Hi Alex, wir wollen ein paar AI Tools basierend auf OpenAI launchen unter VDPS.meHier die Fakten:

We are going to offer ai tools based on openai., referred to as VDPS-ToolsTo access these tools, users need to log in through the Google SSOAll the conversations the users have with those tools will be stored to improve the tools.Hierfür denken wir, dass die Privacy Terms entsprechend erweitert werden müssen. Könntest du das bitte mal checken?Zusatzfrage: Brauchen wir beim Betreten des VDPS-Bereichs ein weiteres Popup wie das hier:####START POP-UP####Welcome to Digital Product School! To provide you with our AI-powered VDPS-Tools, we need to process your personal data. By clicking "I Agree and Log In," you consent to the following processing by UnternehmerTUM GmbH:+1

  • Google SSO Authentication: You will be logged in via Google Single Sign-On. We will receive and process your name and e-mail address to manage your access.+1
  • AI Processing via OpenAI: Your inputs and prompts will be transmitted to OpenAI (USA) to generate AI responses. Please note that absolute protection for Internet-based transmissions cannot be guaranteed.+1
  • Improvement of VDPS-Tools: All conversations you have with these tools will be stored and analyzed by us to improve the accuracy and functionality of our AI services.+1
  • Voluntary Consent: This consent is freely given. You have the right to withdraw your consent at any time with effect for the future.+1
  • Your Rights: You retain the right to access your stored data , request its rectification , or demand its erasure (the "right to be forgotten").+2

For more details, please see our full [Privacy Policy].

[ I Agree and Log In ] [ Decline ]####ENDE POP-UP####[NEW ADDITION] 22. Data Protection Provisions for VDPS-Tools (OpenAI)The controller has integrated AI-based tools, referred to as VDPS-Tools, on this website. These tools are powered by services provided by OpenAI, L.L.C. (1611 Graham St, San Francisco, CA 94107, USA).

  • Nature of Processing: When using VDPS-Tools, the text or data input by the user ("Prompts") and the resulting generated content ("Outputs") are transmitted to OpenAI's servers to facilitate the AI interaction.+1
  • Purpose and Improvement: All conversations conducted through VDPS-Tools are stored by UnternehmerTUM GmbH. These logs are processed and analyzed specifically to improve the functionality, accuracy, and safety of the VDPS-Tools and to optimize our enterprise offerings.+1
  • Legal Basis: The processing of this data for the provision of the service is based on Art. 6(1) lit. b GDPR (performance of a contract/pre-contractual measures). The storage of conversations for the purpose of tool improvement is based on Art. 6(1) lit. f GDPR, as we have a legitimate interest in the continuous technical enhancement of our digital products.+2
  • Data Transfer: As OpenAI is based in the USA, data transfer occurs in accordance with the EU-US Data Privacy Framework or based on standard contractual clauses to ensure a level of protection compliant with European standards.+1

[NEW ADDITION] 23. Google Single Sign-On (SSO) for VDPS-ToolsTo access the VDPS-Tools, users are required to authenticate via Google Single Sign-On (SSO), a service provided by Google Ireland Limited (Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland).

  • Data Transmitted: By using Google SSO, you authorize Google to share certain personal data with us, typically including your name, e-mail address, and language preferences, to verify your identity and create or access your user account.
  • Purpose: The use of Google SSO simplifies the registration and login process and ensures secure access to the VDPS-Tools.+1
  • Legal Basis: This processing is based on Art. 6(1) lit. a GDPR (consent) provided by the user during the login prompt, or Art. 6(1) lit. b GDPR for the provision of the specific service.
  • Opt-out: Users can manage or revoke the connection between their Google account and our services through their Google account security settings.+1

[NEW ADDITION] 24. Storage and Retention of Conversation DataPersonal data and conversation logs generated through the use of VDPS-Tools are stored for the period necessary to achieve the improvement and optimization purposes mentioned in Section 22.

  • Rights of the Data Subject: Users may exercise their right to access , right to erasure , or right to objectregarding their stored conversation history.+2
  • Anonymization: Wherever possible, conversation logs used for statistical analysis and long-term tool training are pseudonymized or anonymized to ensure the highest priority for data protection.+1DPO Review Note: Changes & Additions
  • Integration of VDPS-Tools: This section is entirely new and defines the AI interaction as "processing" under Art. 4(2) GDPR.
  • SSO Login: Explicitly mentions the collection of identifiers (name/e-mail) via the Google interface.
  • Storage for Improvement: Clearly states the purpose of the processing (improving the tools), which is necessary for transparency under Art. 13 GDPR.
  • Legal Anchoring: The text reaffirms the user's rights to access and erasure, ensuring consistency with Section 9 of your current policy.+1

Danke & LG
Steffen

ToolsPrivacy DisclaimerImprint