Privacy Policy for one.Originals

1. Data Controller The data controller within the meaning of the General Data Protection Regulation (GDPR) is the employer or the group company specified in the intranet's legal notice (imprint).

2. Data We Process The following personal data is processed when using one.Originals:

   • Master Data: Name, department, email address, and profile picture (retrieved from the Active Directory/SSO).
   • Usage Data: Log files (IP address within the corporate network, time of login), viewed videos, and watch history (if enabled).
   • User-Generated Content: Self-uploaded videos, likes, comments, and mentions.

3. Purpose and Legal Basis of Processing Data processing is carried out to provide the platform, promote internal communication, and ensure IT security.

   • The legal basis for processing master data and user-generated content is the necessity for the employment relationship (e.g., Sec. 26 Para. 1 BDSG [German Federal Data Protection Act] or Art. 6 Para. 1 lit. b GDPR).
   • Log files are collected based on our legitimate interest in maintaining IT security and system stability (Art. 6 Para. 1 lit. f GDPR). No automated behavioral or performance monitoring takes place.

4. Retention Period and Deletion

   • Personal data will be deleted as soon as it is no longer necessary for the purpose of processing.
   • Log files are automatically overwritten or deleted after 30 days by default, provided they are not required for a specific security investigation.
   • User-generated content (videos, comments) generally remains available even after an employee leaves the company, provided it holds ongoing value for corporate knowledge. A request for name anonymization can be submitted upon departure.

5. Your Rights as a Data Subject You have the right to request access, rectification, deletion, or restriction of the processing of your stored data at any time. Please contact the internal Data Protection Officer for such requests.