Privacy Policy
We, EvidentIQ Germany GmbH, formerly XClinical GmbH (“XClinical/we“), are pleased about your visit to our website and your interest in our products and services. In the following provisions, we inform you about the type, scope, and purpose of the collection and use of your personal data on our website. Personal data is any information relating to an identified or identifiable natural person. This includes in particular your name and e-mail address. The use of our website is generally possible without providing personal data. You are neither obliged to call up this website nor to provide personal data. However, the active provision of personal data is required, for example, in the case of registration for a newsletter or an application. If you do not provide us with personal data for the purposes listed below, you may not be able to use the functions of this website or some of its services.
1. Provider and data protection officer
Provider of the website and controller in the sense of data protection law is the:
EvidentIQ Germany GmbH (formerly XClinical GmbH)
Rosental 5
80331 Munich
Managing directors: Manuel Neukum, Lars Kloppsteck
Phone: +49 (0) 89 4522775 000 | E-mail: info@evidentiq.com
You can reach XClinical’s data protection officer at:
krupna LEGAL
Dr. Karsten Krupna
Phone: +49 (0) 40 31976927 | E-mail: karsten-krupna@xclinical.com
2. Data processing for enabling website use
Every time you access content on our website, connection data is transmitted to our webserver. This connection data includes:
- the IP address (Internet Protocol address) of the respective users,
- the date and time of the request,
- the referrer URL,
- device numbers such as UDID (Unique Device Identifier) and comparable device numbers, device information (e.g. device type) and
- the browser type / the browser version.
This connection data is not used to draw conclusions about the person of the user or merged with data from other data sources, but serve to provide the website. After 7 days at the latest, the data will be anonymized by shortening the IP address at domain level. The legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. f GDPR.
3. Newsletter
If you have expressly consented, you will receive a newsletter on EvidentIQ products and services via e-mail. To receive our newsletter, only your e-mail address is required. This is marked accordingly (*). The entry of any additional information about your person is voluntary and serves only to personalize the newsletter for you.
In connection with your registration to receive the newsletter, we use the so-called double-opt-in procedure. This means that after your registration we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 7 days, your information will be blocked and automatically deleted after one month.
The processing of your personal data in connection with the newsletter is based on your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR.
You can revoke your consent to receive newsletters at any time with effect for the future towards EvidentIQ. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. To exercise the revocation, you will find a corresponding link at the end of each e-mail newsletter. Alternatively, you can revoke your consent at any time, e.g. by sending an e-mail to info@evidentiq.com.
When you register for the newsletter, we also store your IP address and the time of registration in order to fulfill our legal documentation obligations. The legal basis for data processing in this case is Art. 6 para. 1 sentence 1 lit. c GDPR.
4. Online application
On our linked separate website (please note the separate privacy policy for this website) you can apply for a position at EvidentIQ. You have the option of using our online application form. Alternatively, you can also apply by e-mail or by post.
As part of the online application, you will be asked to provide personal information (e.g. name and contact details). For the establishment and implementation of a possible employment relationship, the provision of certain data is required. If you do not provide this data, which is separately marked as mandatory, your application is incomplete and cannot be considered further in the application process. The provision of other information and the upload of files or documents (e.g. CV or application photo) is not mandatory at this stage of the application process, but optional. If you only provide mandatory information, there will be no disadvantages for your application.
After receipt of your online application, you will receive an automatic confirmation of receipt from us. Further communication regarding the application process will then be handled by our HR department
Your data will be processed by EvidentIQ for the purpose of deciding on the establishment of an employment relationship. The legal basis for data processing by EvidentIQ is Art. 88 para. 1 GDPR in conjunction with the respective national regulation, in Germany § 26 para. 1 sentence 1 BDSG. If special categories of personal data are affected, the processing is governed by Art. 88 GDPR in conjunction with the national regulation, in Germany § 26 para. 3 BDSG. In the event of a rejection or the completion of the application process, your data will be deleted within 90 days.
5. Data processing for the demand-oriented design of the website / tracking tools
The tracking tools and other services used by us on the website are listed in sections 6 to 7.
