World Class Privacy

World-Class Privacy

As a company headquartered in Germany, TeamViewer has data protection in its DNA.

Data Protection at TeamViewer Is Built on Three Pillars

Our structural framework creates a holistic view of Data Protection and allows us to carry into effect the given legal obligations. This enables everyone within the TeamViewer organization to abide by and work in accordance with GDPR.

Data Protection and Privacy
WORLD-CLASS
Data Protection and Privacy

TeamViewer recognizes and takes to heart its obligation of accountability for compliance with the principles of data processing according to Art. 5(2) GDPR.

Records of Processing Activity (RoPA)

To fulfil the requirements of Art. 30 GDPR, TeamViewer implemented Records of Processing Activities (RoPA)

Learn more about our RoPA
×
Records of Processing Activity (RoPA)

To fulfil the requirements of Art. 30 GDPR, TeamViewer implemented a Records of Processing Activities (RoPA). It is the central document of the Data Protection Management System which takes into account any processing of customer, employee, contractor and visitor data handled by TeamViewer and processed by TeamViewer or our processors.

The RoPA is actively and regularly maintained on a departmental basis and is also centrally administrated by the Legal Department for which TeamViewer uses the OneTrust Data Management Software.

Data Protection Impact Assessment (DPIA)

TeamViewer has implemented and follows a 2-step risk assessment process to meet the Data Protection Risk Management requirements of GDPR (Art. 35 and 36).

Learn more about DPIAs
×
Data Protection Impact Assessment (DPIA)

TeamViewer has implemented and follows a 2-step risk assessment process to meet the Data Protection Risk Management requirements of GDPR (Art. 35 and 36). This process includes a pre-assessment and, if necessary, a Data Protection Impact Assessment (DPIA) for each process documented in the Records of Processing Activities (RoPA).

To support our DPIA process as well as document the DPIAs conducted TeamViewer uses the PIA-Tool, provided by French Supervisory Authority (CNIL) for this purpose.

Data Subject Request

To fulfil the requirements of Art. 15-21 GDPR, TeamViewer determined the department Customer Support to manage all incoming Data Subject Requests (DSR).

Learn more about Data Subject Requests
×
Data Subject Request

To fulfil the requirements of Art. 15-21 GDPR, TeamViewer determined the department Customer Support to manage all incoming data subject requests. TeamViewer mainly receives Data Subject Request (DSR) via email to privacy@teamviewer.com.

Requests via letter, fax, and phone are less common. In addition, TeamViewer has an established process for handling DSR by employees which is overseen by the HR department.

Technical and Organizational Measures (TOMs)

TeamViewer has implemented an appropriate level of security through established technical and organisational measures (TOMs) that ensure that the requirements Art. 32 in conjunction with Art. 25 GDPR are met. 
 

Learn more about TOMs
×
Technical and Organisational Measures (TOMs)

TeamViewer has implemented an appropriate level of security through established technical and organizational measures (TOMs) that ensure that the requirements Art. 32 in conjunction with Art. 25 GDPR are met. 

We demonstrate compliance by having adopted internal policies and implemented technical and organizational measures which meet in particular the data protection risks identified. 

These measures include: The minimising the processing of personal data in pursuance of the proportionality and necessity, pseudonymising personal data as soon as possible; transparency with regard to the functions and processing of personal data and establishing and improving security features.

TeamViewer systematically takes into account the right to data protection when developing and designing our products, services and applications. We also implement appropriate technical and organisational measures within the operations of regularly.

Data Processing Agreement (DPA) & Sub-Processors

TeamViewer has established a systematic contractual framework that requires appropriate contracts to be concluded and archived.

Learn more about Subprocessor handling
×
Data Processing Agreement (DPA) & Subprocessors

TeamViewer has established a systematic contractual framework that requires appropriate contracts to be concluded and archived. To fufill Art. 26-28 GDPR the process includes controls to ensure appropriate contracts of sufficient type and quality are entered into. This ensures data protection obligations are in place with third party suppliers, partners/resellers and between TeamViewer Group companies. 

