Privacy Policy

The German version of this Privacy Policy is binding.
The English translation is for information purposes only.

A. Privacy policy for the use of alfaview

Scope of this privacy policy:
This privacy notice only applies if you use alfaview in the course of a purely personal or household activity. In this case, alfaview gmbh is the data controller within the scope of Art. 4 No. 7 GDPR. When using alfaview in any other context, in particular in a business context, the respective host of the video conference responsible for the data processing. Please note the corresponding privacy policy or information of the host according to Art. 13/24 GDPR.

We are pleased that you are interested in the alfaview application. In the context of the use of alfaview, personal data necessary for the provision of our services will be processed. With this document we would like to inform you about the type and scope of data processing within the scope of using alfaview.

alfaview is a video conferencing platform that enables people to communicate live via video and audio in virtual rooms. During audiovisual meetings, alfaview also enables the sharing of screen content, short messages via chat, the transcription of the spoken contents and integrated user management. Guests can be conveniently invited by email via the alfaview platform and can participate in the online meeting via their personal guest link. The alfaview website offers options for registration, user and room administration. From there an alfaview room can be joined. The alfaview client is a downloadable application for desktop computers and mobile devices that are used to hold alfaview meetings. It can be downloaded directly from the alfaview website or from various app stores.

Information on data processing in the context of contract initiation, execution and processing can be found in a separate document for the fulfilment of information obligations pursuant to Art. 13, 14 GDPR for customers.

I. Controller of the data processing by alfaview

If you are using alfaview in the course of a purely personal or household activity, the controller of the data processing is:

alfaview gmbh
Kriegsstr. 100
76133 Karlsruhe
Telephone: +49 721 35450-450
Email: info@alfaview.com
Data Protection Officer: E-mail to datenschutz@alfaview.com or at our postal address with the addition "the Data Protection Officer".

When using alfaview in any other context, in particular in a business context, the respective host of the video conference responsible for the data processing and the host’s privacy policy applies.

II. Data processing within the scope of the download

In the course of downloading the app, necessary data will be transmitted to the provider of the respective app store. This can include in particular the email address, the user name, the customer number of the account, the time of the download, payment information as well as the individual device code number.
alfaview is not responsible for the type, scope and duration of data processing by the provider of the app store. In this regard, the data protection information of the app store provider applies.

III. Information on data processing for the creation and deletion of your user account

In order to create your account, it is necessary to process your name and email address and, if you use alfaview in the course of your professional activities, your employer.
The data will be collected from you or from your employer or contractual partner. In addition, your email address may also be collected by an alfaview user who may invite you to use alfaview via a link.

The legal basis for the data processing within the scope of using alfaview in the course of a purely personal or household activity is Art. 6 para. 1 S. 1 lit. b GDPR (contract initiation, performance, processing) regarding the data of the contractual partner. In case communication partners also create a user account, the data processing is based on Art. 6 para. 1 s. 1 lit. f GDPR, unless the communication partners are also contractual partners of alfaview (the legal basis is then Art. 6 para. 2 s. 1 lit. b GDPR). When using alfaview otherwise than in the course of personal or household activities, alfaview processes personal data in its capacity as a processor (Art. 28 GDPR).

Your user account will be deleted 30 days after the end of the contract. If you use a free permanent account, you will receive a request after twelve months to determine whether you wish to maintain the account, if you use the account only to a limited extent. If you do not respond, your account will be deleted 30 days after this request. If you give feedback that you no longer wish to use the account, the account will also be deleted after 30 days.

IV. Registration and participation in video communication

Within the scope of participation in or use of video communication, data such as audio data, video and chat contents is processed automatically. Audio, video and text content processed in the course of using the service will not be stored beyond the end of a video communication.

You can create an attendance list of the participants in the video communication created, which contains both the names or pseudonyms of the participants as well as the respective attendance time. This data is stored for up to eight weeks after the end of the video communication and will then be anonymized or deleted.