In order to make the use of our website as pleasant as possible for you, we use for example so-called “cookies”, i.e. small text files that are sent to your browser by a web server and stored on the hard drive of your end device. This enables us to recognize the end device you are using when you use our website.
Please note that if you disable cookies, you may not be able to use all the features of this website to their full extent. Please also note that deactivation may have to be carried out for each browser and each end device.
Details of the tools used on the website can be found in the cookie banner and in the following provisions. The legal basis for the processing of your data follows from Art. 6 para. 1 sentence 1 lit. f GDPR, unless otherwise stated in sections 6 and 7. Our legitimate interest then consists in the demand-oriented design of the website.
6. Cookie consent with Usercentrics
This website uses the cookie consent technology of Usercentrics to obtain your consent to the storage of certain cookies on your end device and to document this in a data protection compliant manner. The provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, website: https://usercentrics.com/de/ (“Usercentrics“).
When you access our website, the following personal data will be transferred to Usercentrics:
- Your consent(s) or revocation of your consent(s)
- Your IP address
- Information about your browser
- Information about your end device
- Time of your visit on the website
Furthermore, Usercentrics stores a cookie in your browser in order to be able to attribute the given consents or their revocation to you. The data collected in this way is stored until you request us to delete it, delete the Usercentrics cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.
Usercentrics is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 sentence 1 lit. c GDPR.
7. Tracking tools / Other services
7.1. Google Analytics
Our website uses the “Google Analytics 4 (GA4) tracking tool. This is a service provided by Google Ireland Limited, a company registered and operated in accordance with Irish law, headquartered at Gordon House, 4 Barrow Street, Dublin, Ireland (“Google”). This tracking tool helps us to make our online offers more interesting for you and to improve the user experience. Data on the use of our website is stored in pseudonymized user profiles. In addition to JavaScript and pixels, cookies can also be used for this purpose. Further information on the use of cookies can be found at: https://support.google.com/analytics/answer/11397207?hl=de. The types of personal data processed include Online identifiers (including cookie identifiers), internet protocol addresses and device identifiers, identifiers assigned by the customer.
Data from different devices, sessions, and interactions can additionally be linked to a user ID. This information is generally transferred to a Google server in the USA and stored there.
As part of the evaluation, Google also uses artificial intelligence (AI) to automatically analyze, classifies, and enrich data. This is done in particular for predictive metrics on future user behavior based on structured event data, such as purchase probability, churn probability and predicted revenue. The forecast measurement values can also be used for forecast target groups. You can find out more about this at: https://support.google.com/analytics/answer/9846734.
Google uses modeling techniques to estimate online conversions that cannot be captured directly. This enables more realistic statements to be made in reports, advertising campaigns to be optimized and automatic bidding to be improved. You can find more information on this at: https://support.google.com/analytics/answer/10710245.
Finally, the data is analyzed using Analytics statistics. Google provides automatic and user-defined statistics. You can find out more about this at: https://support.google.com/analytics/answer/9443595.
By default, Google already automatically anonymizes user IP addresses when collecting user data. Google also does not log or store the IP addresses. The truncating of IP addresses does not mean that data is processed entirely in anonymized form. Thus, when Google Analytics is used, usage data is collected that is to be evaluated as personal data, such as identification features of the individual users, which also allow a link to an existing Google account, for example.
On our behalf, Google will use this information to evaluate your usage of our website, to compile reports on website activity, and to provide other services related to website and Internet usage to us. The pseudonymized user profiles are not combined with personal data about the bearer of the pseudonym unless separate consent has been obtained for this.
For more information on Google Analytics, see: https://support.google.com/analytics/answer/12017362.
Please note that Google also has independent access to your data collected via Google Analytics and may also use this data for its own purposes. Google may, for example, link this data to other information about you, such as search history, personal account, usage data from other devices, and all other data that Google has about you. The legal basis for the use of Google Analytics is based on your consent, based on § 25 para. 1 sentence 1 TDDDG for the storage and access to information in terminal equipment and Art. 6 para. 1 sentence 1 lit. a GDPR for our further processing of your data. You give your consent to this via our cookie banner. Please note that Google is a company from the USA. Information about Google’s data centers locations can be found at www.google.com/about/datacenters/locations/. The new EU standard data protection clauses were agreed as appropriate safeguards to ensure an adequate level of protection for the transfer of data. In addition, Google LLC is an active participant in the EU-U.S. Data Privacy Framework, which ensures the secure transfer of personal data to the USA. You can find further information here: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
7.2. Google Ads Conversion
We use the “Google Ads Conversion” service to advertise our products on external websites with the help of advertising material and to determine success of our advertising measures. These advertising materials are delivered by Google via so-called “ad servers”. If you access our website via a Google ad, Google Ads will store a cookie on your end device. These cookies generally lose their validity after 30 days and are not used to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie.