When entrusting a processor with processing activities, TeamViewer only employs processors that provide sufficient guarantees, including for the security of processing, and that implement technical and organisational measures which will meet the requirements of GDPR and the additional requirements of TeamViewer. TeamViewer uses the abovementioned contractual framework to systematically pre-assess sub-processors. All current sub-processors are located in Europe.

GDPR Governance
STRUCTURE & FRAMEWORK
GDPR Governance

TeamViewer has established a Data Protection organization within the company covering governance, policies, and procedures. There is at least one dedicated specialist responsible for the GDPR compliance of each department.

Internal Privacy Management System

Handling of data protection issues is the responsibility of all employees within the TeamViewer organization with established accountability for defined topics by the Senior Leadership Team (SLT) and the Board of Management.

Learn more about IPMS
×
Internal Privacy Management System

Handling of data protection issues is the responsibility of all employees within the TeamViewer organization with established accountability for defined topics by the Senior Leadership Team (SLT) and the Board of Management. On top of that, our departmental GDPR Leads, with additional support from our Legal department, function as first contact for our employees within each department to ensure companywide GDPR compliance.

Lawful Data Processing Privacy Policy

Data protection is one of our compliance focus areas as described in our Compliance Policy which sets the tone from the top for compliance with EU general data protection regulations.

Learn more about Lawful Data processing
×
Lawful Data Processing Privacy Policy

The TeamViewer AG and its affiliates, including TeamViewer Germany GmbH (“TeamViewer”), takes the protection of personal data very seriously. Therefore, data protection is one of our compliance focus areas as described in our Compliance Policy which sets the tone from the top for compliance with EU general data protection regulations.

“Think Privacy” demonstrates our commitment to Data Protection and is the overall objective when implementing new processes and products in which we handle personal data.

See our General Privacy Policy to learn more about our purposes of data processing.

Data Retention / Data Deletion

TeamViewer has an established Deletion Concept which is overseen centrally and actively maintained on an ongoing basis at a departmental level, including retention periods and timelines to ensure a consistent approach to data deletion.

Learn more about Data Retention / Data Deletion
×
Data Retention / Data Deletion

TeamViewer has an established Deletion Concept which is overseen centrally and actively maintained on an ongoing basis at a departmental level, including retention periods and timelines to ensure a consistent approach to data deletion. Additionally, once a year during the company-wide Data Deletion Month all employees are requested to delete the unstructured data they keep in their systems and are responsible for.  These concerted and systematic efforts address the requirement of that in terms of GDPR personal data may only be stored as long as it is required for the purpose for which it is processed (Art. 25 (2) and Art. 5 (1 lit b and e) GDPR in conjunction with recital 39 and 66).

Incident Management and Breach Notification

TeamViewer has established a streamlined Data Breach Notification process in accordance with Art. 33 and 34 GDPR.

Learn more about Incident Management & Breach Notification
×
Incident Management and Breach Notification

TeamViewer has established a streamlined Data Breach Notification process in accordance with Art. 33 and 34 GDPR. The process includes the exact and comprehensive documentation of each incident by using a standardized template. In addition, a detailed risk assessment is done by the Legal Department in accordance with the risk assessment matrix provided by the body of the independent German data protection supervisory authorities of the federal and state governments. (The DSK Kurzpapier Nr. 18 Risiko für die Rechte und Freiheiten natürlicher Personen). Each incident is assessed within the target timeframe of 72 hours and concludes with a decision of whether the regulating authorities need to be notified. TeamViewer Management is informed about all incidents and internal records are maintained. 

Trainings / Certifications
EMPOWERING PEOPLE

Trainings / Certifications

TeamViewer has designed and rolled out a structured and holistic Data Protection and Privacy training program which focuses on enhancing awareness for GDPR and fostering a good data protection culture within the organization.

All employees receive regular training on data protection and GDPR topics in person as well as via the TeamViewer internal Learning Management Platform. We use externally generated content and also provide internally created content to ensure compressive spread and depth of training.

