FINDE DEINEN JOB!

Data protection
Microsoft Teams

SCROLL

Data protection information on the use of Microsoft Teams

1. responsible party

Finanz-DATA GmbH, consulting and software company
Helenenstr. 3
99867 Gotha

E-mail: datenschutz@fida.de

Data protection officer: Stefan Fraatz

2. purposes of data processing

We use Microsoft Teams to conduct conference calls, online meetings, video conferences and/or webinars.

3. data processing

What data is processed?

  • User information: Name, e-mail address, profile picture

  • Meeting metadata: Topic, description, participant IP addresses, device information

  • Text, audio, video, chat data: Contributions in chats, audio or video recordings

  • Recordings, if applicable (only with separate consent)

Personal data

The personal data collected, as well as any content data (in particular chat histories) that are processed as a session, recording or transcription, relate to the persons who participate in the meeting through their presence and are required for participation in the video conferencing solution offered by the provider Microsoft, in particular for the "Microsoft Teams" product.

Data categories

Various types of data are processed when using "Teams" or "Office365". The scope of the data depends on the information you provide during an "online meeting". It includes the following data:

  • User: first name, last name, telephone (optional), e-mail address, password (if "Single Sign-On" is not used), profile picture (optional), department (optional), language

  • Online metadata: Topic, description (optional), IP addresses of participants, device/hardware information. For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online meeting chat. Dial-in with the telephone: details of the incoming and outgoing telephone number, country name, start and end time. If required, further connection data such as the IP address of the device can be saved.

  • Text, audio and video data: When using the chat, question or survey functions as well as other functions for uploading and downloading files such as image, audio, video or office data, the data you provide is processed in order to display it in the "online meeting" and make it accessible to other participants during the meeting or afterwards and, if necessary, to log it. During the meeting, the data is processed by the microphone or video camera on your end device. You can switch off or mute the camera or microphone yourself at any time via the "Teams" applications.

  • Other Office 365 cloud services: The data stored by the user himself in these services is only stored for the purpose of further processing or forwarding specified by the user.

  • Scope of processing: We use "Microsoft Teams" to conduct "online meetings" and "Office 365" to provide other Microsoft cloud services. We will communicate any recordings transparently in advance and - where necessary - ask for consent. The recording will be displayed in "Microsoft Teams". In these cases, we are interested in the effective organization of online meetings and communication between meeting participants.

In accordance with the user instructions, the meeting organizer verbally informs the participants before the start of the recording that they can switch off their camera or use the chat function if they do not want their face/voice to be visible on the recording.

Purposes of data processing

We process your personal data in compliance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

Microsoft Teams is used as a communication and collaboration platform. It is therefore necessary to process data in order to enable digital collaboration with the help of text messages, audio and video calls, file sharing, etc.

If an MS Teams meeting is recorded or transcribed, the participant is informed of this in the invitation to the meeting and the organizer/chair of the meeting informs the participants again at the start of the meeting that the MS Teams meeting will be recorded or transcribed. Only then will the meeting start and, if applicable, the recording and/or transcription.

4 Legal bases

  • Art. 6 para. 1 lit. b GDPR (contract/employment relationship)

  • Art. 6 para. 1 lit. f GDPR (legitimate interest in effective communication)

  • Art. 6 para. 1 lit. a GDPR (consent - for recording)

  • If personal data of employees of Finanz-DATA are processed, § 26 BDSG is the legal basis for data processing, provided that the processing is necessary for the fulfillment of the employment relationship.

5. recipients / transfer of data

Microsoft receives access to personal data as a processor. There is a contract for order processing in accordance with Art. 28 GDPR.

The recordings of MS Teams can be passed on internally at Finanz-DATA or in some cases also externally, e.g. if it is an external training event.

In accordance with the User Guide, the meeting organizer will inform the participants to whom the recording can be shared.

MS Teams transcripts will be available for the participants of the session.

6. third country transfer

Microsoft also stores some data outside the EU. The EU standard contractual clauses apply. Data transfer to the USA cannot be completely ruled out. An appropriate level of data protection is guaranteed by the conclusion of the EU standard contractual clauses. Further information on the purpose and scope of data collection and its processing by the provider can be found in the privacy policy at https://privacy.microsoft.com.

7 Duration of data storage

Recordings and meeting content are only stored for as long as is necessary for the respective purpose. Chat histories and logs may be archived within the organization.

We delete personal data as soon as it is no longer required for the above-mentioned purposes. Otherwise, the statutory retention obligations apply. Corresponding proof and retention obligations arise from the German Commercial Code and the German Fiscal Code, among others, for up to 10 years.

The organizer/chair of the meeting shall inform the participants before the start of the recording that they can switch off their camera or the use of the camera.

8. rights of data subjects

You have the right to:

  • Information (Art. 15 GDPR)

  • Rectification (Art. 16 GDPR)

  • erasure (Art. 17 GDPR)

  • Restriction of processing (Art. 18 GDPR)

  • Data portability (Art. 20 GDPR)

  • Objection (Art. 21 GDPR)

  • Complaints to the data protection supervisory authority

    Responsible data protection supervisory authority:

    Thüringer Landesbeauftragter für den Datenschutz und die Informationsfreiheit
    P.O. Box 900455
    99107 Erfurt

Requirements for the use of Microsoft Teams

The following data protection requirements apply specifically to the use of Microsoft Teams:

  • Care must be taken to ensure that the confidentiality of conversations (audio and video) with particularly sensitive content is maintained. It must be ensured that participation can take place undisturbed and that unauthorized third parties (e.g. persons present in the room) cannot gain knowledge of the content. A headset should generally be used for this purpose, for example. If in doubt, a separate room should be used for the discussion. Information that is not intended for all participants should be exchanged in parallel via direct chat or individual telephone calls.

  • When using Microsoft Teams, a background image or the so-called blurring effect should be activated so as not to disturb third parties (e.g. other colleagues present in the room). Alternatively, care should be taken to ensure that any third parties present are not disturbed by a suitable selection and design of the workstation. In addition, the microphone should be muted if and as long as it is not actively required.

  • The use of applications that provide a virtual camera is prohibited during meetings and conferences.

  • When presenting screen content, only the content required for the discussion should be shared. For this reason, only the respective application window should be presented as a priority and not the entire screen, e.g. to avoid transmitting notifications about incoming emails. In case of doubt, the documents to be discussed should be distributed in advance and prepared / filtered / anonymized accordingly.

  • The storage / upload of files with personal and / or non-public content and their exchange via MS Teams is generally not permitted.

  • The number of participants in video and audio conferences should be limited to the minimum required. Participants who join unexpectedly or unannounced should be asked to leave immediately; in case of doubt, the conference should be terminated. This also applies to unauthorized third parties present in the background.

  • The recording of conversations (e.g. photographing or filming with a smartphone) and screenshots are prohibited.