Aforementioned cookies enable Google to recognize your internet browser. Therefore, if you have visited certain websites of an Ads customer and the cookie stored on your computer has not yet expired, Google and the Ads customer can recognize that you clicked on the ad and were redirected to this page. Cookies cannot be tracked via the websites of Ads customers. We ourselves do not collect and process any personal data in aforementioned advertising measures. We only receive statistical evaluations from Google. Based on these evaluations, we can recognize which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising material; in particular, we cannot identify you based on this information.
The legal basis for the use of Google Ads Conversion is your consent, based on § 25 para. 1 sentence 1 TDDDG for the storage and access to information in terminal equipment and Art. 6 para. 1 sentence 1 lit. a GDPR for our further processing of your data. You give your consent to this via our cookie banner. Please note that the provider is a company from the USA. Information about Google’s data center’s locations can be found at www.google.com/about/datacenters/locations/ The new EU standard data protection clauses have been agreed as suitable guarantees to ensure an appropriate level of protection when transferring data. In addition, Google LLC is an active participant in the EU-U.S. Data Privacy Framework, which guarantees the secure transfer of personal data to the USA. You can find more information here: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active.
Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on scope and further use of data collected by Google through use of this tool and therefore inform you according to our level of knowledge as follows: By integrating Ads Conversion, Google receives information that you have accessed the relevant part of our website or clicked on one of our ads. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider will find out your IP address and store it.
You can find more information on data protection at Google here: https://support.google.com/google-ads/answer/93148 https://ads.google.com/intl/de_de/home/faq/gdpr/
7.3. HubSpot
For our online marketing activities, we use the service of HubSpot Inc, a software company from the USA, 25 First Street, Cambridge, MA 02141 USA, with a branch in Ireland, Ground Floor, Two Dockland Central, Guild St, North Dock, Dublin, D01 K2C5, Ireland (“HubSpot”).
HubSpot is an integrated software solution that we use to cover various aspects of our online marketing. These include, among others: Email marketing, contact management (e.g. user segmentation & CRM) and data processing via contact forms.
The legal basis for the use of HubSpot is your consent, based on § 25 para. 1 sentence 1 TDDDG for the storage and access to information in terminal equipment and Art. 6 para. 1 sentence 1 lit. a GDPR for our further processing of your data. You give your consent to this via our cookie banner.
Please note that the provider is a company from the USA. The new EU standard data protection clauses have been agreed as appropriate safeguards to ensure an adequate level of protection for data transfers. In addition, HubSpot is an active participant in the EU-U.S. Data Privacy Framework, which guarantees the secure transfer of personal data to the USA. Further information can be found here: https://www.dataprivacyframework.gov/list.
7.4. ShareThis
In order to be able to share content from this website on social media channels such as Instagram or X, we use the ShareThis tool from ShareThis Inc. ShareThis Inc. (4005 Miranda Ave, Suite 100, Palo Alto, 94304 California, USA) is a devision of Predactiv, Inc., a data company. ShareThis collects information via technical cookies placed on your browser, pixel tags, HTTP headers (or other communication protocols) and browser identifiers.
ShareThis provides website operators (“Publishers”) with customizable social sharing tools, which makes sharing online content simple. Any user of a website can share anything on the web with their friends on social sites, such as Facebook (Meta), through using the tools on the website (“ShareThis Icon”). ShareThis also collects pseudonymous data about users and how they interact with content, websites, and advertisements while online. Some of the data is collected via the ShareThis Icon, and some is collected through third-party data providers. ShareThis compile this data and provide it to the Publishers and license it to advertisers, agencies, and other businesses to facilitate the delivery of relevant, targeted advertising and for a number of other reasons which are listed below.