In addition to the general employee training program TeamViewer has a Qualification Program which provides dedicated GDPR resources with the opportunity to obtain certifications in Privacy and GDPR such as Certified Information Privacy Professional / Europe (CIPP/E). The certification is provided by The International Association of Privacy Professionals (IAPP).

WORLD-CLASS
Data Protection and Privacy

TeamViewer recognizes and takes to heart its obligation of accountability for compliance with the principles of data processing according to Art. 5(2) GDPR.

Records of Processing Activity (RoPA)

To fulfil the requirements of Art. 30 GDPR, TeamViewer implemented Records of Processing Activities (RoPA)

Learn more about our RoPA
×
Records of Processing Activity (RoPA)

To fulfil the requirements of Art. 30 GDPR, TeamViewer implemented a Records of Processing Activities (RoPA). It is the central document of the Data Protection Management System which takes into account any processing of customer, employee, contractor and visitor data handled by TeamViewer and processed by TeamViewer or our processors.

The RoPA is actively and regularly maintained on a departmental basis and is also centrally administrated by the Legal Department for which TeamViewer uses the OneTrust Data Management Software.

Data Protection Impact Assessment (DPIA)

TeamViewer has implemented and follows a 2-step risk assessment process to meet the Data Protection Risk Management requirements of GDPR (Art. 35 and 36).

Learn more about DPIAs
×
Data Protection Impact Assessment (DPIA)

TeamViewer has implemented and follows a 2-step risk assessment process to meet the Data Protection Risk Management requirements of GDPR (Art. 35 and 36). This process includes a pre-assessment and, if necessary, a Data Protection Impact Assessment (DPIA) for each process documented in the Records of Processing Activities (RoPA).

To support our DPIA process as well as document the DPIAs conducted TeamViewer uses the PIA-Tool, provided by French Supervisory Authority (CNIL) for this purpose.

Data Subject Request

To fulfil the requirements of Art. 15-21 GDPR, TeamViewer determined the department Customer Support to manage all incoming Data Subject Requests (DSR).

Learn more about Data Subject Requests
×
Data Subject Request

To fulfil the requirements of Art. 15-21 GDPR, TeamViewer determined the department Customer Support to manage all incoming data subject requests. TeamViewer mainly receives Data Subject Request (DSR) via email to privacy@teamviewer.com.

Requests via letter, fax, and phone are less common. In addition, TeamViewer has an established process for handling DSR by employees which is overseen by the HR department.

Technical and Organizational Measures (TOMs)

TeamViewer has implemented an appropriate level of security through established technical and organisational measures (TOMs) that ensure that the requirements Art. 32 in conjunction with Art. 25 GDPR are met. 
 

Learn more about TOMs
×
Technical and Organisational Measures (TOMs)

TeamViewer has implemented an appropriate level of security through established technical and organizational measures (TOMs) that ensure that the requirements Art. 32 in conjunction with Art. 25 GDPR are met. 

We demonstrate compliance by having adopted internal policies and implemented technical and organizational measures which meet in particular the data protection risks identified. 

These measures include: The minimising the processing of personal data in pursuance of the proportionality and necessity, pseudonymising personal data as soon as possible; transparency with regard to the functions and processing of personal data and establishing and improving security features.

TeamViewer systematically takes into account the right to data protection when developing and designing our products, services and applications. We also implement appropriate technical and organisational measures within the operations of regularly.

Data Processing Agreement (DPA) & Sub-Processors

TeamViewer has established a systematic contractual framework that requires appropriate contracts to be concluded and archived.

Learn more about Subprocessor handling
×
Data Processing Agreement (DPA) & Subprocessors

TeamViewer has established a systematic contractual framework that requires appropriate contracts to be concluded and archived. To fufill Art. 26-28 GDPR the process includes controls to ensure appropriate contracts of sufficient type and quality are entered into. This ensures data protection obligations are in place with third party suppliers, partners/resellers and between TeamViewer Group companies. 

When entrusting a processor with processing activities, TeamViewer only employs processors that provide sufficient guarantees, including for the security of processing, and that implement technical and organisational measures which will meet the requirements of GDPR and the additional requirements of TeamViewer. TeamViewer uses the abovementioned contractual framework to systematically pre-assess sub-processors. All current sub-processors are located in Europe.

