Privacy policy for online meetings via “Cisco Webex”

Data protection information of AT&S Group

We would like to inform you about the processing of personal data in connection with the use of “Cisco Webex” and your rights as a data subject.

1. Purpose of the data processing

We use “Cisco Webex” to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter referred to as “online meetings”). The purpose of the processing is to provide a modern communication platform for internal and external communication between different locations (including home office) and stakeholders, as well as the associated technical maintenance work including troubleshooting.

2. Controller

The controller for data processing, which is directly connected with conducted “online meetings”, shall be

AT & S Austria Technologie & Systemtechnik Aktiengesellschaft
FN 55638x
Fabriksgasse 13
8700 Leoben
Leoben, Austria
Phone: 43 3842 200-0

You can reach our data protection coordination at the privacy@ats.net

Please note: As soon as you access the “Cisco Webex” website, the provider of “Cisco Webex” is responsible for data processing. However, accessing the website is only necessary to download the app for the use of “Cisco Webex”. You can also use “Cisco Webex” if you enter the relevant meeting ID number and any other access data for the meeting directly in the “Cisco Webex” app. If you do not want to or cannot use the “Cisco Webex” app, the functions can also be used via a browser version, which you can access via the link in your invitation.

3. What data are processed?

The following personal data is processed:

  • User details: First name, surname, email address, profile picture (optional)
  • Meeting metadata: Date, time, meeting ID, topic, description (optional), participant IP addresses, device/hardware/software information
  • For recordings (optional): Video, audio and presentation recordings as well as the text of the online meeting chat
  • For dial-ups by phone: Information on the incoming and outgoing phone number, country name, start and end time. In some cases, other connection data such as the IP address of the device (optional) may be stored.
  • Text, audio and video data during the meeting, survey entries and results: If required for the purposes of logging the results of an online meeting, the chat content will be stored. However, this will not usually be the case.

4. Legal basis of the processing

The legal basis for data processing is article 6 para. 1 lit. f) GDPR, the legitimate interest in the use of internationally applicable and up-to-date communication tools to achieve the company’s objectives. Furthermore, the legal basis for data processing in conducting “online meetings” shall be article 6 para. 1 lit. b) GDPR, providing the meetings are conducted within the framework of a contractual relationship.

5. Technical and organizational measures / Automated decision making

  • Recordings: Recordings of video or telephone conferences are generally prohibited. Exceptions may be approved in individual cases after careful evaluation. In this case, you will be informed separately and – if necessary – asked for your consent. The fact of the recording will also be displayed in the “Cisco-Webex” app.
  • Camera and microphone: You can switch off or mute the camera or microphone at any time via the “Cisco Webex” application.
  • Tracking: The option available in “online-meeting” tools like “Cisco Webex” of using a software function for “attention monitoring” (“attention tracking”) is deactivated.
  • Automated decision-making: Automated decision-making within the meaning of Art. 22 General Dada Protection Regulation (GDPR) is not used.

6. Recipients or categories of recipients of the personal data

The provider of “Cisco Webex” necessarily receives knowledge of the above-mentioned data, insofar as this is provided for in our data processing agreement with “Cisco Webex”.

7. Transfer of personal data to a third country

“Cisco Webex” is a service of Cisco Systems Inc. based in the USA (Corporate Headquarters, 170 West Tasman Dr., San Jose, CA 95134, USA). Personal data may therefore also be processed in the USA. Cisco Systems Inc. is a participant in the EU-US Data Privacy Framework, for which the EU Commission has adopted an adequacy decision. Further information can be found at: Cisco Online Privacy Policy

8. Duration of storage of personal data

AT&S processes personal data only to the extent and as long as this is necessary for the preparation, execution and follow-up of “online meetings”. Content and connection data are automatically deleted after four weeks.

Users also have the option of deleting individual messages and attachments as well as entire chat histories and call logs.

In the case of statutory retention obligations, deletion is only possible after the respective retention obligation has expired.

9. Rights of data subjects

If your personal data is processed, you have the right to receive information about the personal data stored about you. If incorrect personal data is processed, you have the right to rectification.

If the legal requirements are met, you can request the deletion or restriction of the processing and object to the processing.

If you have consented to the data processing or a contract for data processing exists and the data processing is carried out using automated procedures, you may have a right to data portability.

Further information on these rights of data subjects can be found at: https://www.dsb.gv.at/rechte-der-betroffenen

10. Right to lodge a complaint

You have the right to lodge a complaint with the above-mentioned Data Protection Coordinator or a supervisory authority (in Austria: Austrian Data Protection Authority, https://www.dsb.gv.at/).

Status: July 2024