Loading...

Data protection information for events using Microsoft Teams

Data protection information for events using Microsoft Teams

Compliance with data protection regulations is a high priority for us. In the following, we would like to inform you about the collection and processing of your personal data.

Controller

The Controller for data processing in connection with the use of Microsoft Teams („Teams“) is the company, that initiated the meeting: This is either Fette Compacting GmbH (Grabauer Straße 24, 21493 Schwarzenbek, Germany, dataprivacy@fette-compacting.com).

If you access the "Teams" website, Microsoft Corporation as the provider of "Teams" is responsible for data processing. However, accessing the website is only necessary for the use of "Teams" in order to download the software for the use of "Teams". If you do not want to or cannot use the "Teams" software (app), you can also use "Teams" via your browser. The service is then also provided via the Microsoft Corporation website.

Purpose and legal basis of data processing

Data processing for participation in the event

For the purpose of planning, organising and implementing digital event formats, the aforementioned body processes your personal data for the organisation before the meeting. The legal basis for this is the legitimate interest pursuant to Art. 6 (1) (f) GDPR in the proper planning and realisation of the digital meeting. Dialling in takes place via company-internal as well as external Internet-enabled end devices. 

Data processing when using Microsoft Teams

Depending on the type and scope of use of "Teams", various types of data are collected or processed. This includes, in particular, personal data (e.g. first and last name, email address, profile picture), meeting metadata (e.g. date, time and duration of communication, name of the meeting, participant IP address), text, audio and video data (e.g. chat histories, video and audio playbacks) and connection data (e.g. phone numbers, start and end times, IP addresses).

As an employee, you may have a user account with which you can organise and hold online meetings as a "user" or "host". To create your user account or to plan and organise an online meeting, the following data, among others, will be collected and processed from you: Name, user name, e-mail or telephone number, password (if no single sign-on is used). The legal basis for data processing is Art. 6 (1) (b) GDPR resp. (in Germany) Art. 88 GDPR in conjunction with § 26 (1) BDSG (German Federal Data Protection Act), if and insofar as the organisation of online meetings is necessary for the purposes of the employment relationship.

If you are attending an online meeting as a guest, you will receive an access link from the host by email. When registering for the online meeting, you must then enter your name and, if applicable, your e-mail address. As a participant, you can take part in meetings directly via the browser without installing the Teams app. Data processing is carried out on the basis of Art. 6 (1) (b) GDPR if your participation in the online meeting is necessary for the fulfilment of a contract concluded with you. The same applies if the online meeting is necessary for the implementation of pre-contractual measures that are carried out at your request. If data processing in connection with the use of "Teams" is not necessary for the purposes of the employment relationship or for the fulfilment of a contract concluded with you or for the implementation of pre-contractual measures, it is carried out on the basis of Art. 6 (1) (f) GDPR. We process data of contact persons for a company or organisation on the basis of Art. 6 (1) (f) GDPR. As a contact person, you can object to this processing at any time with effect for the future in accordance with Art. 21 GDPR.

In addition, „Teams“ collects user data that is necessary for the provision, technical and operational support and improvement of the services provided. This includes, in particular, technical data about your devices, your network and your Internet connection, such as IP address, MAC address, other device IDs, device type, operating system type and version, client version, camera type, microphone and loudspeaker or type of connection. The provision of the aforementioned data is required for registration and participation in the meeting. Participation is not possible without providing this data.

You can provide further information about yourself, but you do not have to. You are also free to use the chat, question or survey functions during the online meeting. You can also switch your camera and microphone on and off or mute them yourself. If you use the chat, question or survey function, the text entries you make will be processed in order to display them in the "online meeting" and, if necessary, to log them. If you switch on your camera or microphone, the data from your end device's microphone and any video camera on the end device will be processed for the duration of the meeting. Please note that all information that you or others upload, provide or create during an online meeting will be processed at least for the duration of the meeting. This includes, in particular, chat/instant messages, files, whiteboards and other information shared while using the service.

In exceptional cases, we may also record online meetings in "Teams" (image and sound). You will be notified if a recording is being made. We may also use the transcription function in "Teams". This allows spoken contributions in the meeting to be recorded directly in a verbatim transcript. You will also be notified if transcription is used. If "Teams" meetings are recorded or the transcription function is used, the legal basis is the legitimate interest pursuant to Art. 6 (1) (f) GDPR in the subsequent traceability of the meeting content. The records will be stored for 60 days and afterwards deleted. 

