Infor­ma­tion pur­suant to Art. 13 GDPR

Notes on the usage of Microsoft Teams

Table of Contents

Identity and contact details of the data controller

The data con­troller respon­si­ble in accor­dance with the pur­pos­es of the Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR) of the Euro­pean Union and oth­er data pro­tec­tion reg­u­la­tions is:

talessio GmbH
Alexan­der­str. 52
72072 Tübin­gen
Ger­many

Phone: +49.7071.53938.0
Fax: +49.7071.53938.90
Email: [email protected]​talessio.​com
Web: https://​talessio​.com/

Note: If you access the Microsoft Teams web­site, the Microsoft Teams provider is respon­si­ble for data pro­cess­ing. How­ev­er, access­ing the web­site is only nec­es­sary for using Microsoft Teams in order to down­load the soft­ware for using Microsoft Teams. If you do not want to or can­not use the Microsoft Teams app, you can also use Microsoft Teams via your brows­er. The ser­vice will then also be pro­vid­ed via the Microsoft Teams website.

Contact details of the data protection officer

The des­ig­nat­ed data pro­tec­tion offi­cer is:

Dat­a­Co GmbH
Dachauer Str. 65
80335 Munich
Ger­many

Phone: +49.89.7400.45840
Web: https://​www​.data​guard​.de/

Purpose and legal basis of the processing

We use the Microsoft Teams tool to con­duct con­fer­ence calls, online meet­ings, video con­fer­ences and/​or webi­na­rs (here­inafter: “Online Meet­ings”). Microsoft Teams is a ser­vice of Microsoft Corporation.

When using Microsoft Teams, var­i­ous types of data are processed. The scope of the data also depends on the data you pro­vide before or dur­ing par­tic­i­pa­tion in an online meeting.

The fol­low­ing per­son­al data are sub­ject to processing:

  • User details: Dis­play name, email address if applic­a­ble, pro­file pic­ture (option­al), pre­ferred language.
  • Meet­ing meta­da­ta: e.g. date, time, meet­ing ID, phone num­bers, location.
  • When dial­ing in by tele­phone: details of the incom­ing and out­go­ing tele­phone num­ber, coun­try name, start and end time, if applic­a­ble fur­ther con­nec­tion data such as the IP address of the device and the brows­er used.
  • Text, audio and video data: You may have the option of using the chat in an online meet­ing. To this extent, the text entries you make are processed in order to dis­play them in the online meet­ing and, if nec­es­sary, to record them. In order to enable the dis­play of video and the play­back of audio, the data from the micro­phone of your ter­mi­nal device and from any video cam­era of the ter­mi­nal device are processed accord­ing to the dura­tion of the meet­ing. You can turn off or mute the cam­era and micro­phone your­self at any time via the Microsoft Teams app.
  • For record­ings (option­al): MP4 files of all video, audio and pre­sen­ta­tion record­ings, text file of the online chat.
  • Please note: As a rule, online meet­ings are not record­ed. An excep­tion­al record­ing is only made with your con­sent. The fact of record­ing will also be dis­played to you in the Microsoft Teams app. If it is nec­es­sary for the pur­pos­es of log­ging the results of an online meet­ing, we will log the chat con­tent. How­ev­er, this will not usu­al­ly be the case. In the case of webi­na­rs, we may also process ques­tions asked by webi­nar par­tic­i­pants for the pur­pos­es of record­ing and fol­low­ing up webinars.

Auto­mat­ed deci­sion-mak­ing with­in the mean­ing of Arti­cle 22 of the GDPR is not used.

Inso­far as per­son­al data is processed by employ­ees of talessio GmbH, § 26 BDSG is the legal basis for data processing.

If, in con­nec­tion with the use of Microsoft Teams, per­son­al data is not required for the estab­lish­ment, imple­men­ta­tion or ter­mi­na­tion of the employ­ment rela­tion­ship, but is nev­er­the­less an ele­men­tary com­po­nent in the use of Microsoft Teams, the legal basis for data pro­cess­ing is Art. 6 para.1 lit. f GDPR. Our legit­i­mate inter­est is to reg­is­ter your par­tic­i­pa­tion in the online meet­ing and to ensure the organ­i­sa­tion­al flow of the online meet­ing as well as to car­ry out a fol­low-up of the online meet­ing, if nec­es­sary. You have the right to object to the use of your data for the pur­pose of con­duct­ing online meet­ings at any time.

