Privacy Policy for the Metapilots Corporate Metaverse Platform
This privacy policy describes how we, WWM GmbH & Co. KG, Hans-Georg-Weiss Straße 18, 52056 Monschau, (hereinafter: "WWM", "we" or "us" etc.), the company responsible for providing the Corporate Metaverse Platform, collect, store and process your personal data in the course of providing and operating our Corporate Metaverse Platform.
1. Commitment to data protection
Personal data is any information about personal or factual circumstances that relates to an identified or identifiable person (e.g. your name or e-mail address). Non-personal data, on the other hand, is information of a general nature that cannot be used to determine your identity. This is, for example, the number of visitors to our Corporate Metaverse Platform.
In principle, we will use your personal data exclusively in accordance with the applicable data protection laws, in particular the European General Data Protection Regulation (GDPR), and only as described in this Privacy Policy. However, we reserve the right to put this data to additional uses to the extent permitted or required by law or necessary to support legal or criminal investigations. In this case, we will inform you again about this further data processing, if required by law, and obtain your consent.
2. Responsibilities under data protection law
Responsible for the processing of personal data within the meaning of Art. 4 No. 7 GDPR is
• WWM GmbH & Co. KG, Hans-Georg-Weiss Straße 18, 52056 Monschau, insofar as your personal
data is processed in connection with the technical and administrative provision of the Corporate Metaverse Platform, including the storage and analysis of user data generated in the process (see section 3.1 below).
3. Processing of personal data
When you visit our Corporate Metaverse Platform, we process personal data about you. Below you will find more detailed information about when we process personal data from you, what personal data this is in detail, for what purpose we process your personal data and on what legal basis we do so:
3.1 Access data (log files)
a. Subject and scope of data processing
We collect and process your access data, which your Internet browser automatically transmits to us for technical reasons when you use our Corporate Metaverse Platform. Depending on the access protocol used, the log data record contains general information with the following content: Your session data (user behaviour, length of stay, which links were clicked on, etc.), your abbreviated or unabbreviated IP address, browser version, your operating system, your website-specific settings, cookie IDs and pixel IDs.
b. Purpose and legal basis of the data processing
The processing of this access data is technically necessary to enable communication with our server and the use of the Corporate Metaverse Platform. We also process this data to ensure - as far as technically possible and reasonable - the integrity, stability and functionality of our Corporate Metaverse Platform and to counteract attempted attacks. The processing of this data is necessary to protect our legitimate interest in the provision and technical integrity of our Corporate Metaverse Platform (Art. 6 para. 1 lit. f GDPR). Without the provision of this data, the use of our Corporate Metaverse Platform is not possible.
3.2 Registration and login
a. Subject and scope of data processing
Our Corporate Metaverse Platform is intended to enable exchange between users. For reasons of assigning permissions to access our Corporate Metaverse Platform or its sub-areas, access is restricted and only possible after prior registration. Registration is done through our registration website, where you will be asked to provide the following registration information:
• Salutation (optional, not required for registration);
• Title (optional, not required for registration);
• First and last name;
• E-mail address;
• Phone number (optional, not required for registration);
• Company
You will then receive an e-mail from us confirming your successful registration and containing a link to our Corporate Metaverse Platform. There you can log in with your e-mail address and your previously assigned password.
Alternatively, in exceptional cases, registration can also take place during personal contact with one of our employees. In this case, our employee will record your personal data and then send you an individual link to your e-mail address. After you have assigned a personal password for your user account, you can log in directly - your registration data is already stored.
b. Purpose and legal basis of the data processing
We process your e-mail address in order to register you for our Corporate Metaverse Platform. The processing of this data is necessary to fulfil the contract (Art. 6 para. 1 lit. b GDPR). Without the provision of your e-mail address, the use of our Corporate Metaverse Platform is not possible.
We process your salutation, title, first and last name in order to be able to create a corresponding user account for you and to enable a personal exchange among the guests of our Corporate Metaverse Platform. The processing of this data is necessary to protect our legitimate interest in preventing socially harmful behaviour facilitated by anonymity (e.g., cyberbullying, harassment, insults) and to promote professional discussions between users of the Corporate Metaverse Platform (Art. 6 para. 1 lit. f GDPR). Without providing your first and last name and your e-mail address, it is not possible to use our Corporate Metaverse Platform.
If you have provided your telephone number, we will process it in order to be able to offer you technical support before or during an event (e.g. if you have technical difficulties dialling in) or in order to be able to contact you after an event if there are any unanswered questions on your part. The processing of your telephone number takes place exclusively to fulfil the contract (Art. 6 para. 1 lit. b GDPR). The provision of your telephone number is not mandatory for the use of our Corporate Metaverse Platform.
