective edding subsidiary holding the seminar or you have given your consent to the respective subsidiary to process your data (e.g. to send you a newsletter), your personal data will be processed for this purpose even after the seminar has concluded.

 

5.2 Holding and recording seminars

One of the video conference systems listed under 4 is used to hold seminars. The processing steps related to your personal data described there thus also apply to the use of video conference systems to hold seminars.

 

(1)       Recording seminars using the video conference system

In some cases, seminars are recorded by means of the dedicated function offered by the respective video conference system.

If a seminar is recorded and the recording thereof is intended for subsequent publication on websites such as social media (YouTube, Facebook, Instagram, Twitter, etc.) of the edding Group (currently: edding AG, v.D. Ledermann & Co. GmbH, edding Benelux B.V., EDDING (U.K.) LTD., edding France SAS, edding Hellas Ltd., edding Ofis ve Kirtasiye Ürünleri Tic. Ltd., edding Argentina S.A., edding Colombia S.A.S., edding Mexico S. de. R.L. de C.V.), your personal data (above all, the name you provided as well as the information listed under “Where the video conference is recorded” and “Text, video, and audio data”) will be processed exclusively with your consent as per Art. 6 Para. 1 a) GDPR. Your consent will be sought during the registration process for the seminar (see 5.1 for more). You may revoke your consent at any time with future effect by writing to our data protection officer e.g. by mail to the address listed under 1 or per email to datenschutz@edding.de.

 

(2)       Recording a seminar in the studio

In some cases, edding also records seminars in the studio for subsequent publication.

In such cases, the personal data that participants provide through the respective video conference system are not recorded.

Any chat messages that you send to us during the seminar are not recorded. The same applies to video and/or audio data. Participation in edding seminars does not require the use of your camera and microphone, so you therefore should not use them at that time. However, under no circumstances will the camera team in the studio record your video data. Should you wish to use the audio system (e.g. to ask a question), it is not necessary to mention your personal data; moreover, the question you asked will be cut from the recording and thus not published.


6. Legal obligations and legal defense
We may be required to use and retain personal data for legal and compliance reasons, such as the prevention, detection, or investigation of a crime, loss prevention, fraud or any other abuse of our services and IT systems. We may also use your personal data to meet our internal and external audit requirements, information security purposes, or to protect or enforce our rights, privacy, safety, or property, or those of other persons.

7. Use of the Legamaster Homepage (www.legamaster.com)
This Privacy Policy also applies to your use of our website at www.legamaster.com ("Website"), with the following privacy related mechanics and features.

- Cookies: Our Website uses cookies and other technologies to enhance the users’ experience and improve the Website’s performance, user friendliness and security.

A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps to analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

Legamaster uses traffic log cookies to identify which pages are being used though Google Analytics. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. The information generated relating to our website is used to create reports about the use of the website. Google will store this information. Google's privacy policy is available at www.google.com/privacypolicy.html.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies while entering our website. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website. Please consult the manual of your browser how to manage cookies.

- Third party websites: As a convenience to our visitors, this website contains links to a number of websites that are not affiliated with, controlled, or managed by us. The policies and procedures we describe here do not apply to those websites. We are not responsible for the security or privacy of any data collected by these third parties. We suggest contacting those websites directly for information on their privacy policies.

We will disclose your personal data only for the purposes and to those third parties, as described below. Legamaster will take appropriate steps to ensure that your personal data are processed, secured, and transferred according to applicable law.

 

1. Within the edding Group
Legamaster is part of a global organization (the “edding Group”), consisting of several companies in and outside the European Union, all primarily owned by edding AG in Germany. Your personal data may be transferred to one or more edding Group affiliated companies or existing sales partners as needed for data processing and storage, providing you with access to our services, providing customer support, making decisions about service improvements, content development and for other purposes as described in Section 3 of this Privacy Policy. We do not disclose personal data of participants in market research projects to third parties outside the edding Group unless the participants have declared their prior explicit consent for the specific purpose.

2. External service providers
Where necessary, we will commission other companies and individuals to perform certain tasks contributing to our services on our behalf within the framework of data processing agreements. We may, for example, provide personal data to contractors on behalf of logistic requirements. We will only share with or make accessible such data to external service providers to the extent required for the respective purpose. This data may not be used by them for any other purposes, in particular not for their own or third party purposes. Legamaster’s external service providers are contractually bound to respect the confidentiality of your personal data.

3. Public bodies
We will only disclose your personal data to public bodies where this is required by law. Legamaster will for example respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence.

Under specific circumstances, it will also be necessary for Legamaster to transfer your personal data to countries outside the European Union/ European Economic Area (EEA), so called "third countries". Such third country transfers may refer to all processing activities describes under Sec. 3 of this Privacy Policy. This Privacy Policy shall apply even if we transfer personal data to third countries, in which a different level of data protection applies than in your country of residence. In particular, an international data transfer may apply in the following scenarios:

1. Legal entities of edding Group
edding Group’s legal entities outside the European Union have entered into intra-company data protection agreements adopted by the European Commission to safeguard your privacy and legitimize international data transfers.

2. Other third parties outside the EU / EEA
Any transfers of personal data to third parties outside the edding Group will be carried out with your prior knowledge and, where applicable, with your consent. Any transfers of personal data into countries other than those for whom an adequacy decision regarding the level of data protection was made by the European Commission, as listed on http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm, occur on the basis of contractual agreements using standard contractual clauses adopted by the European Commission or other appropriate safeguards in accordance with the applicable law. Our Marketing partner, MailChimp Inc., based in Atlanta, Georgia, USA, is participating in and has certified its compliance with the EU-US Privacy Shield Framework (www.privacyshield.gov/welcome).