You can search within a “company” or institution for other persons who are logged in at the time of the search. Other logged-in persons within the company/institution can also search for your account. The user starting the search query can find out which virtual room you are currently in. The searching user has access only to user names and the attendance in virtual rooms for which the searching user has been authorized by the administrator.

You can also invite guests to an alfaview conference via email in your private or business account. They will then receive a guest link through which they can participate in the conference.

Using the transcription feature: Participants of video communications can also use the transcription feature of the spoken content, which is disabled by default and must be actively enabled. If the transcription feature is activated, the text that is currently being spoken is displayed in a separate panel during the video communication. The transcription can be stopped at any time.

If you use the transcription feature, the spoken content of the video communication in particular is converted into text data and processed. The moderator can then copy the transcribed text to the clipboard, for example, to use the copy of the text to save minutes of the meeting as a text file even after the end of a video communication.

We use our sister company EML Speech Technology GmbH as a service provider for the transcription feature. EML Speech Technology GmbH is contractually obligated to act as a processor and only processes your data on our instructions. Your data is processed in a German data center with company headquarters in Germany. No data is transferred to countries or bodies outside the EU or the EEA. All data transfers from alfaview systems to EML's systems take place via an encrypted connection. For transparency purposes, we also inform you that individual speech snippets (30 seconds or less) and the associated transcription may be processed on EML's servers to improve the speech models and their quality so that the system learns for the benefit of the users. Only anonymized data is processed, i.e. neither the person speaking nor the content can be identified. It is not possible to use the speech snippets and transcription to draw conclusions about individuals or to obtain personal data.

The legal basis for the processing of personal data collected within the scope of participating in a video communication regarding the contractual partner of alfaview is Art. 6 para. 1 s. 1 lit. b GDPR. Personal data of participants of a video communication who are not contractual partners (communication partners, other third parties) or personal data of thirds exchanged by participants within the video communication are processed by alfaview based on Art. 6 para. 1 s. 1 lit. f GDPR. When using alfaview otherwise than in the course of personal or household activities, alfaview processes personal data in its capacity as a processor (Art. 28 GDPR).

V. Access rights within the scope of using alfaview

Depending on the extent to which you wish to use the software/app, it may be necessary to grant access (or sharing) in the application to your webcam, microphone and/or screen, or parts of your screen, so that participants in the real-time event have access to the content you share. It is possible to manage the access permissions individually so that only one access permission is granted for selected content (e.g. only for selected applications on the screen).
The contents (audio, video or text data) that are transmitted within the real-time events within the framework of the use of alfaview are encrypted, so that only the participants of the real-time event have access to this data. This means that third parties cannot access the data from outside the virtual meeting room.

VI. Log files/log data

Logfiles are automatically created logfiles. They are generated by the alfaview servers and the alfaview client. When using alfaview, log files are automatically processed. This includes in particular:
  • IP address of the PC or mobile device
  • Date and time of access
  • Operating system of your PC or mobile device
  • Language settings
  • Duration of the meeting
  • Information on the use of a webcam, headset or microphone
  • Relevant details for system configuration (e.g: graphics card, sound card, driver version)
This data is processed in order to be able to provide you with the service within the scope of our legitimate interest (Art. 6 para. 1 s. 1 lit. f GDPR). Processing is carried out for the following purposes:
  • to recognise and correct errors,
  • to detect and respond to misuse, security incidents, violations of law or technical problems (i.e. system monitoring), and
  • be able to improve the service continuously.
The data will only be stored for as long as is necessary to fulfil the aforementioned purposes. The data is deleted after eight weeks at the latest.

