Microsoft Teams - Data Privacy Statement
I. Name and address of the responsible party
The controller, responsible for collecting, processing and using your personal data pursuant to the EU General Data Protection Regulation (GDPR), is:
msg systems ag
Robert-Bürkle-Straße 1
85737 Ismaning
Germany
Phone: +49 89 96101-0
E-Mail: info@msg.group
II. Name and address of the data protection officer
Data protection officer of the responsible party is:
Claus Bauer
msg systems ag
Robert-Bürkle-Strasse 1
85737 Ismaning
Germany
Fax: +49 89 96101-1113
E-mail: Datenschutz@msg.group
III. Online meetings, telephone conferences and webinars via "Microsoft Teams"
1. Description and scope of data collection
We would like to inform you below about the processing of personal data in connection with the use of "Microsoft Teams".
Categories of Personal Data:
User information: display name, email address, profile picture (optional), preferred language, meeting metadata: e.g., Date, time, meeting ID, phone number, location, text, audio and video data: You may have the option to use the chat function in an online meeting. In this case, the text you enter will be processed in order to display it in the online meeting.
In order to enable the display of video and the playback of audio, the data from the microphone of your end device and from a video camera on the end device are processed for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the "Microsoft Teams" applications.
2. Legal basis for data processing
The data collected during planning was processed on the basis of consent (Art. 6 Para. 1 lit a) GDPR) or legitimate interest (Art. 6 Para. 1 lit f) GDPR). The legitimate interest is the execution of the appointment.
3. Purpose of data processing
The data processing takes place in order to conduct telephone conferences, online meetings, video conferences and/or webinars.
4. Duration of storage
The data collected to coordinate appointments will be deleted in compliance with statutory retention requirements. Otherwise, it will be deleted if the purpose for processing no longer exists.
5. Right of objection
The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
If you want to revoke your consent / storage, please send an e-mail to the marketing department of msg systems ag, msg.marketing@msg.group.
All personal data that was saved in the course of making contact will be deleted in this case.
For further information on the purpose and scope of data collection and processing can be taken from Microsoft’s data protection declaration under https://privacy.microsoft.com/de-de/privacystatement. EU standard contracts with Microsoft for Office 365 and Teams have been concluded to guarantee an appropriate level of data protection.
IV. Appointment bookings via "Microsoft Bookings"
1. Description and scope of data collection
Categories of Personal Data:
Bookings: IP address, name, contact details (email address), calendar dates, notes (unspecified)
2. Legal basis for data processing
The data collected during planning was processed on the basis of consent (Art. 6 Para. 1 lit a) GDPR) or legitimate interest (Art. 6 Para. 1 lit f) GDPR). The legitimate interest is optimization of appointment allocation and appointment implementation.
3. Purpose of data processing
The data processing takes place in connection with the planning of appointments.
4. Duration of storage
The data collected to coordinate appointments will be deleted in compliance with statutory retention requirements. Otherwise, it will be deleted if the purpose for processing no longer exists.
5. Right of objection
The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
If you want to revoke your consent / storage, please send an e-mail to the marketing department of msg systems ag, msg.marketing@msg.group.
All personal data that was saved in the course of making contact will be deleted in this case.
For further information on the purpose and scope of data collection and processing can be taken from Microsoft’s data protection declaration under https://privacy.microsoft.com/de-de/privacystatement. EU standard contracts with Microsoft for Office 365 and Teams have been concluded to guarantee an appropriate level of data protection.
V. Recording with Microsoft Teams Recording
1. Description and scope of data collection
In principle, meetings are not recorded. Meetings are only recorded if the data protection officer has checked and approved the recording.
The following categories of personal data is processed: Video recording incl. sound and image.
2. Legal basis for data processing
Data, collected during planning, is processed on the basis of the consent (Point 1 lit a of Article 6(1) of the GDPR) or legitimate interest (Point 1 lit f of Article 6(1) of the GDPR). Legitimate interest here refers to using the recording for documentation processes.
