Data protection information according to Art. 13 ff. GDPR
In this data protection notice we explain our use of the video communication software "Microsoft Teams".
OD-OS GmbH, Warthestr. 21, 14513 Teltow, firstname.lastname@example.org, is responsible for the collection and processing of your personal data in connection with the use of Microsoft Teams (hereinafter "Teams").
Notes: If you access the "Teams" website, Microsoft Corporation, as the provider of "Teams", is responsible for data processing. Accessing the website is only required in order to download the software for using “Teams”. If you do not want to or cannot use the "Teams" software (app), you can also use "Teams" via your browser. The service is then also provided via the Microsoft Corporation website.
Description of data processing, purposes and types of data
We use the "Teams" tool from the US provider Microsoft Corporation to hold telephone conferences, online meetings, video conferences and webinars (hereinafter: "Online Meetings").
Depending on the type and extent of the use of "teams", different types of data are collected or processed. This includes in particular
- Information about yourself (e.g. first and last name, email address, profile picture),
- Meeting metadata (e.g. date, time and duration of communication, name of the meeting, participant IP address),
- Text, audio and video data (e.g. chat histories, video and audio playback),
- Connection data (e.g. phone numbers, country names, start and end times, IP addresses).
In the following we would like to inform you in more detail about the scope of data processing.
Required data and functions
As an employee, you may have a user account with which you as a "user" or "host" can organize and hold online meetings. To create your user account or to plan and hold an online meeting, the following data is collected and processed from you: name, user name, email or telephone number, password (if no single sign-on is used).
If you take part in an online meeting as an internal or external participant ("guest"), you will receive an access link from the host by email. When registering for the online meeting, you must then provide your name and, if applicable, your e-mail address. As a participant, you can take part in meetings directly from the browser without installing the Teams app.
In addition, the tool collects user data that is required for the provision as well as technical and operational support and improvements to the services provided. This includes in particular technical data about your devices, your network and your Internet connection, such as IP address, MAC address, other device IDs (UDID), device type, operating system type and version, client version, camera type, microphone or loudspeaker, Type of connection).
Voluntary information and functions
You can, but do not have to provide further information about yourself. You are also free to use the chat, question or survey functions during the online meeting. You can also switch your camera and microphone on, off or mute yourself.
If you use the chat, question or survey function, the text entries you have made are processed in order to display them in the "online meeting" and, if necessary, to record them. If you switch on your camera or microphone, the data from the microphone of your device and any video camera on the device will be processed for the duration of the meeting. When online meetings start, your camera image and microphone are switched off by default.
Please note that any information that you or others upload, provide or create during an online meeting will be processed at least for the duration of the meeting. This includes in particular chat / instant messages, files, whiteboards and other information that is shared while using the service.
Further information on the processing of your data
Further information on the processing of your data when using "Teams" can be found at: privacy.microsoft.com/de-de/privacystatement and news.microsoft.com/de-de/datenschutz-und- security-in-microsoft-teams-users /.
Legal basis for data processing
If you use "Teams" as an employee, the data processing takes place on the basis of § 26 Abs. 1 BDSG, if and as far as the implementation of online meetings is necessary for the purpose of the employment relationship.
If you take part in an online meeting as an external participant, your data will be processed on the basis of Article 6, Paragraph 1, Sentence 1, Letter b. GDPR, if your participation in the online meeting is necessary to fulfill a contract concluded with you. The same applies if the online meeting is necessary to carry out pre-contractual measures that are carried out at your request.
If the data processing in connection with the use of "teams" is neither necessary for the purposes of the employment relationship nor for the fulfillment of a contract concluded with you or for the implementation of pre-contractual measures, it is carried out on the basis of Article 6, Paragraph 1, Sentence 1, Letter f. GDPR. Our legitimate interest lies in maintaining location-independent communication, maintaining business contacts and providing the services owed.
If you also voluntarily provide information about yourself when using the tool or voluntarily use functions that are not absolutely necessary, the associated data processing takes place on the basis of your revocable consent according to Article 6, Paragraph 1, Sentence 1, Letter a,7. GDPR in conjunction with Section 26 (2) BDSG. You can revoke your consent at any time with effect for the future. Please note that processing that took place before the revocation is not affected.
Passing on your data
In principle, we do not transmit your data to third parties. The data will only be passed on if the data is intended to be passed on, you have expressly consented to the transmission in advance or we are obliged or entitled to do so due to legal regulations. Please note that content from "online meetings", as well as from personal meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.
As an external service provider and processor within the meaning of Art. 28 GDPR, Microsoft Corporation supports us in processing your data. As a processor, Microsoft Corporation processes your data strictly in accordance with instructions and on the basis of a separately concluded processing contract. Data processing outside the European Union (EU) or the European Economic Area (EEA) does not take place, as we have limited our storage location to data centers in the European Union. However, it cannot be ruled out that your data will also be processed outside the EU or the EEA or transmitted to Microsoft Corporation. Subject to suitable guarantees within the meaning of Art. 46 GDPR, data transmission to the USA takes place through the use of standard data protection clauses and additional measures taken. We will be happy to provide you with a copy of the standard data protection clauses as well as further information on the additional measures taken on request.
Deletion of your data
In principle, we only process your data for as long as it is necessary for the purposes for which it was collected. Your data will then be deleted unless the processing or storage of your data is necessary to assert, exercise or defend legal claims. In the case of statutory retention requirements, deletion can only be considered after the respective retention obligation has expired.
Your rights as a data subject
In accordance with Art. 15 GDPR, you have the right to information from the person responsible about your personal data as well as to correct incorrect data in accordance with Art. 16 GDPR or to have one of the reasons stated in Art. 17 GDPR exist, e.g. if the data are no longer required for the purposes pursued. You also have the right to restrict processing if one of the conditions specified in Art. 18 GDPR is met and, in the cases of Art. 20 GDPR, the right to data portability. In cases in which we process your personal data on the legal basis of Art. 6 Paragraph 1 Sentence 1 Letter f GDPR, you also have the right to object at any time for reasons that arise from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling reasons worthy of protection for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. You can assert your data protection rights here: email@example.com
You also have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of the data concerning you violates data protection regulations. The right to lodge a complaint can in particular be asserted with a supervisory authority in the member state of the place of residence of the person concerned or the place of the alleged violation.
Our data protection officer
In fulfilling our data protection obligations, we are supported by our data protection officer. The contact details of our data protection officers are: datenschutz nord GmbH, Konsul-Smidt-Straße 88, 28217 Bremen, email: E-Mail: firstname.lastname@example.org, Web: www.datenschutz-nord-gruppe.de