VII. Recipients of personal data

In general, alfaview only grants access to your data for parties who have to work with your data ("need-to-know principle"), i.e. whose access to this data is necessary for the fulfilment of the purposes for which it was required. This may also include service providers and vicarious agents (e.g. computer centre operators, hosting service providers, service providers in first-level support) who act on behalf of the company and/or who are obliged to process the data confidentially. Furthermore, some data will be transmitted to alfatraining Bildungszentrum GmbH, in particular when employees of alfatraining Bildungszentrum GmbH process log files as part of diagnosis and support.

VIII. Rights of data subjects

You have the following rights vis-à-vis the person responsible with regard to your personal data:
  • Right of access
  • Right of rectification or deletion
  • Right to limitation of processing
  • Right to object to the processing
  • Right to data transferability
You also have the right to complain to a data protection supervisory authority about the processing of your personal data.

If the processing of your data is based on your consent (Art. 6 para. 1 sentence 1 lit. a GDPR), you can revoke this at any time with effect for the future.

If alfaview GmbH acts as a processor within the meaning of Art. 4 No. 8 GDPR, please contact the client or the controller with regard to asserting your rights.
As of July 2023

B. Privacy policy for the use of the website

We appreciate your visit to our website, the use of our platform alfaview® and your interest in our company. We respect your privacy and ensure the protection of your personal information by processing your personal information in accordance with the terms of this Privacy Policy and the applicable privacy laws.

You can visit our websites and the platform without telling us who you are. In order to display our web pages, you are only obliged to provide the data transmitted by your browser to our server (see "log files"). Further personal data about you will only be saved if you voluntarily enter them on the website or use the corresponding functions, e.g. when submitting entries via our contact form or when registering an alfaview® customer account.

alfaview® is a dedicated communication platform. The contents of your communication are strictly confidential and only accessible to the participants of a videoconference visibly present in the alfaview® room. The contents of video conferencing (audio, video, chat content) are not being recorded, viewed or otherwise made available to third parties by alfaview at any time. All data exchanged during a meeting between participants, i.e. audio, video and text data as well as real-time events such as the activation of permissions is transmitted in encrypted form and cannot be intercepted by third parties. They are not stored permanently and discarded immediately after leaving the conference room.

Newsletter and Contact

If you subscribe to our electronic newsletter, you consent to the storage of your name and e-mail address for the purpose of sending the newsletter (Art. 6 Para. 1 S. 1 lit. a GDPR). The newsletter is sent by a service provider on our behalf. This data will not be passed on to third parties. You may revoke your newsletter consent for the future and thus terminate your newsletter subscription at any time (notice in the newsletter).

To contact us you may enter your personal information on our website. Only the fields marked with an asterisk are required data. Providing additional data may be helpful in processing your request, but is not mandatory (optional). This data will be used and stored with your consent exclusively for the purpose of processing your message (Article 6 (1) sentence 1 lit. a GDPR). Any use for other purposes or a disclosure to third parties does not take place, except you agree to that explicitly. (consent).

Chat and ticket system (support)

You can communicate with us via live chat on our website. For this purpose, we use the service of Zammad GmbH (Marienstraße 18, 10117 Berlin, Germany), which processes personal data on our behalf to provide the chat feature. By using the chat, only your IP address and the respective chat content are processed. The legal basis for the data processing is Article 6 (1) lit. f GDPR.

If you send us a support ticket, you need to provide your name, e-mail address and the content of your message. You can also attach other documents that are helpful for the support case. The ticket system is operated on our behalf by Zammad GmbH (Marienstraße 18, 10117 Berlin, Germany). We use the ticket system for the purpose of effectively organizing our support and we process personal data on the basis of Article 6 (1) lit. f GDPR.

Both chat content and support tickets are deleted from our systems after your request has been dealt with - but at the latest after 12 months.

Using inxmail

The delivery of emails to users of alfaview® is an integral functionality of the platform. It ensures that content is communicated promptly and personally. For sending emails we use the mailing service inxmail GmbH, Wentzingerstraße 17, 79106 Freiburg im Breisgau. Only those email addresses required for sending are transferred and temporarily saved. Email addresses are used exclusively in the context of using alfaview® and are not disclosed to third parties.