If the online meet­ing is record­ed, the data pro­cess­ing is based on your con­sent pur­suant to Art. 6 para. 1 lit a. GDPR.

Fur­ther­more, the legal basis for data pro­cess­ing when con­duct­ing online meet­ings is Art. 6. para. 1 lit. b GDPR, inso­far as the meet­ings are con­duct­ed with­in the scope of con­trac­tu­al relationships.

If there are no con­trac­tu­al rela­tion­ships, the legal basis is Art. 6 para. 1 lit. f GDPR. Our legit­i­mate inter­est in this case is also to reg­is­ter your par­tic­i­pa­tion in the online meet­ing and to ensure the organ­i­sa­tion­al process of the online meet­ing and, if nec­es­sary, to car­ry out a fol­low-up to the online meet­ing. You have the right to object to the use of your data for the pur­pose of con­duct­ing online meet­ings at any time.

Recipients and categories of recipients of the personal data

Per­son­al data processed in con­nec­tion with par­tic­i­pa­tion in online meet­ings will not be dis­closed to third par­ties as a mat­ter of prin­ci­ple, unless they are specif­i­cal­ly intend­ed to be disclosed.

Please note that con­tent from online meet­ings, as well as face-to-face meet­ing con­tent, is often intend­ed pre­cise­ly to com­mu­ni­cate infor­ma­tion to clients, prospects or third par­ties and is there­fore intend­ed to be shared.

Oth­er recip­i­ents: The Microsoft Teams provider nec­es­sar­i­ly obtains knowl­edge of the above data to the extent pro­vid­ed for under our order pro­cess­ing agree­ment with Microsoft Teams.

Transfer of personal data to a third country

Data pro­cess­ing out­side the Euro­pean Union (EU) does not take place as a mat­ter of prin­ci­ple, as we have lim­it­ed our stor­age loca­tion to data cen­tres in the Euro­pean Union. How­ev­er, we can­not exclude the pos­si­bil­i­ty that data is rout­ed via inter­net servers locat­ed out­side the EU. This can be the case in par­tic­u­lar if par­tic­i­pants in online meet­ings are in a third coun­try. How­ev­er, the data is encrypt­ed dur­ing trans­port via the inter­net and thus pro­tect­ed against unau­tho­rised access by third parties.

We have con­clud­ed an order pro­cess­ing agree­ment with the provider of Microsoft Teams, which com­plies with the require­ments of Art. 28 GDPR.

Duration of the storage of personal data

We gen­er­al­ly delete per­son­al data when there is no need for fur­ther stor­age. A require­ment may exist in par­tic­u­lar if the data is still need­ed to ful­fil con­trac­tu­al ser­vices, to check and grant or ward off war­ran­ty and, if applic­a­ble, guar­an­tee claims. In the case of statu­to­ry reten­tion oblig­a­tions, dele­tion is only con­sid­ered after expiry of the respec­tive reten­tion obligation.

Data subjects' rights

Accord­ing to the Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR), you have the fol­low­ing rights:

  • If your per­son­al data is processed, you have the right to obtain infor­ma­tion about the data stored about you (Art. 15 GDPR).
  • If inac­cu­rate per­son­al data is processed, you have the right to rec­ti­fi­ca­tion (Art. 16 GDPR).
  • If the legal require­ments are met, you may request the era­sure or restric­tion of pro­cess­ing as well as object to pro­cess­ing (Art. 17, 18 and 21 GDPR).
  • If you have con­sent­ed to the data pro­cess­ing or if there is a con­tract for data pro­cess­ing and the data pro­cess­ing is car­ried out with the help of auto­mat­ed pro­ce­dures, you may have a right to data porta­bil­i­ty (Art. 20 GDPR).
  • Fur­ther­more, there is a right of appeal to a super­vi­so­ry author­i­ty (Art. 77 GDPR).

Should you make use of your above-men­tioned rights, talessio GmbH will check whether the legal require­ments for this are met. To exer­cise your rights, please con­tact the offi­cial data pro­tec­tion officer(s).

Right of withdrawal for consent

If you have con­sent­ed to the pro­cess­ing by the data con­troller by means of a cor­re­spond­ing dec­la­ra­tion, you can revoke your con­sent at any time for the future. The law­ful­ness of the data pro­cess­ing car­ried out on the basis of the con­sent until the revo­ca­tion is not affect­ed by this.