Privacy Policy | Microsoft Teams

If you have any questions, comments or criticism regarding the processing and use of your personal data, please contact our data protection officer.

Contact us  

Privacy Notes according to Art. 13 GDPR for online meetings, conference calls and webinars via "Microsoft Teams" of heidelpay GmbH

 

In the following we would like to inform you about the processing of personal data in connection with the use of "Microsoft Teams".

 

1. purpose of the processing

We use the "Microsoft Teams" tool to conduct conference calls, online meetings, video conferences and/or webinars (hereinafter referred to as "Online Meetings"). "Microsoft Teams" is a service of Microsoft Corporation.

 

2. the controller of the processing

The controller for data processing directly related to the organisation of "online meetings" is

heidelpay GmbH, Vangerowstrasse 18, 69115 Heidelberg, Germany, e-mail: info@heidelpay.com

Note: If you access the "Microsoft Teams" website, the provider of "Microsoft Teams" is responsible for data processing. However, you only need to call up the "Microsoft Teams" website in order to download the software for using "Microsoft Teams".

If you do not want to or cannot use the "Microsoft Teams" app, you can also use "Microsoft Teams" via your browser. In this case, the service is then also provided via the "Microsoft Teams" website.

 

3 Which data are processed?

Various types of data are processed when using "Microsoft Teams". The scope of the data also depends on the information you provide before or during participation in an "online meeting".

The following personal data is processed:

User information: e.g. display name, e-mail address (if applicable), profile picture (optional), preferred language

Meeting metadata: e.g. date, time, meeting ID, phone numbers, location

Text, audio and video data: You may be able to use the chat function in an "online meeting". To this extent, the text entries you make are processed in order to display them in the "online meeting". In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time using the "Microsoft Teams" applications.

 

4. scope of processing

We use "Microsoft Teams" to conduct "online meetings". If we want to record "online meetings", we will inform you transparently in advance and – if so required – ask for your consent.

If it is necessary for the purposes of recording the results of an online meeting, we will record the chat content. However, this will usually not be the case.

Automated decision making in the sense of Art. 22 GDPR is not used.

 

5. legal basis of data processing

As far as personal data of employees of heidelpay GmbH are processed, § 26 BDSG is the legal basis of the data processing. If, in connection with the use of "Microsoft Teams", personal data are not required for hiring decisions or for carrying out or terminating the employment contract, but are nevertheless an elementary component of the use of "Microsoft Teams", Art. 6 para. 1 lit. f) GDPR is the legal basis for the data processing. In these cases,  our legitimate interest is in the effective implementation of "online meetings".

In addition, the legal basis for data processing in the conduct of "online meetings" is Art. 6 para. 1 lit. b) GDPR, insofar as the meetings are conducted within the framework of contractual relationships.

If no contractual relationship exists, the legal basis is Art. 6 para. 1 lit. f) GDPR. Here too, our legitimate interest is in the effective implementation of "online meetings".

 

6. recipient / transfer of data

Personal data processed in connection with participation in "online meetings" are generally not passed on to third parties, unless they are specifically intended to be passed on. Please note that content from "online meetings", as well as in personal meetings, often serves precisely to communicate information with customers, interested parties or third parties and is therefore intended for disclosure.

Other recipients: The provider of "Microsoft Teams" necessarily obtains knowledge of the above-mentioned data to the extent that this is provided for in our data processing agreement with "Microsoft Teams".

 

7. data processing outside the European Union

Data processing outside the European Union (EU) does not take place as a matter of principle, as we have limited our storage location to computer centres in the European Union. However, we cannot exclude the possibility that data is routed via Internet servers located outside the EU. This may be the case in particular if participants in "online meetings" are in a third country.

However, the data is encrypted during transport over the Internet and thus protected against unauthorised access by third parties.

 

8. data protection officer

We have appointed a data protection officer.

You can reach our data protection officer as follows:

heidelpay GmbH, - data protection officer -, Vangerowstraße 18, 69115 Heidelberg,

e-mail: dsb@heidelpay.com

 

9. your rights as a data subject

You have the right of access to personal data concerning you. You can contact us for information at any time. In the case of a request for information that is not made in writing, we ask for your understanding that we may require you to provide evidence that proves that you are the person you claim to be.

Furthermore, you have the right to rectification or deletion or to restriction of processing, as far as you are legally entitled to do so.

Finally, you have the right to object to the processing within the statutory provisions.You also have a right to data portability within the statutory provisions.

 

10. deletion of data

As a matter of principle, we delete personal data when there is no need for further storage. A requirement can exist in particular if the data is still needed to fulfil contractual services, to check and grant or ward off warranty and, if applicable, guarantee claims. In the case of statutory storage obligations, deletion shall only be considered after the expiry of the respective storage obligation.

 

11. right of appeal to a supervisory authority

You have the right to complain about the processing of personal data by us to a data protection supervisory authority.

 

12. amendment of this data protection notice

We revise this privacy notes in the event of changes in data processing or other reasons that make this necessary. You will always receive the current version with the invitation to the respective online meeting.

 

Status: 20.05.2020

SERVICE