Cookies

We set only technically necessary cookies on all our websites *alfaview.com.

Fanpages

In order to provide up-to-date information to customers, partners or other interested parties, we operate so-called "fan pages" on the following social networks in addition to our own website: Facebook, X, Google, Instagram, LinkedIn, XING and YouTube.

The data is processed by the social media platform provider. Data processing outside the European Union can not be ruled out. The provider of the platform provides us with aggregated usage data if necessary, but we do not have access to personal data, if you only visit the fanpage.

The legal basis of data processing is Article 6 [1] [f] GDPR. In the case of consent in the form of an opt-in ("tick checkbox", "click button") or any other form of obtaining consent, the legal basis isArticle 6 [1] [a] GDPR. Consent may be withdrawn at any time without stating any reasons to the person to whom it has been given, with effect for the future.

Since the data is processed by the provider of the platform, we recommend that you contact the provider of the platform for your rights to information, rectification, deletion, data portability and objection regarding the visit to our fanpage. Of course we support you in the exercise of your rights, if necessary.

In addition, cookies may be set on your device. For purposes and legal basis for the use of cookies, see "Cookies" in this privacy policy or on the privacy statements of the platform provider.

For more information, see the following links:
  • Facebook: Facebook Ireland, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland („Facebook Ireland“). When visiting our Facebook fan page, according to Facebook, personal data is processed. Further Information can be found here.
  • Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland. Further Information can be found here.
  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Further Information can be found here.
  • Instagram: Facebook Ireland, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland („Facebook Ireland“). Further Information can be found here.
  • LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. Further Information can be found here.
  • XING SE, Dammtorstraße 30, 20354 Hamburg, Germany. Further Information can be found here.
  • Youtube, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Further Information can be found here.

Log files

Each time you access our site or the alfaview® platform we collect the following information about your computer: the IP address of your computer, the request from your browser or the alfaview® client software as well as the time of this request. It also collects the status and amount of data transferred as part of this request, along with product and version information about your browser and of the alfaview® client software you are using as well as your computer's operating system. We keep track of which website accessed our site. The IP address of your computer is stored only for the time you are using the website and then immediately deleted or anonymized by shortening. The remaining data is stored for a limited period of time. We use this data for the maintenance of our website, in particular to detect and eliminate website errors, to determine the utilization of the website and to make adjustments or improvements (legal basis: Article 6 [1] [1] [f] GDPR).

Captcha

We use a captcha service in the context of our web forms. Hereby, we aim to contain and prevent potentially fraudulent activities or the generation of spam requests by excluding automated requests from bots. For this purpose, we use the Friendly Captcha service of the provider Friendly Captcha GmbH, Am Anger 3-5, 82237 Woerthsee, Germany, which processes personal data on our behalf. In doing so, a JavaScript element is integrated into the source code, whereby the software is loaded in the background. Your terminal device calculates the solution to a crypto puzzle for the service, which is used to be able to track whether the visitor is human or whether the use is abusive through automated, machine processing (e.g. bots). The following data is processed: http request header data (such as browser, operating system, referrer), date/time of the request, version of the Friendly Captcha service used, association with our website, hash value (one-way encryption) of the incoming IP address, number of requests from the (hashed) IP address per period, answer of the calculation task solved by the visitor's computer. Your IP address is anonymized via a hash function and only then processed by the provider, so that no conclusions can be drawn about your person. Cookies are not used here. Data processing by the provider takes place exclusively in the EU/EEA. The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f DSGVO.

Embedded content from third parties (e.g., Google Maps, YouTube, etc.)

If third-party content such as Google Maps or YouTube is displayed on our websites, the provision of your IP address and the contents displayed under "Logfiles" to the third-party provider are required for the provision of this content and the display in your browser. We have no influence on data processing at the third party. If you are logged in to the third party with a user account, the third party may assign your user behavior to your user account. If necessary, the third party stores your data as usage profiles and uses them for purposes of advertising, market research and / or customization of its website. Opposition rights against the formation of these user profiles must be addressed to the third party.

