Dres. Tiemann, Schulte Holding GmbH (hereinafter also “we”) uses the online platform “Teams” for interactive communication. We would like to inform you in the following about the processing of personal data in connection with the use of „Teams“.
1. Purpose of processing
We use “Teams” to conduct telephone conferences and/or video conferences, particularly in connection with online seminars for professionals and/or employees (hereinafter: „online meetings“). „Teams“ is a service provided by the Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, located in the United States of America (hereinafter: „Microsoft“).
For more information from Microsoft about data protection for „Teams“, click here.
2. Data controller
The data controller responsible for data processing directly related to the organisation of „online meetings“ is
Dres. Tiemann, Schulte Holding GmbH
Phone: +49 (0) 40 70 70 85 151,
Management board: Hon. Prof. Dr. Katharina Tiemann, Prof. h.c. Dr. Markus Tiemann, Dr. Christoph Schulte.
Notes: Once you access the Microsoft „Teams“ website, Microsoft is responsible for data processing. However, it is only necessary to access the website in order to download the software for the use of „Teams“. You can also use „Teams“ by entering the respective meeting ID and, if necessary, additional access data for the meeting directly in the „Teams“ app. If you do not want to or cannot use the „Teams“ app, the basic functions can also be used via a browser version, which you can also find on the „Teams“ website.
To the extent that Microsoft processes personal data in connection with its own legitimate business activities, as described in the Microsoft Online Services Terms, Microsoft is an independent data controller for such processing, the legal basis of which, according to its own statement, is legitimate interests. In Microsoft’s statement, „Microsoft’s legitimate business operations“ consist of the following, each as incident to delivery of Microsoft Teams to us: (1) billing and account management; (2) compensation (e.g., calculating employee commissions and partner incentives); (3) internal reporting and modeling (e.g., forecasting, revenue, capacity planning, product strategy); (4) combatting fraud, cybercrime, or cyber-attacks that may affect Microsoft or Microsoft Products; (5) improving the core functionality of accessibility, privacy or energy-efficiency; and (6) financial reporting and compliance with legal obligations.
3. Which data are processed?
Various types of data are processed when using “Teams”. The scope of the data also depends on the information you provide before or during participation in an „online meeting“.
The following personal data are regularly processed:
Information about the user: First name, last name, phone (optional), e-mail address, password (if „single sign-on“ is not used), profile picture (optional), department (optional)
Meeting metadata: Topic, description (optional), participant IP addresses, device/hardware information
For recordings (optional): MP4 file of all video, audio, and presentation recordings, M4A file of all audio recordings, text file of online meeting chat.
When dialing in by phone: Details of incoming and outgoing telephone number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be saved.
Text, audio, and video data: You may have the option of using chat, question, or survey functions in an „online meeting“. The text entries you make will be processed to the extent that they are displayed in the „online meeting“ and, if necessary, logged. To enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera on your terminal device are processed for the duration of the „online meeting“. You can switch off the video camera or mute the microphone yourself at any time using the „Teams“ applications.
For further details on data processing by Microsoft, please refer to Microsoft’s statement.
In order to participate in an „online meeting“ or enter the „meeting room“, you must at least provide your name.
4. Scope of processing
We use „Teams“ to conduct „online meetings“. If we want to record „online meetings“, we will inform you of this transparently in advance and – if necessary – ask for your consent. You will also be able to see that the „Teams“ app is recording.
If necessary for the purpose of recording the outcomes of an „online meeting“, we will – after having given prior notice – log the chat content. In the case of online meetings, we may also process the questions asked by participants for recording and follow-up purposes.
If you are registered as a „Teams“ user, reports on „online meetings“ (meeting metadata, phone dial-in data, questions and answers, survey function) can be stored by Microsoft for up to 30 days.
Automated decision-making within the meaning of Article 22 of the GDPR is not used.
5. Legal basis for data processing
Where personal data of employees of Dres. Tiemann, Schulte Holding GmbH are processed, § 26 (1) of the BDSG (German Federal Data Protection Act) is the legal basis for data processing. If special categories of personal data are concerned, the processing is based on § 26 (3) of the BDSG.
On the other hand, if, in connection with the use of „Teams“, personal data are not necessary for the creation, implementation or termination of the employment relationship, it is generally not necessary to provide these data. The legal basis for data processing is Article 6(1)(f) of the GDPR. In these cases our interest lies in the effective implementation of „online meetings“. Otherwise, the legal basis for data processing in connection with „online meetings“ is Article 6(1)(b) GDPR, insofar as the meetings are held within the framework of contractual relations. In special cases in which you are asked in advance for a declaration of consent, the legal basis is Article 6(1)(a) GDPR.
6. Recipients / disclosure of data
Personal data that are processed in connection with the participation in „online meetings“ are generally not passed on to third parties, unless they are specifically intended to be passed on. Please note that content from „online meetings“ as well as personal meetings is often used to communicate information with customers, interested parties, or third parties and is therefore intended to be passed on.
Further recipients: Microsoft receives knowledge of the above-mentioned data by necessity, as far as this is intended within the scope of our contract processing agreement with Microsoft. We also refer to the above-mentioned explanations on Microsoft’s data protection.
7. Data processing outside the European Union
„Teams“ is a service provided by a provider from the USA. Personal data is therefore also processed in a third country. We have concluded an order processing contract with Microsoft in accordance with Article 28 of the GDPR. An adequate level of data protection is ensured by the conclusion of the EU Standard Contractual Clauses. If law enforcement authorities contact Microsoft with a request, Microsoft will, according to Microsoft’s own statement, attempt to redirect law enforcement authorities to request the personal information directly from us. If Microsoft is required to disclose personal information to law enforcement authorities, Microsoft will (also according to Microsoft’s own statement) notify us immediately and provide a copy of the claim, unless prohibited by law. For more information about the information that Microsoft discloses in response to requests from law enforcement and other government agencies, see Microsoft’s Law Enforcement Requests Report.
8. Data protection officer
We have appointed a data protection officer. The contact details are as follows:
Dres. Tiemann, Schulte Holding GmbH
Ms Britta Graßau
22547 Hamburg, Germany
9. Your rights as a data subject
You have the right to receive your personal data. You can contact us at any time for information. In the case of a request for information that is not made in writing, please understand that we may require you to provide proof that you are the person you claim to be.
Furthermore, you have a right to correction or deletion or to restriction of processing, insofar as you are legally entitled to do so.
Finally, you have a right of objection against the processing within the scope of the legal requirements.
A right to data transferability also exists within the framework of data protection regulations.
If the processing of your personal data is based on your consent, you have the right to revoke this consent at any time, with the result that the processing of your personal data will become inadmissible for the future. However, this does not affect the lawfulness of the processing carried out on the basis of the consent until revoked.
10. Deletion of data
We generally delete personal data when there is no need for further storage. A need may arise in particular if the data is still needed to fulfil contractual services, to check and grant or defend against warranty rights and, if applicable, warranty claims. In the case of legal storage obligations, deletion only comes into consideration after the expiry of the respective storage obligation.
Microsoft’s statement on data retention can be found here.
11. Right to complain to a regulatory authority
You have the right to complain to a data protection supervisory authority about the processing of personal data by us.
12. Changes to this data protection notice
We will revise this data protection notice in the event of changes in data processing or other occasions that make this necessary. We always provide the current version in connection with the invitation to use „Teams“.