Privacy Policy Compal System

Responsible for the software offered 

PACK UG (limited liability)
Hardtstrasse 70
76185 Karlsruhe
GERMANY
info@pac-k.de 

If we act as a processor, the controller for the processing of personal data in accordance with Art. 28 EU GDPR (General Data Protection Regulation) is our client, with whom we have concluded a service agreement and an associated data processing agrement. 

 

Preamble

In this privacy policy, we provide information on how we process personal data when our app from the Microsoft Store is used and what rights data subjects have in this regard. Your trust in our diligence when processing personal data is very important to us. As a company based and operating in the EU, we are subject to the EU GDPR, which we regard as the minimum standard for handling your data. 

 

Which data are processed?

Those affected by the processing of personal data are employees in our client’s organization and external communication partners (all if they log into an online meeting on our client’s MS Teams system). 

We process the following personal data when using our software: 

  • Video and Link to the MS Teams Meeting, 
  • MS Meeting Object including 
  • Meeting Title 
  • Organizer email address 
  • List of participant email addresses 

Our software is connected to Microsoft Teams in MS365 tenant so that this data is automatically and directly accessed there. Our client, for whom we act as a processor, is responsible for this processing. 

If we collect personal data directly, this is usually done for the purpose of processing the contract or for contacting us in order to process inquiries. In these cases, we only process the data that is absolutely necessary for the purpose. 

 

How is the data used?

The data processed by the software is used for the following purposes: 

  • Provision and functionality of the software 

Data that you provide to us directly will be processed for the relevant purpose in context: 

  • Preparation and/or performance of a contract 
  • Establishing and organizing contact in connection with inquiries 

 

Legal basis for data processing

The processing of personal data by our software is usually not our responsibility but takes place within the framework of a data processing agreement with our client. As a result, compliance with and organization of the rights of data subjects is primarily the responsibility of the client as the controller in accordance with Art. 24 EU GDPR, to which we in turn are obliged. 

We process the data based on the fulfillment of our contract with our client. On the part of the data subject, the legal basis is regulated with their organization as the controller, e.g. consent or for the performance of a (work) contract or based on the legitimate interests of the controller. 

The above-mentioned permissions for the processing of personal data in the EU GDPR are in detail Art. 6 para. 1 lit a (consent), Art. 6 para. 1 lit b (preparation or performance of a contract), Art. 6 para. 1 lit c (fulfillment of a legal obligation) and Art. 6 para. 1 lit f (legitimate interest of the controller) 

In the cases of directly collected data described above in 2., the permissions according to the EU GDPR are Art. 6, para. 1 lit. b (preparation or performance of a contract) or f (our legitimate interest in being able to process inquiries appropriately). 

 

Passing on The Data

As a matter of principle, we do not pass on data to third parties unless this is necessary to fulfill the contract or due to legal regulations. 

Data will not be transferred to a third country. If we commission subcontractors, we will only do so with the consent of our client and, if at all possible, only with service providers based and processing data within the EU. 

 

Data Security

We take appropriate technical and organizational measures to process the data at an appropriate level of security. 

 

Duration of Storage

The data will only be stored for as long as is necessary for the stated purposes or as required by law. Upon termination of the contract with our client, all data from this activity will also be deleted, unless we are legally obliged to process it for longer. 

 

Rights of Users (Rights of Data Subjects)

Every data subject has the right to information, rectification, erasure, restriction of processing, data portability and objection to processing (in accordance with EU GDPR Art. 12 ff). 

Complaints can also be lodged with a data protection supervisory authority. We would be very pleased if you would contact us directly before lodging a complaint with the supervisory authority about our activities. This would also give us the opportunity to resolve the reason for your complaint quickly. 

The primary point of contact for exercising the rights of data subjects is our client’s organization, to which we are obliged as a processor. 

 

Changes to this Privacy Policy

This privacy policy may be amended from time to time. We will inform you about significant changes. 

 

Contact

If you have any questions about data privacy and protection, please contact: 

the data protection officer or the relevant contact person at the controller 

or 

Directly to us:
PACK UG (limited liability)
Hardtstrasse 70
76185 Karlsruhe
GERMANY
info@pac-k.de