Information pursuant to Art. 13 GDPR

Notes on the usage of Microsoft Teams

Table of Contents

Identity and contact details of the data controller

The data controller responsible in accordance with the purposes of the General Data Protection Regulation (GDPR) of the European Union and other data protection regulations is:

talessio GmbH
Alexanderstr. 52
72072 Tübingen
Germany

Phone: +49.7071.53938.0
Fax: +49.7071.53938.90
Email: [email protected]
Web: https://talessio.com/

Note: If you access the Microsoft Teams website, the Microsoft Teams provider is responsible for data processing. However, accessing the website is only necessary for using Microsoft Teams in order to download the software for using Microsoft Teams. If you do not want to or cannot use the Microsoft Teams app, you can also use Microsoft Teams via your browser. The service will then also be provided via the Microsoft Teams website.

Contact details of the data protection officer

The designated data protection officer is:

DataCo GmbH
Dachauer Str. 65
80335 Munich
Germany

Phone: +49.89.7400.45840
Web: https://www.dataguard.de/

Purpose and legal basis of the processing

We use the Microsoft Teams tool to conduct conference calls, online meetings, video conferences and/or webinars (hereinafter: “Online Meetings”). Microsoft Teams is a service of Microsoft Corporation.

When using Microsoft Teams, various types of data are processed. The scope of the data also depends on the data you provide before or during participation in an online meeting.

The following personal data are subject to processing:

  • User details: Display name, email address if applicable, profile picture (optional), preferred language.
  • Meeting metadata: e.g. date, time, meeting ID, phone numbers, location.
  • When dialing in by telephone: details of the incoming and outgoing telephone number, country name, start and end time, if applicable further connection data such as the IP address of the device and the browser used.
  • Text, audio and video data: You may have the option of using the chat in an online meeting. To this extent, the text entries you make are processed in order to display them in the online meeting and, if necessary, to record them. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device are processed according to the duration of the meeting. You can turn off or mute the camera and microphone yourself at any time via the Microsoft Teams app.
  • For recordings (optional): MP4 files of all video, audio and presentation recordings, text file of the online chat.
  • Please note: As a rule, online meetings are not recorded. An exceptional recording is only made with your consent. The fact of recording will also be displayed to you in the Microsoft Teams app. If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will not usually be the case. In the case of webinars, we may also process questions asked by webinar participants for the purposes of recording and following up webinars.

Automated decision-making within the meaning of Article 22 of the GDPR is not used.

Insofar as personal data is processed by employees of talessio GmbH, § 26 BDSG is the legal basis for data processing.

If, in connection with the use of Microsoft Teams, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component in the use of Microsoft Teams, the legal basis for data processing is Art. 6 para.1 lit. f GDPR. Our legitimate interest is to register your participation in the online meeting and to ensure the organisational flow of the online meeting as well as to carry out a follow-up of the online meeting, if necessary. You have the right to object to the use of your data for the purpose of conducting online meetings at any time.

If the online meeting is recorded, the data processing is based on your consent pursuant to Art. 6 para. 1 lit a. GDPR.

Furthermore, the legal basis for data processing when conducting online meetings is Art. 6. para. 1 lit. b GDPR, insofar as the meetings are conducted within the scope of contractual relationships.

If there are no contractual relationships, the legal basis is Art. 6 para. 1 lit. f GDPR. Our legitimate interest in this case is also to register your participation in the online meeting and to ensure the organisational process of the online meeting and, if necessary, to carry out a follow-up to the online meeting. You have the right to object to the use of your data for the purpose of conducting online meetings at any time.

Recipients and categories of recipients of the personal data

Personal data processed in connection with participation in online meetings will not be disclosed to third parties as a matter of principle, unless they are specifically intended to be disclosed.

Please note that content from online meetings, as well as face-to-face meeting content, is often intended precisely to communicate information to clients, prospects or third parties and is therefore intended to be shared.

Other recipients: The Microsoft Teams provider necessarily obtains knowledge of the above data to the extent provided for under our order processing agreement with Microsoft Teams.

Transfer of personal data to a third country

Data processing outside the European Union (EU) does not take place as a matter of principle, as we have limited our storage location to data centres in the European Union. However, we cannot exclude the possibility that data is routed via internet servers located outside the EU. This can be the case in particular if participants in online meetings are in a third country. However, the data is encrypted during transport via the internet and thus protected against unauthorised access by third parties.

We have concluded an order processing agreement with the provider of Microsoft Teams, which complies with the requirements of Art. 28 GDPR.

Duration of the storage of personal data

We generally delete personal data when there is no need for further storage. A requirement may exist in particular if the data is still needed to fulfil contractual services, to check and grant or ward off warranty and, if applicable, guarantee claims. In the case of statutory retention obligations, deletion is only considered after expiry of the respective retention obligation.

Data subjects' rights

According to the General Data Protection Regulation (GDPR), you have the following rights:

  • If your personal data is processed, you have the right to obtain information about the data stored about you (Art. 15 GDPR).
  • If inaccurate personal data is processed, you have the right to rectification (Art. 16 GDPR).
  • If the legal requirements are met, you may request the erasure or restriction of processing as well as object to processing (Art. 17, 18 and 21 GDPR).
  • If you have consented to the data processing or if there is a contract for data processing and the data processing is carried out with the help of automated procedures, you may have a right to data portability (Art. 20 GDPR).
  • Furthermore, there is a right of appeal to a supervisory authority (Art. 77 GDPR).

Should you make use of your above-mentioned rights, talessio GmbH will check whether the legal requirements for this are met. To exercise your rights, please contact the official data protection officer(s).

Right of withdrawal for consent

If you have consented to the processing by the data controller by means of a corresponding declaration, you can revoke your consent at any time for the future. The lawfulness of the data processing carried out on the basis of the consent until the revocation is not affected by this.