3.4 Creating an avatar
a. Subject and scope of data processing
Following your login, you have the option to create your personal, individual avatar and customize it as you wish. However, you do not have to individualize your avatar, you can also use the preset avatar. Under the menu item "Customize appearance" on the start page, you can also change your settings at any time afterwards.
b. Purpose and legal basis of the data processing
We process the settings for your avatar in order to generate your avatar and display it graphically on the Corporate Metaverse Platform. The processing of this data is necessary to fulfil the contract (Art. 6 para. 1 lit. b GDPR). Without the use of an avatar, it is not possible to use our Corporate Metaverse Platform.
3.5 Entering the Corporate Metaverse Platform and Interacting with Other Avatars
a. Subject and scope of data processing
With your avatar, you can move freely on our Corporate Metaverse Platform, interact with other visitors to the Corporate Metaverse Platform, participate in events, and view documents virtually. For the interaction with other visitors of the Corporate Metaverse Platform, animated reactions (e.g. "waving" or "clapping"), a chat function and a voice/video function are available to you in particular. With the chat function, you can write personal messages to individual visitors, send messages to all visitors of the Corporate Metaverse Platform in the public chat or contact technical support in case of malfunctions. The voice/video function also allows you to talk to individual or multiple visitors. You can decide for yourself whether or not to activate your microphone and/or camera.
b. Purpose and legal basis of the data processing
Data processing for technical provision
We process your personal data (in particular text entries and audio/video signal) in order to be able to provide you with the functionalities described in section 3.4 a). The processing of this data is necessary for the fulfilment of the contract (Art. 6 para. 1 lit. b GDPR) or, with regard to the optional transmission of your audio/video signal, is based on your voluntarily given consent, which can be revoked at any time (Art. 6 para. 1 lit. a GDPR). Without the provision of this data, the use of our Corporate Metaverse Platform is not possible or only possible to a limited extent.
Data processing for statistical purposes
In addition, we process the personal data you provide in the course of movement or interaction on our Corporate Metaverse Platform exclusively in aggregated, anonymized form; i.e., it is not possible to assign such information to you. This may be done for statistical purposes, for example, to track which virtual events on the Corporate Metaverse Platform are particularly well attended or which virtual documents are the most popular. Logging of your movements or interactions (especially chat history or conversations with other visitors) does not take place.
3.6 Event invitations & updates
a. Subject and scope of data processing
You have the opportunity to participate in virtual events on various topics on our Corporate Metaverse Platform. In addition, we can use your data to send you e-mail invitations for relevant virtual events and information to software updates.
For sending our e-mails, we use the data you provided during your registration (title/address, first name/last name, e-mail address). The e-mails also contain a so-called "tracking pixel" (also called "tracking bug" or "web beacon"). Our tracking pixel is based on a "code snippet" (i.e. a short program code), which we embed in our e-mails. When you open such an e-mail, your e-mail program also automatically loads our tracking pixel and transmits personal data (e.g. your IP address, which e-mail program you use, existing cookies, etc.) to our server. With the help of this so-called "digital fingerprint", we are able to identify your terminal device and to track whether or when you have received our e-mail, whether or when you have opened it and, if so, for how long, and whether or which links contained in the e-mail you have opened.
b. Purpose and legal basis of the data processing
We process your registration data (title/surname, first name/last name, e-mail address) in this context in order to send you our event invitations and relevant information about the corporate metaverse platform. We also use the data collected with the help of our tracking pixel to measure the success of our emails and to be able to optimize them accordingly. The sending of our event invitations and the associated processing of your registration data as well as the use of the data collected from you by tracking measures is based exclusively on your consent(s) given voluntarily during registration and revocable at any time (Art. 6 para. 1 lit. a GDPR).
3.7 Integration of external websites
a. Subject and scope of data processing
You will find information panels in several places on our Corporate Metaverse Platform. These help you visualize various content from external websites. After clicking on the area, you will be redirected to a website outside the Corporate Metaverse Platform in a separate browser window.
If you access the content of a website of an external provider from our Corporate Metaverse Platform or follow a link, different terms of use and privacy policies of the provider of the external content may apply.
b. Purpose and legal basis of the data processing
When visiting an external website (also from the Corporate Metaverse Platform), processing by the external provider may occur. The purpose and legal basis of this processing can be found in the privacy policy of the external provider.
3.8 Cookies
a. Functionality and types of cookies
We use so-called "cookies" to collect and store information when you visit our Corporate Metaverse Platform. A cookie is a small data record that is stored on your terminal device and contains data such as personal page settings or login information. This data record is either sent to your web browser by the server to which you have established a connection or generated by a script. If you later visit the same domain again, the information stored in the cookie is transmitted to the server and read by it. For your understanding, we have explained the most common types of cookies below:
• Session cookies
While you are active on a website, a session cookie is temporarily stored in the memory of your end device, in which a session identifier is saved, for example, to prevent you from having to log in again each time you change pages. Session cookies are deleted when you log out or lose their validity as soon as their session has automatically expired.