Data ShareThis collects includes:
- The unique IDs of the cookie(s) placed on your web browser (example: 37d387ca-f68a-11e5-b87d-0e58954c72b1) and/or a hashed version of an email address which help us recognize your browser or device over time.
- Information about the user’s browser and device
- User agent string
- Webpages viewed (including the URL addresses of such pages and search parameters, which may include search terms and key words) and the previous web pages that referred the user to that webpage
- Time when webpages are viewed
- Search queries from which users are directed to a webpage
- Navigation from page to page
- Time spent on each webpage
- Interactions with the webpage, including items clicked or selected and content highlighted or copied
- Ads viewed or displayed to the user and the user’s interactions with those ads
- Shares of content including what content is shared and where – for example, the relevant social media site (e.g., Twitter, Facebook)
- Geographic information such as country, city, state, or postal code.
- IP addresses
- Device IDs
For detailed information about ShareThis privacy and the technology used, please see the following link.
The legal basis for us to use ShareThis is your consent, based on § 25 para. 1 sentence 1 TDDDG for the storage and access to information in terminal equipment and Art. 6 para. 1 sentence 1 lit. a GDPR for our further processing of your data. You give your corresponding consent via our cookie banner.
Please note that Predactiv, Inc. is a company from the USA. The new EU standard data protection clauses have been agreed as appropriate safeguards to ensure an adequate level of protection for data transfers. In addition, Predactiv, Inc. is an active participant in the EU-U.S. Data Privacy Framework, which guarantees the secure transfer of personal data to the USA. Further information can be found here: https://www.dataprivacyframework.gov/list.
7.5. YouTube
Our website uses plug-ins from YouTube, which is operated by Google. If you visit one of our websites featuring a YouTube plug-in and actively click on the corresponding field, a connection to YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited. If you are logged in to your YouTube account, you allow YouTube to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
The legal basis for the use of YouTube is based on your consent pursuant to § 25 para. 1 sentence 1 TDDDG for the storage and access to information in end devices, as well as pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR for the further processing of your data. You give your corresponding consent via our cookie banner. Please note that Google is a company from the USA. Information about the locations of Google’s data centers can be found at www.google.com/about/datacenters/locations/. The new EU standard data protection clauses were agreed as appropriate safeguards to ensure an adequate level of protection for the transfer of data. In addition, Google LLC is an active participant in the EU-U.S. Data Privacy Framework, which ensures the secure transfer of personal data to the USA. You can find further information here: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Further information on how user data is handled is available in see YouTube’s Privacy Policy at: https://www.google.de/intl/de/policies/privacy.
7.6. LinkedIn Insight-Tag
We use the “LinkedIn Insight Tag” conversion tool from LinkedIn Ireland Unlimited Company (hereinafter “LinkedIn Ireland”) on our website. This tool creates a cookie in your web browser, which enables the collection of the following data, among others: IP address, device and browser properties and page events (e.g. page views). LinkedIn Ireland does not transmit any personal data to us, but offers anonymized reports on the website target group and display performance. In addition, LinkedIn Ireland offers the possibility of retargeting via the Insight tag. With the help of this data, we can display targeted advertising outside our website without identifying you as a user of the website. The legal basis for the use of the LinkedIn Insight tag is your consent, based on § 25 para. 1 sentence 1 TDDDG for the storage and access to information in terminal equipment and Art. 6 para. 1 sentence 1 lit. a GDPR for our further processing of your data. You give your consent via our cookie banner. Please note that LinkedIn Ireland may also process your data outside the EU/EEA. The new EU standard data protection clauses have been agreed as appropriate safeguards to ensure an adequate level of protection when transferring data. In addition, LinkedIn Corporation is an active participant in the EU-U.S. Data Privacy Framework, which ensures the secure transfer of personal data to the USA. Further information can be found here: https://www.dataprivacyframework.gov/list. Further information on the LinkedIn Insight Tag can be found at the following link. For more information on data protection at LinkedIn Ireland, please refer to the LinkedIn Ireland privacy policy
7.7. Google reCAPTCHA
We use Google reCAPTCHA (hereinafter “reCAPTCHA”) on our website. This is a service provided by Google. The purpose of reCAPTCHA is to check whether the data input on our website (e.g. when registering for a newsletter) is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor accesses or enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent on the website by the website visitor or mouse movements made by the user). The data collected during the analysis is forwarded to Google. The reCAPTCHA analyses run completely in the background. You will not be informed separately that an analysis is taking place.
