Microsoft Teams
We take the protection of your personal data very seriously. We always treat your personal data confidentially and in accordance with the statutory data protection regulations. Therefore, we would like to inform you here about the processing of your personal data in connection with the use of Microsoft Teams (hereinafter referred to as "MS Teams") and what rights you have.
1. Who is responsible for data processing and whom can I contact?
The responsible party is:
PROLOGA GmbH
Walter-Hülse-Straße 5
06120 Halle (Saale)
T: +49 345 55 54-0
E: info@prologa.com
You can reach our company data protection officer at:
Dr. Andreas Melzer
kelobit IT-Experts GmbH
T: 0345 132553-80
E: dsb@kelobit.de
2. What data is processed?
When using MS Teams, various types of data are processed. The scope of the data also depends on the data you enter yourself before or during participation in an online meeting. The following personal data are processed:
User details: e.g. display name ("Display Name"), e-mail address if applicable, profile picture (optional), preferred language.
Meeting metadata: e.g. date, time, meeting ID, phone numbers, location
Text, audio and video data: You may have the opportunity to use the chat function in an online meeting. In this respect, the text entries you make are processed in order to display them in the online meeting. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device are processed accordingly during the meeting. You can turn off or mute the camera or microphone yourself at any time via the MS Teams apps.
3. What do we process your data for (purpose of processing) and on what legal basis?
3.1 Scope of processing
We use MS Teams to conduct online meetings, telephone and video conferences, webcasts, etc. To participate in an online meeting or enter the "meeting room", you can also use a pseudonym.
The chat contents are logged when using MS Teams. We usually store the chat contents for a period of one month. If it is necessary for the purpose of logging the results of an online meeting, we can also log the chat contents for a longer period of time, but at the longest until the purpose pursued has been fulfilled. However, this will not usually be the case.
If we want to record meetings, we will inform you transparently in advance and, if necessary, ask for your consent. You will also see the fact of the recording in the Teams app or web browser view. The organiser can also specify which participants are entitled to be recorded.
In the case of webcasts, we may also process questions asked by participants for the purposes of recording and following up webcasts. You can also make use of the possibility to give a release for your screen. In this case, we have knowledge of the data and content you share via your screen.
We have no influence on the system-side processing of technical information such as device or hardware information (e.g. IP address, operating system data of the end device as well as time and date of access) by the service provider. Microsoft processes so-called telemetry data itself. The terms of use and information on data processing by Microsoft and MS Teams can be found at https://privacy.microsoft.com/de-DE/privacystatement and https://docs.microsoft.com/de-de/microsoftteams/teams-privacy?view=o365-worldwide.
3.2 Legal basis
Insofar as personal data of employees of our company are processed, the legal basis for data processing is Art. 6 Para. 1 lit. b DSGVO, possibly § 26 BDSG. If, in connection with the use of MS Teams, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component of the use of MS Teams, the legal basis for data processing is Article 6 (1) (f) DSGVO. In these cases, our interest lies in the effective implementation of online meetings.
Otherwise, the legal basis for data processing when conducting online meetings is Art. 6 (1) lit. b DSGVO, insofar as the meetings are conducted within the framework of contractual relationships.
If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f DSGVO. Here too, our interest is in the effective conduct of online meetings.
If we make recordings of individual online meetings and consent is required and requested in this regard, the legal basis for this processing is Art. 6 (1) lit. a DSGVO.
4. Who receives my data?
In our company, only those persons have access to your data who need it for the smooth running of the online meetings, e.g. the organisers and participants in meetings from our company. This may also involve several specialist departments in our company, depending on which services or products you obtain from us. Furthermore, our IT department has access to your data for exclusively technical processing.
Personal data processed in connection with participation in online meetings will generally not be passed on to third parties unless it is intended to be passed on. Please note that content from online meetings, as well as face-to-face meetings, is often used to communicate information with customers, prospects or third parties and is therefore intended for disclosure.
As a provider of MS Teams, Microsoft necessarily receives knowledge of the above-mentioned data, insofar as this is provided for in the context of our order processing agreement with MS Teams. Service providers used by us may also be recipients of your personal data within the scope of a commissioned processing pursuant to Art. 28 DSGVO.
We may be required to disclose certain data to the relevant authorised bodies as part of our legal obligations.
5. Are data transferred to a third country or to an international organisation?
In principle, we do not process data outside the European Union (EU), as we have limited our storage location to data centres in the European Union. However, we cannot exclude that routing or storage of data takes place via internet servers that are located outside the EU. This may be the case in particular if participants in online meetings are located in a third country.
A secure level of data protection is ensured by concluding supplementary EU standard data protection clauses and technical-organisational measures. When using standard data protection clauses, we aim to implement additional measures to protect their data where necessary. To this end, among other things, data is encrypted during transmission over the Internet and at rest, thus protecting it from unauthorised access by third parties. Microsoft uses standard technologies such as TLS and SRTP to encrypt all data in transit between users' devices and Microsoft data centres and between Microsoft data centres. This includes messages, files (video, audio, etc.), meetings and other content. Corporate data at rest in Microsoft data centres is also encrypted in a way that allows organisations to decrypt content when needed. MS Teams also uses TLS and MTLS to encrypt chat messages. All server-to-server traffic requires MTLS - whether the traffic is restricted to the internal network or crosses the internal network perimeter. More information on how Microsoft Teams encrypts data can be found here: https://docs.microsoft.com/de-de/microsoftteams/teams-security-guide.
Microsoft has certification under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA to ensure compliance with European data protection standards for data processing in the USA. Any company certified under the DPF undertakes to comply with these data protection standards. For more information, please contact the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000KzNaAAK&status=Active.
6. How long will my data be stored?
As a matter of principle, we delete personal data when there is no need for further storage. A requirement may exist in particular if the data is still needed to fulfil contractual services, to check and grant or ward off warranty and, if applicable, guarantee claims. In the case of statutory retention obligations, deletion will only be considered after the respective retention obligation has expired.
7. What data protection rights do I have?
Every data subject has the right to information under Article 15 of the GDPR, the right to rectification under Article 16 of the GDPR, the right to erasure under Article 17 of the GDPR, the right to restriction of processing under Article 18 of the GDPR, the right to object under Article 21 of the GDPR and the right to data portability under Article 20 of the GDPR. With regard to the right to information and the right to erasure, the restrictions pursuant to Sections 34 and 35 BDSG apply. In addition, there is a right of appeal to a competent data protection supervisory authority (Article 77 DSGVO).
You may revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent given to us before the applicability of the General Data Protection Regulation, i.e. before 25 May 2018. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected by this.
8. Is there an obligation to provide data?
Initially, the provision of your personal data is neither legally nor contractually required, nor are you obliged to provide such data. In order to participate in an online meeting or to enter the meeting room, you must at least provide information about your name. If you do not wish to do so, your participation in our online meetings will unfortunately not be possible.
9. To what extent is there automated decision-making?
No automated decision-making within the meaning of Art. 22 DSGVO is used. 10.
10. Does profiling take place?
We do not process your data with the aim of automatically evaluating certain personal aspects.
11. information about your right to object according to article 21 DSGVO
11.1 Individual right of objection
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6(1)(f) DSGVO (data processing based on a balance of interests). This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 DSGVO.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
11.2 Recipients of an objection
The objection can be made informally with the subject "Objection", stating your name and e-mail address, and should be addressed to the contact details mentioned under point 1.
12 Amendment of this data protection notice
We revise this data protection notice in the event of changes to data processing or other occasions that make this necessary. You will always find the current version on this website.
Status: 24.10.2023