In connection with the transcription function, MS Copilot — a Microsoft support tool with artificial intelligence (AI)— or a similar AI-tool. may also be used. The purpose of this tool is to automatically summarize the content of meetings and, if necessary, to derive tasks resulting from the meeting. If MS Copilot is used, a manual check for correctness is always carried out. Upon request, we will grant access to a transcription. Processing is based on our legitimate interest pursuant to Art. 6 (1) (f) GDPR in saving time and ensuring efficient collaboration through the use of MS Copilot for support. The records will be stored for 60 days and afterwards deleted.

You have the right to object to processing in accordance with Art. 6 (1) (f) GDPR at any time. To do so, simply contact the organizer of the meeting.

Further information on the processing of your data when using "Teams" can be found at: https://privacy.microsoft.com/de-de/privacystatement and https://news.microsoft.com/de-de/datenschutz-und-sicherheit-in-microsoft-teams-nutzer/.

Obligation to provide your personal data

You are neither contractually nor legally obliged to provide your data. However, if you do not provide your data, we will not be able to contact you.  

Storage period/criteria for determining the storage period

We only process your data for as long as it is required for the purposes for which it was collected. Your data will then be deleted unless the processing or storage of your data is necessary for the assertion, exercise or defence of legal claims. In the case of statutory retention obligations, erasure will only be considered after expiry of the respective retention obligation.

Your data will be deleted at the end of the event. Tax-relevant data is generally stored for 10 years due to statutory retention periods.

The following storage and deletion periods also apply to the data processed in Teams: 

  • If you have a user account, you can completely delete your user profile, including the data stored about you, at any time.

  • Admin users in the controller's account can completely delete usage profiles of any user, including the data stored there, at any time.

  • Documents shared in Teams chats: these will not be automatically deleted but remain available until they are manually deleted or the permissions are changed.

  • External users (names):

    • Guests (with guest accounts): names are displayed with “(guest)”: they remain visible in the chat as long as they have access to the meeting. 

    • External users from trusted organizations: Name is marked with “(External)”: retain permanent access to the chat if they have been invited and have left the meeting.

    •  Anonymous participants: Name is displayed with ‘(Unverified)’: only have temporary access to the chat – until they leave the meeting. After that, they disappear from the chat history.

  • Audio and video content is processed in the stream and not saved, unless recorded.

Chat messages with external users are not saved permanently but will be deleted after 30 days. 

Recipients of your data

As a matter of principle, we do not transfer your data to third parties. Data will only be passed on if it is specifically intended to be passed on, if you have expressly consented to the transfer in advance or if we are obliged or authorised to do so by law. Data may be passed on, for example, to other companies in the group of companies for the purpose of event management or for tax purposes or as part of IT services. If Fette Compacting GmbH is not the Controller, Microsoft Teams is provided via Fette Compacting GmbH as a processor. A contract for data processing has been concluded in accordance with Art. 28 GDPR.

When processing your data, Microsoft Ireland Operations Ltd and Microsoft Corporation support us as service providers and (sub)processors within the meaning of Art. 28 GDPR strictly in accordance with our instructions. It cannot be ruled out that your data will also be processed in third countries outside the EU or the EEA. With regard to these data transfers, an adequate level of data protection is guaranteed by the EU Commission's adequacy decision for the USA (EU-U.S. Data Privacy Framework) in accordance with Art. 45 GDPR. In addition, EU standard contractual clauses also exist.
 

Your data protection rights

You have the right to receive information about the personal data stored about you free of charge upon request (Art. 15 (1) GDPR). In addition, if the legal requirements are met, you have the right to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR) and restriction of processing (Art. 18 GDPR) of your personal data and to data portability (Art. 20 GDPR). You have the right to revoke your consent at any time with effect for the future if your data is processed on the basis of Art. 6 (1) (a) GDPR. Please send the revocation to the e-mail address of the respective Controller (see "Controller").

You have the right to object to data processing in accordance with Art. 21 GDPR if your data is processed on the basis of Art. 6 (1) (f) GDPR. Please send your objection to the e-mail address of the respective Controller (see "Controller").

  1. Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your data violates data protection regulations. The right to lodge a complaint can be asserted in particular with a supervisory authority in the Member State of your habitual residence, your place of work or the place of the suspected infringement.

Contact details of the data protection officer

Our external data protection officer will be happy to provide you with information on the subject of data protection under the following contact details: datenschutz nord GmbH (Sechslingspforte 2, 22087 Hamburg, Germany, office@datenschutz-nord.de). 

If you contact our data protection officer, please also indicate the respective Controller (see "Controller").