For more information on the purpose and scope of the third-party data collection and its processing, please refer to its privacy policy. You will also find further information about your rights and settings options for the protection of your privacy here:
  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Further Information can be found here.
  • YouTube, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Further Information can be found here.

Revocation of consent and objection to data processing

If you have given us consent, you can withdraw it at any time with effect for the future. Insofar as we base the processing of your personal data on the balance of interests, you may object to the processing. In the event of such a disagreement, we ask you to explain the reasons why we should not process your personal data as we have done. In the case of your justified objection, we will examine the situation and will either discontinue or adapt the data processing or point out to you our compelling legitimate reasons on which we continue the processing. You may object to the processing of your personal data for advertising and data analysis purposes at any time. You can send your cancellation or objection to the contact data stated below at "responsible".

Your rights

Regarding your personal data you have the following rights:
  • Right to information
  • Right to rectification or cancellation
  • Right to restriction of processing
  • Right to object to the processing
  • Right to data portability
You also have the right to complain to us about the processing of your personal data by a data protection supervisory authority.

Responsible

alfatraining Bildungszentrum GmbH
Kriegsstr. 100
76133 Karlsruhe
Email: datenschutz@alfatraining.de
Phone: +49-721-35450-450
Fax: +49-721-35450-69

Data Protection Officer

datenschutz@alfaview.com or under our postal address with the addition "the data protection officer"
As of July 2023

C. Data protection notice in accordance with Art. 13 and 14 GDPR for
customers, suppliers and other parties external to the company

By providing the following information, we would like to give you an overview over the personal data we are processing and inform you about your rights under the data protection laws.

1. Data controller and contact details of the data protection officer

alfaview gmbh 

Kriegsstr. 100; 76133 Karlsruhe, Germany
Phone: +49 721 35450-450
E-Mail: info@alfaview.com

Data protection officer: e-mail to datenschutz@alfaview.com or send by mail to our post address with the additional wording “data protection officer”. 

2. What are the sources of the personal data?

We process personal data that we collected from business relations (e.g. customers or suppliers) or inquiries. We usually receive this data directly from our contractual partner or the inquiring person. However, personal data can also originate from public sources (e.g. register of companies) if the processing of such data is permissible. Furthermore, the data could have also been transferred by other authorised companies. Depending on the specific case, we also store our own information on these data (e.g. as part of an ongoing business relationship).

Depending on the specific case, this may involve master data (e.g. name, address), contact data (e.g. telephone number, e-mail address), contractual and billing data for the fulfilment of our contractual obligations or necessary data for processing an inquiry, possibly also creditworthiness data, advertising and sales data and other data from comparable categories.

3. For what purposes and on what legal basis is the personal data processed?

We process data in line with data protection laws, in particular the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

a.) In the context of the performance of a contract or for the implementation of pre-contractual measures (Art. 6 (1) sentence 1 lit. b GDPR)

We process personal data primarily for the fulfilment of contractual obligations and the provision of the services associated therewith or in the context of a corresponding contract initiation (e.g. contract negotiations, offer preparations). The specific purposes depend on the respective service or product to which the business relationship or the contract initiation relates.

b.) In the context of the fulfilment of legal obligations (Art. 6 (1) sentence 1 lit. c GDPR)

In many situations, we are required by law to collect certain personal data from you and to forward it or make it available to certain - usually public - bodies.