3. Purpose of data processing
Data processing is done in connection with the recording of Teams meetings.
The link to the general data protection information is provided to the participants.
The following supplementary data protection information related to the declaration of consent is provided to the participants
- Purpose of the meeting
- Necessity of recording
- Person responsible for recoding (function, role)
- People authorized to access the recording and/or addressees to which the recoding is to be made available (incl. address of the participating institution)
- Storage location
- Retention period
4. Duration of data retention
The data collected will be deleted in compliance with legal retention obligations. Otherwise, the data is deleted once the purpose for processing does not longer exist.
5. Right of objection
The users are entitled to revoke their declaration of consent to the processing of personal data. If users contact us via e-mail, the users can object to saving personal data at any time. Objections may be raised during or following the recording. In this case, the recording may not continue.
If you want revoke your declaration of consent / saving, please send an e-mail to the above address.
All personal data, which was saved in the context of the contact, is deleted in this case.
For further information on the purpose and scope of data collection and processing can be taken from Microsoft’s data protection declaration under https://privacy.microsoft.com/de-de/privacystatement. EU standard contracts with Microsoft on Office 365 and Teams have been concluded to guarantee an appropriate level of data protection.
VI. Rights held by the affected person
Anytime your personal information is processed you are considered an affected person pursuant to the GDPR and you have the following rights in connection with the responsible party:
1. Right to disclosure
You have the right to request information on the scope, origin and recipient of stored information, as well as the purpose of the storage, at no charge to you.
2. Right to correction
You have the right to demand a correction and/or completion from the responsible party should the processed personal information related to you be incorrect or incomplete. The responsible party must make the corrections without delay.
3. Right to deletion
You have the right to request that the responsible party immediately delete any personal information related to you and the responsible party is required to delete said data without delay should any of the following reasons apply:
(1) The personal information related to you is no longer required for the purpose it was collected or processed in any other manner.
(2) You revoke the consent on which the processing was based pursuant to Numeral 6, Para. 1, Item a or Numeral 9, Para. 2, Item a of the General Data Protection Regulation (GDPR) and there is no other legal basis for the processing.
(3) You submit an objection to the processing pursuant to Numeral 21, Para. 1 of the General Data Protection Regulation (GDPR) and no legitimate reasons for the processing that have precedence over your objection exist, or you submit an objection to the processing pursuant to Numeral 21, Para. 2 of the General Data Protection Regulation (GDPR).
(4) The personal information related to you was processed unlawfully.
(5) The deletion of the personal information related to you is necessary in order to meet a legal obligation under Union law or the law of the member states to which the responsible party is subject.
(6) The personal information related to you was collected in relation to services offered by the information company pursuant to Numeral 8, Para. 1 of the General Data Protection Regulation (GDPR).
4. Right to data portability
You have the right to obtain the personal information related to you and which you shared with the responsible party in a structured, commonly used and machine-readable format.
5. Right of objection
You have the right, for reasons arising from your particular situation, to object to the processing of personal information related to you, which was being processed pursuant to Numeral 6, Para. 1, Item e or f of the General Data Protection Regulation (GDPR), at any time; this includes any profiling based on these policies.
The responsible party will cease processing any personal information related to you unless they can provide proof urgent, protection-worthy reasons for the processing that outweigh your interests, rights and freedoms or unless the processing serves the enforcement, exercising or defense of legitimate claims.
You have the right to revoke your privacy consent statement at any time. Revoking your consent shall not affect the legitimacy of the processing that was performed with your consent up to the time your consent was revoked.
6. Right to submit complaint to supervisory body
Notwithstanding other administrative or legal remedy, you will generally have the right to submit a complaint to a supervisory body, specifically in the member state of your place of residence, your place of employment or the location of the alleged breach, if you are of the opinion that the processing of the personal information related to you violates the GDPR.
The supervisory body to which the complaint is submitted shall inform the complainant of the status and results of the complaint, including the option of legal remedy pursuant to Numeral 78 of the GDPR.
Version: 15/05/2024