 

We may, in certain and only in exceptional cases, process special categories of personal data concerning you ("sensitive data"). Sensitive data refer to personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, health or a natural person's sex life or sexual orientation. We may for example process sensitive data that you manifestly have made public. We may also process sensitive data as necessary for the establishment, exercise or defense of legal claims. We may also process your sensitive data if you have freely given your prior, express and separate consent in a specific context for a specific purpose. In addition to the above, Legamaster will not collect or process personal data of children under 16 years – or under a lower age – unless with parental consent, pursuant to applicable local law. If we become aware that personal data from a child were inadvertently collected, we will delete such data without undue delay.
 

 

Legamaster takes data security seriously. We apply an appropriate level of security and have therefore implemented reasonable physical, electronic, and administrative procedures to safeguard the data we collect from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed. Our information security policies and procedures are closely aligned with widely accepted international standards and are reviewed regularly and updated as necessary to meet our business needs, changes in technology, and regulatory requirements. Access to your personal data is granted only to those personnel, service providers or Legamaster affiliates with a business need-to-know or who require it in order to perform their duties. In the event of a data breach containing personal data, Legamaster will follow all applicable data breach notification laws.
 

 

As a data subject you have specific legal rights relating to the personal data we collect from you. This applies to all processing activities stipulated under Section. 3 of this Privacy Policy. Legamaster will respect your individual rights and will deal with your concerns adequately. The following list contains information on your legal rights which arise from applicable data protection laws:

 

  • Right to withdraw consent: Where the processing of personal data is based on your consent you may withdraw this consent at any moment by following the procedures described in the respective consent form. We ensure that consent can be withdrawn by the same means as it was given – e.g., electronically. 
  • Right to rectification: You may obtain from us rectification of personal data concerning you. We make reasonable efforts to keep personal data in our possession or control which are used on an ongoing basis, accurate, complete, current and relevant, based on the most recent information available to us.
  • Right to restriction: You may obtain from us restriction of processing of your personal data, if
    • you contest the accuracy of your personal data for the period we need to verify the accuracy,
    • the processing is unlawful and you request the restriction of processing rather than erasure of your personal data,
    • we do no longer need your personal data but you require them for the establishment, exercise or defense of legal claims, or
    • you object to the processing while we verify whether our legitimate grounds override yours.
  • Right to access: You may ask us from us information regarding personal data that we hold about you, including information as to which categories of personal data we have in our possession or control, what they are being used for, where we collected them, if not from you directly, and to whom they have been disclosed, if applicable.
  • Right to portability: At your request, we will transfer your personal data to another controller, where technical feasible, provided that the processing is based on your consent or necessary for the performance of a contract. 
  • Right to erasure: You may obtain from us erasure of your personal data, where
    • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
    • you have a right to object further processing of your personal data (see below) and execute this right object to the processing;
    • the processing is based on your consent, you withdraw your consent and there is no other legal ground for the processing;
    • the personal data have been unlawfully processed;
  • unless the processing is necessary
    • for compliance with a legal obligation which requires processing from us;
    • in particular for statutory data retention requirements;
    • for the establishment, exercise or defence of legal claims.
  • Right to object: You may object – at any time – to the processing of your personal data due to your particular situation, provided that the processing is not based on your consent but on our legitimate interests or those of a third party. In this event we shall no longer process your personal data, unless we can demonstrate compelling legitimate grounds and an overriding interest for the processing or for the establishment, exercise or defense of legal claims. If you object to the processing, please specify whether you wish the erasure of your personal data or the restriction of its processing by us.
  • Right to lodge a complaint: In case of an alleged infringement of applicable privacy laws, you may lodge a complaint with the data protection supervisory authority in the country you live in or where the alleged infringement occurred.

Please note:

  • Time period: We will try to fulfill your request within 30 days. However, the period may be extended due to specific reasons relating to the specific legal right or the complexity of your request.
  • Restriction of access: In certain situations we may not be able to give you access to all or some of your personal data due to statutory provisions. If we deny your request for access, we will advise you of the reason for the refusal.
  • No identification: In some cases, we may not be able to look up your personal data due to the identifiers you provide in your request. Two examples of personal data which we cannot look up when you provide your name and email address are:
    • data collected through browser-cookies, 
    • data collected from public social media sites provided you have posted your comment under a nickname which is not known to us.
    • In such cases, where we cannot identify you as a data subject, we are not able to comply with your request to execute your legal rights as described in this section, unless you provide additional information enabling your identification.
  • Exercise your legal rights: In order to exercise your legal rights, please contact our privacy helpdesk in writing or text from, e.g. by email or letter. For contact information please refer to the end of this Privacy Policy.
     

In general, we will delete the personal data we collected from you if they are no longer necessary to achieve the purposes for which they were originally collected. However, we may be required to store your personal data for a longer period due to statutory provisions.
In addition, we will not delete all of your personal data if you requested from us to refrain from recontacting you in the future. For this purpose, Legamaster keeps records which contain information on people who do not want to be re-contacted in the future (e.g. by means of bulk emailing or campaigns for market research projects). We qualify your request as consent to store your personal data for the purpose of such record keeping unless you instruct us otherwise.
 

 

We reserve the right, at our discretion, to modify our privacy practices and update and make changes to this privacy policy at any time. For this reason, we encourage you to refer to this privacy policy on an ongoing basis. This privacy policy is current as of the "last revised” date which appears at the top of this page. We will treat your personal data in a manner consistent with the privacy policy under which they were collected, unless we have your consent to treat them differently.
We will also keep prior versions of this Privacy Policy in an archive for your review.

 

Legamaster International B.V.
Kwinkweerd 62, P.O Box 111
7240 AC Lochem
The Netherlands
Email: info@legamaster.com