With these notes we inform you about the recordings of company internal digital meetings and events made by Microsoft Teams.
Who is responsible for processing personal data?
Who can I contact if I have questions about data protection?
We have appointed a data protection officer for our company. You can reach him at the following contact address: firstname.lastname@example.org
For what purpose will my data be processed?
The recording of internal digital meetings and events is done in order to share them with employees who are not able to attend these events.
What is the legal basis for data processing?
The processing is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR.
What personal data is processed during the above-mentioned recordings?
In addition to the video, image and audio recordings, chat messages created, contents of screen releases or shared files may also be subject to a recording and thus also be processed.
Who has access to my personal data?
All files, content and comments posted in teams by users are accessible to the people with whom they are shared. These can be individual employees or members of a team or channels in a team. Microsoft has access to the information collected when teams are used, to the extent that it is necessary to fulfill its obligations under the contract with us for order processing. U.S. investigative authorities may have a right of access under U.S. law (see below).
What is the storage period for my data?
Video, image and audio recordings are stored for a period of 180 days or until you revoke your consent.
Data protection when processing personal data in the USA and Cloud-Act
When using Microsoft Teams, data can be processed on servers in the USA. According to the current legal situation in the USA, US investigating authorities have almost unhindered access to all data located on US servers.
Under the CLOUD Act, U.S. investigating authorities also have the option of requesting Microsoft to release personal data that is stored on EU servers.
Due to the legal situation described and the risks involved, it cannot be guaranteed that the data protection rights of EU citizens will be observed or, if necessary, enforced in court.
You have the following rights against us with regard to the personal data concerning you:
In particular, in accordance with Art. 7 Para. 3 GDPR you can revoke your consent you have given to us at any time. As a result, we will no longer continue to process the data based on this consent for the future.
Furthermore, you have the right to complain to a data protection supervisory authority about the processing of your personal data by us.