Information of data protection for online meetings, phone conference and webinars via ZOOM, organised by QFTP Below we would like to inform you about the processing of personal data in connection with the use of "Zoom" for online events. Purpose of processing We use the tool "Zoom" to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: "online meetings"). "Zoom" is a service of Zoom Video Communications, Inc., based in the USA. Controller Controller for the processing of personal data related to the performance of online meetings is Swiss-Ukrainian Program “Higher Value Added Trade from the Organic and Dairy Sector in Ukraine” (office 535, 190, Kharkivske Shose Str., Kyiv, Ukraine, 02121) Note: If you access the "Zoom" website, the provider of "Zoom" is responsible for data processing. However, accessing the website is only necessary in order to download the software for using "Zoom". You can also use "Zoom" if you enter the respective meeting ID and, if applicable, further access data for the meeting directly in the "Zoom" app. If you do not want to or are not entitled to use the "Zoom" app, the basic functions can also be used via a browser version, which you can also find on the "Zoom" website. What kind of data is processed? Various types of data are processed when using "Zoom". The scope of the data also depends on the data you provide before or during participation in an online meeting. The following personal data are subject to processing: User details: first name, last name, telephone (optional), e-mail address, password (if "single sign-on" is not used), profile picture (optional), department (optional). Meeting metadata: Topic, description (optional), participant IP addresses, device/hardware information. For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat. For dial-in via telephone: information on the incoming and outgoing call number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be stored. Text, audio and video data: You may have the opportunity to use the chat, question or survey functions in an "online meeting". In this respect, the text entries you make are processed in order to display them in the online meeting and, if necessary, to log them. In order to enable the display of video and the playback of audio, data from the microphone and/or video camera of your device are processed accordingly during the meeting. You can switch off or mute the camera or microphone yourself at any time via the "Zoom" applications. In order to participate in an online meeting or to enter the "meeting room", you must at least enter a name. Scope of processing We use "Zoom" to conduct online meetings. If we want to record online meetings, we will transparently inform you in advance and - where necessary - ask for consent. If a recording is ongoing this will be displayed to you in the "Zoom" app. If it is necessary for the recording the results of an online meeting, we will record the chat content. However, this will not usually be the case. In the case of webinars, we may also process questions asked by webinar participants for the purposes of recording and following webinars. If the online meeting is being recorded and you would prefer to remain anonymous, we recommend that you keep your camera switched off and provide a pseudonym when you register/enter the meeting. If you are registered as a user at "Zoom", then reports on online meetings (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) can be stored in "Zoom" for up to one month. Automated decision-making according to Art. 22 GDPR is not used. Legal basis for data processing The legal basis for data processing when conducting online meetings is Art. 6 para. 1 lit. b) If you record, state “I consent”, insofar as the meetings are conducted within the framework of contractual relationships. If there is no contractual relationship, the legal basis for data processing is Art. 6 para. 1 lit. f) GDPR. In these cases, our interest is in the effective performance of "online meetings". Data transfer and recipients Personal data processed in connection with participation in online meetings are generally not passed on to third parties unless they are specifically intended to be passed on. Please note that the content of online meetings, as well as personal meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on. Other recipients: The provider of "Zoom" receives the above-mentioned data, insofar as this is provided for in the context of our order processing contract with "Zoom". Data processing outside the EU/EEA "Zoom" is a service provided by a provider from the USA. A processing of personal data therefore also takes place in a third country. We have concluded an order processing agreement with the provider of "Zoom" which complies with the requirements of Art. 28 GDPR. An appropriate level of data protection is guaranteed by the conclusion of the so-called EU standard contractual clauses. Contact details for privacy related questions Swiss-Ukrainian Program “Higher Value Added Trade from the Organic and Dairy Sector in Ukraine” office 535, 190, Kharkivske Shose Str., Kyiv, Ukraine, 02121 Email: firstname.lastname@example.org Your rights as data subject You have the right to obtain information about the personal data concerning you. You can contact us for information at any time. In the case of a request for information that is not made in writing, we ask for your understanding that we may require proof from you that you are the person you claim to be. Furthermore, you have a right to rectification or deletion or to restriction of processing, insofar as you are entitled to this by law. Finally, you have a right to object to processing within the scope of the law. You also have the right to data portability within the framework of the data protection law. Deletion of data As a matter of principle, we delete personal data when there is no need for further storage. We may be required to store your data, in particular if the data is still needed to fulfil contractual services, to check and grant or ward off warranty and, if applicable, guarantee claims. In the case of statutory retention obligations, deletion is only considered after the expiry of the respective retention obligation. Right of complaint If you have the impression that our processing of your personal data is unlawful, you have the right to complain to a data protection supervisory authority. Amendments We revise this document in the event of changes in data processing or other occasions that make this necessary. You will always find the current version on our website. August 2021.