The legal basis for the use of reCAPTCHA is your consent, based on § 25 para. 1 sentence 1 TDDDG for the storage and access to information in terminal equipment and Art. 6 para. 1 sentence 1 lit. a GDPR for our further processing of your data. You give your consent to this via our cookie banner. Please note that the provider is a company from the USA. Information about the locations of Google’s data centers can be found at www.google.com/about/datacenters/locations/. The new EU standard data protection clauses have been agreed as suitable guarantees to ensure an appropriate level of protection when transferring data. In addition, Google LLC is an active participant in the EU-U.S. Data Privacy Framework, which guarantees the secure transfer of personal data to the USA. Further information can be found here: https://www.dataprivacyframework.gov/list.
Further information on reCAPTCHA and Google’s privacy policy can be found at the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.
7.8. Google Tag Manager
We use Google Tag Manager “GTM”. This Google service allows website tags to be managed via an interface. However, GTM only implements tags. In this respect, no cookies are used. GTM only triggers other tags, which in turn may collect data, but GTM does not access this data. Data is only analyzed in the respective tool (see the tools listed in section 7 for details). However, the GTM records your IP address and online identifiers (including cookie identifiers), which may also be transmitted to Google in the USA. You can find additional information on GTM at https://support.google.com/tagmanager/answer/6102821?hl=de
The legal basis for the use of GTM is your consent, based on § 25 para. 1 sentence 1 TDDDG for the storage and access to information in terminal equipment and Art. 6 para. 1 sentence 1 lit. a GDPR for our further processing of your data. You give your consent to this via our cookie banner.
Please note that the provider is a company from the USA. Information about Google’s data center’s locations can be found at www.google.com/about/datacenters/locations/. The new EU standard data protection clauses have been agreed as suitable guarantees to ensure an appropriate level of protection when transferring data. In addition, Google LLC is an active participant in the EU-U.S. Data Privacy Framework, which guarantees the secure transfer of personal data to the USA. Further information can be found here: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active.
8. Social media presence
8.1. Links to social networks
Our website contains links to social networks (Instagram and LinkedIn). These websites are operated exclusively by third parties. If you follow the links, the respective provider may process personal data about you. Please note the data protection information of the provider in this regard.
8.2. Data processing by EvidentIQ and legal basis
Our social media presences and links to third-party providers (e.g. Instagram, LinkedIn, Facebook/Meta and YouTube) serve the purpose of informing you about EvidentIQ as well as new developments, services and products of EvidentIQ. Depending on the offer of the respective providers, you have the possibility of different interaction (comments, recommendations etc.) e.g. in connection with our social media presence. The interaction of the users is an important criterion for us in order to carry out targeted marketing. For example, we can determine which articles are read preferentially. We therefore also use the statistics determined by the providers in this regard for our own purposes. Insofar as we process personal data of users in this context, the legal basis for this is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest then consists in particular in targeted information / advertising. The providers will inform you separately about the legal basis on which they process your data for their own purposes
8.3. Joint responsibility
In some cases, we are jointly responsible with the social media providers for processing your personal data. In this case you can assert your rights (see section 14) generally either against us or against the social media provider. However, the social media provider is the first point of contact.
We have concluded an agreement with Meta (formerly Facebook) on joint responsibility for the processing of personal data. This applies in relation to the processing of so-called “insights data”. These are page statistics, in particular on the interactions of Facebook users. Details on the Insights data can be found here: https://www.facebook.com/business/pages/manage#page_insights. You can view our agreement with Meta at the following link: https://www.facebook.com/legal/controller_addendum.
We have concluded a joint responsibility agreement with LinkedIn Ireland for the processing of personal data. This applies in relation to so-called “page insights”. These are aggregated page statistics, whereby LinkedIn does not provide us with any personal data from you. Details on the insights data and our agreement with LinkedIn can be found at the following link.