• Persistant cookies
Persistent cookies store a file on your terminal device for the period specified in the expiration date (storage period). Through these cookies, the website remembers your information and settings on your next visit. This results in faster and more convenient access, as you do not have to set your language preferences again, for example. When the storage period expires, the cookie on your end device is automatically deleted.
• Third-party cookies
In contrast to first-party cookies, third-party cookies are session or persistent cookies that originate from a provider other than the website operator. They can be used, for example, to collect information for advertising, custom content and web statistics.
b. Legal basis for the use of cookies
Cookies can serve many different purposes. For example, they allow you to navigate the Internet more efficiently, they store your preferred settings, and they can generally improve your experience when visiting websites. Depending on their respective purpose, cookies can be divided into two categories: Technically necessary and technically unnecessary cookies.
The classification as technically necessary or technically not necessary also determines the legal basis on which we use the respective cookie:
• Technically necessary cookies
Technically necessary cookies are required for proper functioning of our Corporate Metaverse Platform; they enable you to navigate our Corporate Metaverse Platform efficiently and use its functional features. An example of this is the reminder of recent actions (e.g. text entered) when you return to a page within the same session. The legal basis for the collection and processing of personal data in the context of the use of technically necessary cookies is the fulfilment of our contractual obligations (Art. 6 para. 1 lit. b GDPR) or the protection of our legitimate interests, which consist in particular in enabling you to use our Corporate Metaverse Platform with its essential functions (Art. 6 para. 1 lit. f GDPR).
•Technically unnecessary cookies
Technically non-essential cookies are not necessary for the proper functioning of our Corporate Metaverse Platform, but they enable us to improve or optimize the content of our Corporate Metaverse Platform, to compile statistics for internal market analysis purposes, to provide you with a more personalized online experience, or to provide additional features.
Technically unnecessary cookies can again be divided into the following subcategories:
o Performance cookies
These cookies help us understand how visitors interact with our Corporate Metaverse Platform. We use this data to improve the content of our Corporate Metaverse Platform and to compile statistics for internal market analysis purposes about individual use of the Corporate Metaverse Platform.
o Functional cookies
These cookies allow our Corporate Metaverse Platform to remember the choices you make to provide you with a more personalized online experience. They also allow you to interact with social tools (e.g. our chat feature).
o Targeting/advertising cookies
These cookies are used to provide you with content that is more relevant to you and your interests (direct marketing). They can be used to provide targeted advertising or to limit the frequency with which an advertisement is displayed to you. They also help us measure the effectiveness of advertising campaigns on WWM and non-WWM websites. In addition, we may use these cookies to store which websites you have visited. The legal basis for the use of technically unnecessary cookies (and the associated collection and processing of personal data) is your consent given voluntarily and revocable at any time (Art. 6 para. 1 lit. a GDPR; § 25 para. 1 TTDSG). Your consent to the use of technically unnecessary cookies and the associated processing of your personal data is not mandatory for the use of our Corporate Metaverse Platform, i.e. you can also use our Corporate Metaverse Platform without technically unnecessary cookies.
c. Cookies used on our Corporate Metaverse Platform
We do not use cookies
4. Client-side storage technologies
a. Functionality of client-side storage
In addition to cookies, we use "Local Storage" and "IndexedDB" technologies to store data locally in your web browser's cache (so-called "client-side storage"). These data are retained even after you have closed your web browser and can be retrieved and read by us the next time you access the Corporate Metaverse Platform. Other websites do not have access to this data stored in your web browser.
b. Legal basis for the use of client-side storage
We use client-side storage technologies to store files from our Corporate Metaverse Platform (e.g., 3D graphics) and your personal settings (e.g., microphone and camera settings) in the local memory of your end device. These technologies are used to shorten the loading times on our Corporate Metaverse Platform. The legal basis for the use of these technologies is your voluntarily given consent, which can be revoked at any time (Art. 6 para. 1 lit. a GDPR; § 25 para. 1 TTDSG). Without your consent to the use of client-side storage, it is not possible to use our Corporate Metaverse Platform.
5. Disclosure of personal data
We will not disclose or otherwise distribute your personal data to third parties unless this is necessary for the fulfilment of our services (Art. 6 para. 1 lit. b GDPR). You have consented to the disclosure (Art. 6 para. 1 lit. a GDPR) or the disclosure of data is permitted by relevant legal provisions.