STRUCTURE & FRAMEWORK
GDPR Governance

TeamViewer has established a Data Protection organization within the company covering governance, policies, and procedures. There is at least one dedicated specialist responsible for the GDPR compliance of each department.

Internal Privacy Management System

Handling of data protection issues is the responsibility of all employees within the TeamViewer organization with established accountability for defined topics by the Senior Leadership Team (SLT) and the Board of Management.

Learn more about IPMS
×
Internal Privacy Management System

Handling of data protection issues is the responsibility of all employees within the TeamViewer organization with established accountability for defined topics by the Senior Leadership Team (SLT) and the Board of Management. On top of that, our departmental GDPR Leads, with additional support from our Legal department, function as first contact for our employees within each department to ensure companywide GDPR compliance.

Lawful Data Processing Privacy Policy

Data protection is one of our compliance focus areas as described in our Compliance Policy which sets the tone from the top for compliance with EU general data protection regulations.

Learn more about Lawful Data processing
×
Lawful Data Processing Privacy Policy

The TeamViewer AG and its affiliates, including TeamViewer Germany GmbH (“TeamViewer”), takes the protection of personal data very seriously. Therefore, data protection is one of our compliance focus areas as described in our Compliance Policy which sets the tone from the top for compliance with EU general data protection regulations.

“Think Privacy” demonstrates our commitment to Data Protection and is the overall objective when implementing new processes and products in which we handle personal data.

See our General Privacy Policy to learn more about our purposes of data processing.

Data Retention / Data Deletion

TeamViewer has an established Deletion Concept which is overseen centrally and actively maintained on an ongoing basis at a departmental level, including retention periods and timelines to ensure a consistent approach to data deletion.

Learn more about Data Retention / Data Deletion
×
Data Retention / Data Deletion

TeamViewer has an established Deletion Concept which is overseen centrally and actively maintained on an ongoing basis at a departmental level, including retention periods and timelines to ensure a consistent approach to data deletion. Additionally, once a year during the company-wide Data Deletion Month all employees are requested to delete the unstructured data they keep in their systems and are responsible for.  These concerted and systematic efforts address the requirement of that in terms of GDPR personal data may only be stored as long as it is required for the purpose for which it is processed (Art. 25 (2) and Art. 5 (1 lit b and e) GDPR in conjunction with recital 39 and 66).

Incident Management and Breach Notification

TeamViewer has established a streamlined Data Breach Notification process in accordance with Art. 33 and 34 GDPR.

Learn more about Incident Management & Breach Notification
×
Incident Management and Breach Notification

TeamViewer has established a streamlined Data Breach Notification process in accordance with Art. 33 and 34 GDPR. The process includes the exact and comprehensive documentation of each incident by using a standardized template. In addition, a detailed risk assessment is done by the Legal Department in accordance with the risk assessment matrix provided by the body of the independent German data protection supervisory authorities of the federal and state governments. (The DSK Kurzpapier Nr. 18 Risiko für die Rechte und Freiheiten natürlicher Personen). Each incident is assessed within the target timeframe of 72 hours and concludes with a decision of whether the regulating authorities need to be notified. TeamViewer Management is informed about all incidents and internal records are maintained. 

EMPOWERING PEOPLE

Trainings / Certifications

TeamViewer has designed and rolled out a structured and holistic Data Protection and Privacy training program which focuses on enhancing awareness for GDPR and fostering a good data protection culture within the organization.

All employees receive regular training on data protection and GDPR topics in person as well as via the TeamViewer internal Learning Management Platform. We use externally generated content and also provide internally created content to ensure compressive spread and depth of training.

In addition to the general employee training program TeamViewer has a Qualification Program which provides dedicated GDPR resources with the opportunity to obtain certifications in Privacy and GDPR such as Certified Information Privacy Professional / Europe (CIPP/E). The certification is provided by The International Association of Privacy Professionals (IAPP).

Want more? Exclusive deals, the latest news: Our Newsletter!