Please note that the social media providers also process your data outside the EU/EEA. Meta Platforms Inc. and LinkedIn Corporation are active participants in the EU-U.S. Data Privacy Framework, which ensures the secure transfer of personal data to the USA when data is transferred to them. Further information can be found here: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000GnywAAC&status=Active
With regard to the storage period of the data we process from you for our own purposes, please refer to our explanations under section 12. Otherwise, please observe the data protection provisions of the respective social media provider.
9. Telephone and video conferences via teams
We use the online platform teams (“teams“) for interactive communication. Teams is a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, based in the USA (“Microsoft“). For more information from Microsoft about team’s privacy practices, please click here.
9.1. Microsoft’s own responsibility
If you access Microsoft’s website for the use of teams, Microsoft is responsible for the data processing. However, you only need to access the website to download the software for the use of teams. You can also use teams if you enter the respective meeting ID and, if necessary, other access data for the meeting directly in the teams app. If you do not wish to use the teams app, the basic functions can also be used via a browser version.
To the extent that Microsoft processes personal data in connection with its own legitimate business operations, Microsoft is an independent data controller for such processing, whose legal basis, according to its own declaration, is “legitimate interests”. “Microsoft’s legitimate business transactions” in this context are, as evidenced by Microsoft’s statement, the following, each as an incident involving the provision of teams to us (1) billing and account management; (2) compensation (e.g., calculation of employee commissions and partner incentives); (3) internal reporting and modeling (e.g., forecasts, revenue, capacity planning, product strategy); (4) combating fraud, cybercrime or cyber attacks that may affect Microsoft or Microsoft products; (5) improving core accessibility, privacy, or energy efficiency functionality; and (6) financial reporting and compliance with legal obligations.
Microsoft’s statement on the storage of personal data can be found here.
9.2. Purpose of processing and types of personal data
We use teams to conduct telephone conferences and/or video conferences, particularly in connection with online seminars for prospects and professionals and/or employment relationships (“online meetings”).
When using teams, various types of personal data are processed by us. The type and scope of the data depends in particular on the information you provide before or during participation in an online meeting. However, in order to identify you as an authorized participant, you must at least provide your name. You can deactivate the video or microphone function at any time via the teams application.
Personal data processed in connection with teams include:
- Profile data: First name, surname, telephone number (optional), e-mail address, password (if “Single-Sign-On” is not used), profile picture (optional), department (optional)
- Meeting metadata: Subject, description (optional), participant IP addresses, device/hardware information
- Call history data: Information on incoming and outgoing telephone number, country name, start and end time. If necessary, other connection data such as the IP address of the device can be saved.
- Content data: You may be able to use chat, question or survey functions during an online meeting. Your text entries and other approved data are processed to display them in the online meeting.
For further details on data processing by Microsoft, please refer to Microsoft’s explanations von Microsoft.
9.3. Data processing by EvidentIQ and legal basis
To the extent that personal data of employees is processed by us, the legal basis for data processing is generally § 26 para. 1 BDSG. If special categories of personal data are involved, the processing is governed by § 26 para. 3 BDSG.
If, however, in connection with the use of teams, personal data is not required for the establishment, implementation or termination of the employment relationship, the legal basis for data processing is generally Art. 6 para. 1 sentence 1 lit. f GDPR. In these cases, our interest lies in the effective implementation of online meetings. In addition, the legal basis for data processing when conducting online meetings is Art. 6 para. 1 sentence 1 lit. b GDPR, insofar as the meetings are conducted in the context of contractual relationships. In special cases (e.g. a recording of online meetings) in which you are asked in advance for a declaration of consent, the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR.
