World-Class Privacy

To fulfil the requirements of Art. 30 GDPR, TeamViewer implemented a Records of Processing Activities (RoPA). It is the central document of the Data Protection Management System which takes into account any processing of customer, employee, contractor and visitor data handled by TeamViewer and processed by TeamViewer or our processors.

The RoPA is actively and regularly maintained on a departmental basis and is also centrally administrated by the Legal Department for which TeamViewer uses the OneTrust Data Management Software.

TeamViewer has implemented and follows a 2-step risk assessment process to meet the Data Protection Risk Management requirements of GDPR (Art. 35 and 36). This process includes a pre-assessment and, if necessary, a Data Protection Impact Assessment (DPIA) for each process documented in the Records of Processing Activities (RoPA).

To support our DPIA process as well as document the DPIAs conducted TeamViewer uses the PIA-Tool, provided by French Supervisory Authority (CNIL) for this purpose.

To fulfil the requirements of Art. 15-21 GDPR, TeamViewer determined the department Customer Support to manage all incoming data subject requests. TeamViewer mainly receives Data Subject Request (DSR) via email to [email protected].

Requests via letter, fax, and phone are less common. In addition, TeamViewer has an established process for handling DSR by employees which is overseen by the HR department.

TeamViewer has implemented an appropriate level of security through established technical and organizational measures (TOMs) that ensure that the requirements Art. 32 in conjunction with Art. 25 GDPR are met. 

We demonstrate compliance by having adopted internal policies and implemented technical and organizational measures which meet in particular the data protection risks identified. 

These measures include: The minimising the processing of personal data in pursuance of the proportionality and necessity, pseudonymising personal data as soon as possible; transparency with regard to the functions and processing of personal data and establishing and improving security features.

TeamViewer systematically takes into account the right to data protection when developing and designing our products, services and applications. We also implement appropriate technical and organisational measures within the operations of regularly.

TeamViewer has established a systematic contractual framework that requires appropriate contracts to be concluded and archived. To fufill Art. 26-28 GDPR the process includes controls to ensure appropriate contracts of sufficient type and quality are entered into. This ensures data protection obligations are in place with third party suppliers, partners/resellers and between TeamViewer Group companies. 

When entrusting a processor with processing activities, TeamViewer only employs processors that provide sufficient guarantees, including for the security of processing, and that implement technical and organisational measures which will meet the requirements of GDPR and the additional requirements of TeamViewer. TeamViewer uses the abovementioned contractual framework to systematically pre-assess sub-processors. All current sub-processors are located in Europe.

Handling of data protection issues is the responsibility of all employees within the TeamViewer organization with established accountability for defined topics by the Senior Leadership Team (SLT) and the Board of Management. On top of that, our departmental GDPR Leads, with additional support from our Legal department, function as first contact for our employees within each department to ensure companywide GDPR compliance.

The TeamViewer AG and its affiliates, including TeamViewer Germany GmbH (“TeamViewer”), takes the protection of personal data very seriously. Therefore, data protection is one of our compliance focus areas as described in our Compliance Policy which sets the tone from the top for compliance with EU general data protection regulations.

“Think Privacy” demonstrates our commitment to Data Protection and is the overall objective when implementing new processes and products in which we handle personal data.

See our General Privacy Policy to learn more about our purposes of data processing.

TeamViewer has an established Deletion Concept which is overseen centrally and actively maintained on an ongoing basis at a departmental level, including retention periods and timelines to ensure a consistent approach to data deletion. Additionally, once a year during the company-wide Data Deletion Month all employees are requested to delete the unstructured data they keep in their systems and are responsible for.  These concerted and systematic efforts address the requirement of that in terms of GDPR personal data may only be stored as long as it is required for the purpose for which it is processed (Art. 25 (2) and Art. 5 (1 lit b and e) GDPR in conjunction with recital 39 and 66).

TeamViewer has established a streamlined Data Breach Notification process in accordance with Art. 33 and 34 GDPR. The process includes the exact and comprehensive documentation of each incident by using a standardized template. In addition, a detailed risk assessment is done by the Legal Department in accordance with the risk assessment matrix provided by the body of the independent German data protection supervisory authorities of the federal and state governments. (The DSK Kurzpapier Nr. 18 Risiko für die Rechte und Freiheiten natürlicher Personen). Each incident is assessed within the target timeframe of 72 hours and concludes with a decision of whether the regulating authorities need to be notified. TeamViewer Management is informed about all incidents and internal records are maintained.