Data Protection Notice for meetings via Microsoft Teams

In the following, we would like to provide you with information about how personal data is processed in connection with the use of Microsoft Teams.

Purpose of the data processing

We use the Microsoft Teams tool to conduct conference calls, online meetings, video conferences and/or webinars (hereafter referred to as “online meetings”). Microsoft Teams is a service provided by Microsoft Corporation, headquartered in the USA.

Responsible entity

The entity responsible for the data processing directly associated with running online meetings is the Foundation “Medien in der Bildung”, Schleichstraße 6, D-72076 Tübingen.

Note: If you access the Microsoft Teams website, the Microsoft Teams provider is responsible for data processing. However, accessing the website is only necessary to download the software for using Microsoft Teams.

You can also use Microsoft Teams by entering the meeting ID and any other meeting access information directly in the Microsoft Teams app. If you are unwilling or unable to use the Microsoft Teams app, the basic functions can also be used in a browser version, which you can find on the Microsoft Teams website.

What data is processed?

When you use Microsoft Teams, different types of data are processed. How much data is processed depends partly on what information you enter before and during an online meeting.

The following types of personal data may be processed:

User information: First name, last name, phone number (optional), email address, password (if Single Sign-On is not used), profile picture (optional), and department (optional)

Meeting metadata: topic, description (optional), participants’ IP addresses, device/hardware information

For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.

When calling in by phone: Information about the incoming and outgoing phone numbers, country, and start and end times. Other call data may also be stored, e.g. the IP address of the device.

Text, audio and video data: In an online meeting, you may have the option of using the chat, question or survey functions. Any text you input will be processed in order to display it and, where relevant, log it during the online meeting. To enable video display and audio playback, the data from the microphone on your device and from any video camera on your device will be processed for the duration of the meeting. You can switch off the camera or mute the microphone yourself at any time via the Microsoft Teams app.

As a minimum, in order to take part in an online meeting or enter the ‘meeting room’, you will have to provide some information about your name.

Extent of data processing

We use Microsoft Teams in order to carry out online meetings. If we want to record online meetings, we will inform you of that fact clearly in advance and – where necessary – ask for your consent. An indication that a meeting is being recorded will also be displayed in the Microsoft Teams app.

If it is necessary for the purposes of logging the outcomes of an online meeting, we will log the content of the chat. However, this will not normally be the case.

In webinars, we may also process the questions asked by webinar participants for recording and follow-up purposes.

If you are registered as a user with Microsoft Teams, Microsoft Teams may store reports on online meetings (meeting metadata, telephone call-in data, questions and answers in webinars, and the survey function in webinars).

There is no automated decision-making within the meaning of Article 22 of the GDPR.

Legal basis for data processing

Insofar as personal data of IWM employees is processed, the legal basis for the data processing is Section 26 of Germany’s Federal Data Protection Act (BDSG). If, in connection with the use of Microsoft Teams, personal data is not necessary to enter into, perform or terminate the employment relationship, but is still a basic element for using Microsoft Teams, the legal basis for the data processing is Article 6 (1) (f) of the GDPR. In these cases, our legitimate interest is the effective running of online meetings.

Otherwise, the legal basis for data processing when running online meetings is Article 6 (1) (b) of the GDPR, provided the meetings are carried out in the context of a contractual relationship.

Recipients/data transfers

As a matter of principle, personal data that is processed in connection with participation in online meetings is never transferred to third parties unless it is specifically intended to be shared. Please note that, as is the case with in-person meetings, content from online meetings is often specifically intended to communicate information with customers, interested parties or third parties and is therefore intended to be shared.

Other recipients: The provider of Microsoft Teams is necessarily informed of the data mentioned above, where this is provided for under our data processing agreement with Microsoft Teams.

Data processing outside the European Union

Microsoft Teams is a service provided by a company in the USA. This means that personal data is also processed in a non-EU country. We have entered into a data processing agreement with the provider of Microsoft Teams that meets the requirements of Article 28 of the GDPR.

An appropriate level of data protection is guaranteed through EU standard contractual clauses.

Further information about data protection and your rights is available in our Privacy Statement.