We are entitled to outsource the processing of your personal data in whole or in part to external service providers who act as processors for WWM in accordance with Art. 4 No. 8 GDPR. External service providers support us, for example, in the technical operation and support of the website, data management, the provision and performance of services, marketing and website analysis. In doing so, the service providers engaged by WWM process your data exclusively in accordance with our instructions. We remain responsible for the protection of your data, which is ensured by strict contractual regulations, technical and organizational measures and additional controls by us.
Personal data may also be processed in other ways and also disclosed to third parties if we are required to do so by law - e.g., by court order or to comply with legal obligations - such as the official vigilance regulations (see section 3.8 letter a above) (Art. 6 para. 1 lit. c GDPR) or this is necessary to support criminal or legal investigations or other legal investigations or proceedings in Germany or abroad or to protect legitimate interests (Art. 6 para. 1 lit. f GDPR), such as the provision of joint content, products and services.
As part of the Corporate Metaverse Platform, we use the following processors in particular:
• Microsoft (Azure)
We use Microsoft Azure for hosting the virtual environments. Microsoft Azure is a cloud computing platform from Microsoft with services such as SQL Azure or AppFabric, which is primarily aimed at software developers.
Microsoft Deutschland GmbH, Walter-Gropius-Strasse 5, 80807 Munich, Germany, Phone: +49 89 3176 0
• Hubspot
We use HubSpot to process the contact data. HubSpot is an integrated software solution that we use to cover various aspects of our online marketing.
HubSpot Germany GmbH, Am Postbahnhof 17, 10243 Berlin, Phone: +49 32 221094286
6. Storage period
Your personal data will only be stored by us for as long as is necessary to achieve the respective purpose or - insofar as legal retention periods exist that go beyond this (e.g. in the German Commercial Code and in the German Fiscal Code) - for the duration of the legally prescribed retention period. In a few exceptional cases, your data may also be stored beyond this period if, for example, storage is necessary for connection with the enforcement of and defence against legal claims in favour of WWM.
7. Your data protection rights
In accordance with the applicable data protection law, you are entitled to the following rights in particular in accordance with the legal requirements:
a. Right of access, rectification, deletion and restriction
You have the right to request information about your personal data stored by us at any time. When we process or use your personal data, we endeavour to take reasonable steps to ensure that your personal data is accurate and up to date for the purposes for which it was collected. In the event that your personal data is inaccurate or incomplete, you may request that it be corrected. Furthermore, you may have the right to request the deletion or restriction of the processing of your personal data if, for example, there is no longer a legitimate business purpose for such processing in accordance with this Privacy Policy or applicable law and legal retention obligations do not require the continued storage.
b. Right to data portability
You may have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format or to transfer this data to another controller.
c. Right to revoke your given consent
You may revoke your consent(s) at any time with effect for the future, but without affecting the lawfulness of the processing carried out on the basis of the consent(s) until revocation.
d. Right of objection pursuant to Art. 21 (1) and (2) GDPR
You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data that is carried out on the basis of Art. 6(1)(e) or (f) GDPR. We will not process your personal data after an objection unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims (cf. Art. 21 (1) GDPR, so-called "limited right of objection"). In this case, you must provide reasons for the objection that arises from your particular situation.
To enforce your data protection rights, you may contact us anytime using the contact details provided in Section 9. In this case, please refer to the Corporate Metaverse Platform and include appropriate identification of yourself.
You also have the right to complain to the competent supervisory authority if you believe that the processing of your personal data is not lawful. The supervisory authority responsible for WWM is the North Rhine-Westphalia State Commissioner for Data Protection and Freedom of Information.
8. Security and confidentiality
To ensure the security and confidentiality of your personal data, we use data networks that are protected by, among other things, industry-standard firewalls and password systems. When handling your personal data, we take appropriate technical and organizational measures to protect your data from loss, misuse, unauthorized access, disclosure, alteration or destruction and to ensure its availability.
9. Contact details
If you have any questions about the processing of your personal data or would like to exercise your above rights, please let us know by referring to the Corporate Metaverse Platform. You can reach us at the following contact address:
WWM GmbH & Co. KG - Hans-Georg-Weiss-Str. 18, 52156 Monschau, +49 2472 99100, info@wwm.de
You can reach our data protection officer at the following contact address: datenschutz@wwm.de
Dr. Ralf Schadowski - ADDAG GmbH - Krefelder Straße 121, 52070 Aachen, +49 241 446880
10. Reservation of the right of modification
We reserve the right, at our discretion, to change this Privacy Policy at any time in compliance with legal requirements. This may be the case, for example, to comply with new legislation or to reflect new services on our Corporate Metaverse Platform. However, we will at all times treat your personal data in accordance with the version of the Privacy Policy that was in effect at the time we collected this information.
We intend to post changes to our privacy policy on this page so that you are fully informed about the types of personal information we collect, how we process it, and under what circumstances it may be disclosed. Therefore, we encourage you to periodically check the website for our current privacy practices.