The following entity is responsible for data collection and processing for the purpose of webinars:
Oesterreichische Kontrollbank Aktiengesellschaft (OeKB)
Am Hof 4
Telephone: +43 1 53 1270
Fax: +43 1 53127-5262
The OeKB Data Protection Officer is:
Mr Harald Sommer
Telephone: +43 1 53 127 2366
2. Use of your personal data
OeKB uses the software GoToWebinar from LogMeIn Ireland Unlimited Company for the organisation, implementation, follow-up and further development of webinars.
LogMeIn Ireland Unlimited Company, with whom OeKB has entered into a contract processing agreement under Article 28 of the GDPR, acts as our processor.
We collect or process the following personal data from individuals who sign up for or participate in our webinars:
- Information about the webinar participant: First name, last name, e-mail address, time of registration for the webinar, company/organisation (if given), job description (if given).
- Webinar metadata: subject, description if applicable, participant IP addresses, and device/hardware data.
- Text data: When a participant uses the chat, question or survey features, the text entries they make are processed so they can be recorded and displayed during the webinar. Participants may direct questions towards the hosts only or towards the other participants. If questions are asked that are answered during a webinar follow-up, the questions and e-mail addresses of participants will be processed in order to be able to answer them afterwards.
- Attention factor: During the webinar, the software registers whether participants have the webinar window open as their primary window. This information is collected during webinars, e.g. ‘attention factor’ 80%. This allows hosts to see if webinar participants are losing interest.
- Interest rate: Following the webinar, we analyse participants’ level of interest in the webinar they attended based on seven factors, including short surveys, chat posts and ‘attention factor’. We do this in order to provide our webinar participants with further relevant and interesting information.
Automated individual decision-making within the meaning of Article 22 of the GDPR is not used.
NB: If you land on the GoToWebinar website, the provider is responsible for the data processing. However, you only need to access the website to download the software to use GoToWebinar.
For more information about LogMeIn's privacy and data security, please visit the LogMeIn GDPR compliance website.
If you do not wish to or cannot use the GoToWebinar software, you can also participate using a browser version that offers basic features, which is also available from the LogMeIn website.
3. Legal basis for the processing
The legal basis for processing personal data in the context of webinars for the purpose of organising, conducting, following up (e.g. subsequent answering of questions) and further developing webinars (e.g. creating participant statistics for webinars over time, effectiveness of and interest in webinars) is the consent under Art. 6(1)(a) of the GDPR.
Within the scope of data processing when using GoToWebinar, personal data is transferred to the USA as part of the provision of technical services. The US is not considered by the European Court of Justice to have an adequate level of data protection. In particular, there are risks that your rights as a data subject may not be enforceable in the United States and that your data may be accessed by US authorities for control and monitoring purposes and that no effective remedies may be available. With your consent, you expressly agree under Art 49(1)(a) of the GDPR that your personal data may be transferred to the USA for the purposes described above. You can revoke your consent at any time with future effect by sending an email to: firstname.lastname@example.org
5. Rights of data subjects
As a data subject (webinar participant), you have the right of access to, rectification of your personal data, erasure or restriction of the processing of your stored personal data, a right to object to the processing, as well as a right to data transferability, in accordance with the requirements of data protection law at any time, if applicable. Complaints may be referred to the Austrian Data Protection Authority [Österreichische Datenschutzbehörde] (www.dsb.gv.at).
6. Retention period
Personal data processed in connection with webinars will be stored for as long as is necessary for the defined purposes, taking into account any statutory retention requirements. Subject to any statutory retention requirements, personal data is generally stored for a period of two years after the relevant webinar has been held.
If you are registered as a GoToWebinar user, webinar reports, i.e. meeting metadata, webinar questions and answers, and the survey function in webinars, may be stored by GoToWebinar under the responsibility of LogMeIn Ireland Unlimited Company.