Privacy notice for Microsoft Teams
Privacy notice pursuant to Article 13 GDPR
In this privacy notice, we explain our use of the video communication software “Teams Meetings” from Microsoft Corporation.
This privacy notice is addressed both to employees of Kleine Wolke Textilgesellschaft GmbH & Co. KG and to external persons.
Controller:
Kleine Wolke Textilgesellschaft GmbH & Co. KG, Herzogin-Cecilie-Allee 16/18, D-28217 Bremen, Tel.: +49 (0) 421 / 62 61 – 0, Fax: +49 (0) 421 / 62 61 – 392, Email: info@kleinewolke.com, is responsible for the processing of your personal data in connection with the use of “Teams Meetings”.
Description of data processing, purposes, and types of data:
To hold video conferences (hereinafter: “online meetings”), we use the tool “Teams Meetings”.
Depending on the type and scope of use of “Teams Meetings”, different types of data are collected and/or processed. These include, in particular,
• Information about you (e.g. first and last name, email address)
• Meeting metadata (e.g. date, time and duration of the communication, name of the meeting, participant IP address)
• Device/hardware data (MAC addresses, client version)
• Text, audio, and video data
• Documents or records that you upload or send yourself
• Connection data (e.g. telephone numbers, country names, start and end times, IP addresses)
Below, we would like to inform you in more detail about the scope of data processing.
Required data and functions
If you take part in an online meeting as an external participant, you will receive an access link from the host by email. When signing in to the online meeting, you can then enter your name and, if applicable, your email address.
In addition, the tool collects user data that is required to provide the service. This includes, in particular, technical data about your devices, your network, and your internet connection, such as IP address, MAC address, other device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, type of connection.
Voluntary information and functions
You may provide further information about yourself, but you do not have to. You are also free to use the chat function during an online meeting. You can also switch your camera and microphone on and off or mute them yourself.
As a rule, no recording takes place. If we do wish to record individual sessions, we will do so only if the consent of all invited participants has been obtained in advance. If consent is not given by at least one person, no recording will take place.
If you use the chat function, the text you enter will be processed in order to display it in the “online meeting”. The chat is not logged.
You can also get in touch with our company’s employees as a Teams user from outside the company via an online meeting or chat message. In the latter case, your user name and your text or document entry will be processed in order to display the message to the person contacted. You decide yourself whom you write to and what the message should contain (text or document). Outside of online meetings, no text or document entries are logged.
Legal bases for data processing
If you take part in an online meeting as an external participant, your data is processed on the basis of Article 6(1) sentence 1(b) GDPR, provided that your participation in the online meeting is necessary to perform a contract concluded with us. The same applies if holding the online meeting is necessary to carry out pre-contractual measures taken at your request.
If the data processing in connection with the use of “Teams Meetings” is not necessary to perform a contract concluded with us and/or to carry out pre-contractual measures, it is carried out on the basis of Article 6(1) sentence 1(f) GDPR. Our legitimate interest here lies in maintaining location-independent communication, maintaining business contacts, and providing services owed.
If, when using the tool, you also voluntarily provide information about yourself or voluntarily use functions that are not strictly required, the associated data processing is carried out on the basis of your revocable consent pursuant to Article 6(1) sentence 1(a) GDPR. You can revoke your consent at any time with effect for the future. Please note that processing carried out before the revocation is not affected by this.
Sharing of your data
As a rule, we do not pass on your data to unauthorised third parties.
Microsoft Corporation supports us in processing your data as an external service provider and processor within the meaning of Article 28 GDPR. As a processor, Microsoft Corporation processes your data strictly in accordance with instructions and on the basis of a separate data processing agreement.
Deletion of your data
In the case of an online meeting, your data is stored in the system only for the duration of the respective meeting. The recorded meetings are not deleted.
Text entries and documents sent outside of online meetings are not deleted.
Your rights as a data subject
In accordance with Article 15 GDPR, you have the right to obtain information from the controller about the personal data concerning you, as well as the right to have incorrect data corrected in accordance with Article 16 GDPR, or to have data deleted provided that one of the reasons listed in Article 17 GDPR applies, e.g. if the data is no longer needed for the purposes pursued. You also have the right to restriction of processing if one of the conditions listed in Article 18 GDPR applies, and in the cases of Article 20 GDPR the right to data portability. In cases where we process your personal data on the legal basis of Article 6(1) sentence 1(f) GDPR, you also have the right to object at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves the establishment, exercise, or defence of legal claims.
You also have the right to lodge a complaint with a supervisory authority if you believe that the processing of data concerning you violates data protection rules. The right to lodge a complaint may be exercised in particular with a supervisory authority in the Member State of the data subject’s place of residence or the place of the alleged infringement.
Contact details of the data protection officer:
We are supported by our data protection officer in fulfilling our data protection duties. The contact details of our data protection officer are: datenschutz nord GmbH, Konsul-Smidt-Straße 88, 28217 Bremen, Email: office@datenschutz-nord.de, Tel.: 0421 69 66 32-0