Information on Data Protection for external Online Meetings via MS Teams
Conformable to article 13, 14 EU General Data Protection Regulation (EU DS-GVO) as well as the Bundesdatenschutzgesetz (BDSG) we hereafter inform you about the processing of your personal data in connection with the conduct of so called “Online Meetings” via the video conference software “Microsoft Teams”.
Name and contact data of the responsible body
Responsible for data processing directly related to the conduct of so-called “Online Meetings” is
Franz Ziel GmbH
Telefon: 02543 / 2335 – 0
Note: When entering the “Microsoft Teams” website, responsibility for the data processing lies with the provider. However, using the website is only required once when downloading the software.
Should you not wish or not be able to use the “Microsoft Teams” App, usage of “Microsoft Teams” can also be carried out via your browser. In that case the service is provided by the website of “Microsoft Teams” as well. Responsibility for data processing thereby passes on to the “Microsoft Teams” provider.
Contact details of the responsible data protection officer
Franz Ziel has appointed a data protection officer. Contact details are as follows:
DSB Münster GmbH
Telefon: 0251 / 71879-110
Purpose of processing
We use “Microsoft Teams” as a tool to conduct telephone conferences, video conferences and webinars (hereafter referred to as „online meetings“). “Microsoft Teams” is a service provided by the Microsoft Corporation.
Legal bases for data processing
Legal basis for processing of personal employee data of Franz Ziel GmbH is § 26 BDSG.
Processing of personal employee data of Franz Ziel GmbH is carried out on the legal basis of § 26 BDSG. If, in connection with the use of “Microsoft Teams”, personal data is not required for the establishment, performance or termination of the employment relationship however simultaneously crucial part in applying “Microsoft Teams”, use of this data is subject to 6 Abs. 1 lit. f DS-GVO. Our focus in these cases lies exclusively on the effective execution of online meetings.
Insofar as the processing of personal data in the context of online meetings is required for the fulfilment of a contract to which you are a party or for the implementation of precontractual measures that are taken at your request, Art. 6 (1) lit. b DS-GVO serves as legal basis for the processing of personal data.
Type and scope of data processing
We use “Microsoft Teams” as a tool to conduct online meetings. Should the need to record online meetings arise, we will inform you accordingly in advance and obtain your consent. Should these recordings be necessary in order to document results of an online meeting, chat contents will be filed. However, this will mostly not be the case.
An automated decision-making according to Art. 22 DS-GVO will not be applied.
When using “Microsoft Teams” the personal data mentioned hereafter are undergoing processing, whereby the scope of these data is also dependant on the information you’re providing during participation in an online meeting.
- User information (registration information e.g. user name, activation- and conference codes, email address, first name, surname, company, organisation Id., participant Id., profile picture (optional))
- Configuration- and communication data such as device name, IP-address, geo data, time zones, activity logs, hardware type
- Conference information e.g. date, time, duration, number of participants, dial-in mode, diagnosis information
Text-, audio- and video files: In an online meeting you may have the opportunity of using the chat function. Text entered by you will be processed insofar as to be displayed in the online meeting. To enable video and audio mode, data of your device’s microphone and video camera will be processed during the duration of the meeting. You can switch off or mute the camera as well as the microphone autonomously at all times.
Recipient / Transfer of data
When processing personal data in connection with participation in online meetings no data will be passed on to third parties in principle unless they are specifically intended to be passed on. Please note that content from online meetings as well as from face-to-face meetings is often intended to communicate with and pass on information to customers, interested parties or third parties. It is therefore destined to be shared.
A further recipient of the data provided by you is the Microsoft Corporation in its function as provider of “Microsoft Teams”.
Data processing outside the European Union
As a matter of principle data processing in third countries does not take place, as we, respectively the service provider, have strictly limited the storage location to data centres within the EU or the EEA.
However, we cannot rule out the possibility that the service provider also uses servers outside the EU or EEA or that the routing of data takes place via internet servers that are located outside the EU or EEA. In this case, an adequate level of data protection is guaranteed by means of applicable EU standard data protection clauses. Furthermore, the data is encrypted during transport via the internet as a supplementary protective measure and thus fundamentally secured against unauthorised access by third parties.
Duration of data storage
Your personal data processed as part of your use of “Microsoft Teams” will generally be deleted as soon as it is no longer required for the purpose it was collected for. A requirement for storage may exist in particular if the data is still needed to fulfil contractual services and to be able to check and grant or defend against warranty or, if applicable, guarantee claims. In case of statutory retention obligations of 6 years or 10 years according to commercial and tax law, deletion can only be carried out after expiry of the respective retention obligation. If and insofar as the processing is based on your consent, the data will only be stored until you revoke your consent, unless there is also another legal basis for the processing.
Your rights as a person concerned
As a person concerned you can assert the rights granted to you by the DS-GVO at all times insofar as these are applicable to the processing.
- Right of information about the personal data processed by us (Art. 15 DS-GVO)
- Right of rectification or completion of data relating to you (Art. 16 DS-GVO)
- Right of deletion of data relating to you in accordance with Art. 17 DS-GVO
- Right to demand a restriction of the processing of the data in accordance with Art. 18 DS-GVO;
- Right of data transfer accordant to Art. 20 DS-GVO;
- Right of objection to future processing of data concerning you in accordance with Art. 20 DS-GVO
Revocability of your consent
You have the right to withdraw consent at all times. Should the processing take place on base of a jurisdictional consent, this can be withdrawn at all times without affecting lawfulness of all data processing occurred conformable to consent until withdrawal (Art. 7 Sec. 3 DS-GVO). The withdrawal shall not affect the lawfulness of the processing carried out up to the point of revocation.
You have the right to lodge a complaint with a supervisory authority (Art. 77 DS-GVO)