For example, we provide the tax authorities with the personal data required for this purpose in accordance with the relevant legal requirements for the purpose of calculating taxes.

c.) In the context of legitimate interests (Art. 6 (1) sentence 1 lit. f GDPR)

We additionally collect and process personal data for the purpose of safeguarding legitimate interests in the following situations:
  • Handling general inquiries about our products and services
  • Asserting legal claims and defending legal disputes
  • Ensuring IT operations and IT security
  • Measures for building and facility security (e.g. access authorisations)
  • Measures to improve our internal business processes and product optimisation
d.) In the context of consent (Art. 6 (1) sentence 1 lit. a GDPR)

In some situations, the processing of your personal data is not mandatory and is only permitted with your consent. In these cases, we inform you about this, in particular also about the voluntary nature of giving consent and the possibility of revoking it at any time with effect for the future. This is the case, for example, 
  • with some data processing via our website (see the privacy policy on our website)
  • in some advertising situations (with consent to advertising, if legally required) 

4. Recipients of the personal data

In general, the company only grants access to your data to bodies that need to work with your data ("need-to-know principle"), i.e. need access to this data to fulfil a contractual or legal obligation. These may also be service providers and vicarious agents who act on behalf of the company and/or have been obliged to process the data confidentially.

In certain situations, we transfer your data to 
  • public bodies (e.g. tax authorities) when legally obligated
  • other companies in the context of the performance of a contractual relationship, in the context of legitimate interest or based on your consent. In individual cases, depending on the business relationship or order, this may include, for example, companies involved in the provision of our services, logistics partners, marketing service providers, credit agencies, banks, tax consultants or lawyers. 

5. Is data transferred to a third country or an international organisation?

We transfer personal data to other bodies in countries outside the European Union (third country) if it is necessary for the performance of the business relationship, if it is legally required or if you have given us your consent to do so.

In certain situations, we use or reserve the right to use service providers who may either be based in a third country or who may in turn have service providers based in a third country.

A data transfer to a third country is permissible under Art. 45 GDPR if the European Commission has decided that an adequate level of protection exists in a third country. In the absence of such a decision, a data transfer to a third country is permissible if the controller has provided appropriate safeguards (e.g. so-called standard data protection clauses issued by the European Commission) and the data subject has enforceable rights and effective remedies (Art. 46 GDPR).
As a matter of principle, we only work with bodies in a third country that meet the criteria listed. 

6. Storage period of the data

We process and store your personal data as long as it is necessary for the performance of our contractual and legal obligations. If the storage of personal data is no longer necessary for the performance of these obligations, the data will be deleted, unless there are statutory retention obligations, such as retention obligations under commercial and tax law under the German Fiscal Code (Abgabenordnung) and the German Commercial Code (Handelsgesetzbuch) (6 or 10 years) and for the preservation of evidence within the scope of statutory limitation provisions.

7. Data subject’s rights

You have the following rights regarding personal data concerning you:
  • Right of access
  • Right to rectification and erasure
  • Right to restriction of processing
  • Right to object to the processing
  • Right to data portability. 
You also have the right to complain to a data protection supervisory authority about our processing of your personal data.

You also have the option of (confidentially) contacting our company data protection officer. If you have given us consents (Art. 6 (1) sentence 1 lit. a GDPR), you can revoke them at any time with effect for the future.

Insofar as we base the processing of your personal data on legitimate interests (Art. 6 (1) sentence 1 lit. f GDPR), you may object to the processing. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we do. In the event of your justified objection, we will examine the case and either discontinue or adapt the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing.

You can object to the processing of your personal data for the purpose of advertising at any time. 

8. Obligation to provide data

In the context of the performance or initiation of a contract, you must provide the personal data that is required for the performance of the contract or the performance of pre-contractual measures and the associated obligations. Furthermore, you must provide the personal data that we are legally obliged to collect. Without providing this data, we will not be able to conclude or fulfil a contract with you.

In cases of data collection based on consent, the provision of data by you is voluntary and not mandatory. However, if consent is not given, we will not be able to provide the services based on data processing by means of consent. You can revoke your consent at any time with effect for the future, even after you have given it.

9. Does automated decision-making or profiling take place?

No.
as of July 2023