9.4. Data transfer to countries outside the EU
Teams is a service provided by a provider from the USA. A processing of personal data therefore also takes place in a third country. We have concluded a data processing agreement with Microsoft in accordance with Art. 28 GDPR. An adequate level of data protection is ensured by the conclusion of the so-called EU standard model clauses. In addition, Microsoft is an active participant in the EU-U.S. Data Privacy Framework, which guarantees the secure transfer of personal data to the USA. Further information can be found here: https://www.dataprivacyframework.gov/list. If law enforcement authorities contact Microsoft with a request, Microsoft, according to its own statement, tries to redirect law enforcement authorities to request the personal data directly from us. If Microsoft is required to disclose personal information to law enforcement authorities, Microsoft will (also at Microsoft’s own statement) notify us immediately and provide a copy of the request unless prohibited by law. For more information about the data that Microsoft discloses in response to requests from law enforcement and other government agencies, please refer to Microsoft’s Law Enforcement Requests Report.
10. Data transfer
We only transfer your personal data to third parties or other recipients if this is necessary for the provision of services, if you have given your consent, if there is a legal obligation or if the transfer of data is permitted by another legal basis. Where necessary, we have concluded data processing agreements with the recipients of your data, such as Google, Usercentrics or other service providers, in accordance with Art. 28 GDPR. We will only transfer your data to government bodies within the scope of legal obligations or on the basis of an official order or court decision.
11. Data transfer to countries outside the EU
Insofar as necessary for our purposes, we will only transfer personal data to recipients outside the EU if you have given your consent, if there is a legal obligation to do so, or if the transfer of data is permitted on another legal basis. Your data will also be transferred to recipients based in the USA within the scope of processing data. An appropriate level of data protection is ensured by the conclusion of the new so-called EU standard contractual clauses and/or the participation of the service provider in the USA in the EU-U.S. Data Privacy Framework. An overview of the participants in the EU-U.S. Data Privacy Framework can be found here: https://www.dataprivacyframework.gov/s/participant-search
12. Duration for which personal data is stored / criteria for determining the duration
Your personal data will be stored by EvidentIQ for as long as it is necessary for the aforementioned purposes of processing, in the event of an objection no compelling reasons worthy of protection oppose EvidentIQ or in the event of a revocation no other legal basis for data processing exists. In certain cases, e.g. if there is a legal obligation to retain data, your personal data will not be deleted immediately, but blocked initially.
If an application (e.g. via our online application form, see section 4) is successful, your data will be transferred to the personnel file and stored beyond the period of the application process in accordance with the statutory provisions. If your application is not successful, we will store your data beyond the period of the application process for a maximum of 6 months, unless you have given your consent to further data processing.
13. Data security
To protect your personal data on this website, we use a secure online transmission procedure, the so-called “Secure Socket Layer” (SSL) transmission. You can recognize this by the fact that a closed padlock symbol is displayed on the address https://. By clicking on the symbol, you will receive information about the SSL certificate used. The display of the symbol depends on the browser version you are using. The SSL encryption guarantees the encrypted and complete transmission of your data.
14. Your rights
Within the framework of the legal requirements, you have a fundamental claim against EvidentIQ for
- confirmation as to whether personal data concerning you is processed by EvidentIQ,
- information about these data and the circumstances of processing,
- correction, if this data is incorrect,
- deletion, unless the processing is not justified and there is no (longer an) obligation to keep the data,
- restriction of processing in special cases determined by law,
- objection in case of data processing on the basis of Art. 6 para 1 sentence 1 lit. f GDPR and
- transmission of your personal data – if you have provided it – to you or a third party in a structured, common and machine-readable format.
Insofar as the processing of your personal data is based on your consent, you have the right to revoke this consent at any time, with the consequence that the processing of your personal data will become inadmissible for the future. However, this does not affect the lawfulness of the processing carried out on the basis of the consent up to the point of revocation.
Please address your specific request in writing or by e-mail to our data protection officer (see section 1), clearly identifying yourself.
Insofar as we process your data in joint controllership with third parties within the meaning of Art. 26 GDPR (see section 8.3), the third party is centrally responsible for the exercise of all rights of the persons concerned. However, you are free to assert your rights against us as well.
Finally, we would like to draw your attention to your right of appeal to the supervisory authority.
e.g. supervisory authority in Bavaria:
Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18 / 91522 Ansbach
15. No automated individual decision
We do not use your personal data for automated individual decisions.
16. Amendment of the privacy policy
New legal requirements, business decisions or technical developments may require changes to our privacy policy. The privacy policy will then be adjusted accordingly. You will always find the latest version on our website.
Munich August, 2024