Privacy Statement MS Teams

Data protection notices when using cloud-based video conferencing 

With this data protection declaration I, Franz Tertsch data protection management, inform you about the processing of your personal data in the context of web conferences using the video conference solution Microsoft Teams.

This information consists of two parts:

Purpose of the processing

I would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. A complete protection of the data against access by third parties is not possible.

SSL or TLS encryption

This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content. TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.

Note  on the Controller  – Who I am

GDPR art. 4 Nr.7

The controller is the natural or legal person who, alone or together with others, decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.). The controller for data processing on this website:

Franz Tertsch B.B.A.
Datenschutzmanagement und -audits

Waldstrasse 2, 27446 Anderlingen, Germany

Telephone: +49 4284 927 838

Your rights regarding your personal data

You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to request the correction, blocking or deletion of this data. An informal request / message to me is sufficient to exercise your rights. You can contact me at any time if you have any further questions on the subject of data protection. Information, correction, deletion and blocking You have the right to free information about your stored personal data, its origin and recipient and the purpose of the data processing and a right to correction, deletion or blocking of this data at any time within the framework of the applicable legal provisions.

Legal basis: GDPR art. 15, 16, 17, 18 

Right to data transferability

You have the right to have data that I process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another person responsible, this will only be done to the extent that it is technically feasible.

Legal basis: GDPR art. 20 

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke consent that you have already given at any time. An informal message, e.g. by e-mail, to me is sufficient for this. The legality of the data processing that took place up until the revocation remains unaffected by the revocation.

Legal basis: GDPR art. 7 – 3 

Right of objection

If I cite my legitimate interest or a legitimate interest of a third party (GDPR – Art. 6 Para. 1 lit. e, f) as the legal basis for the processing of personal data, you have the right to object. You have the right to object to the processing of personal data at any time. In particular, an objection to data processing for the purpose of direct advertising is permissible.

Legal basis: GDPR art. 21 

Right of appeal

In the event of violations of data protection law, you (the person concerned) have the right to appeal to a supervisory authority in accordance with Art. 77 GDPR. The competent supervisory authority is the state data protection officer of the federal state of your place of residence, your place of work or the place of the alleged violation. A list of data protection officers and their contact details can be found at the following link:

Legal basis: GDPR art. 77

General remark

I use Microsoft Teams (MS Teams) to conduct web conferences, such as telephone conferences and video conferences. I carry out the data processing on the basis of a legitimate interest in accordance with GDPR Article 6 Paragraph 1 f). My legitimate interest in data processing is: “Conducting web conferences to inform customers and prospects.” 

MS Teams is part of Microsoft Office 365 and a productivity, collaboration and exchange platform for individual users, teams, communities and networks that the company can use across the board. Teams includes, among other things, a video conferencing function. Microsoft Office 365 is software from Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.

MS Teams is part of the Office 365 cloud application, for which a user account must be created. However, MS Teams can also be used if you enter the relevant meeting ID and, if necessary, other meeting access details directly into the Microsoft Teams app.

If you do not want or cannot use the Microsoft Teams app, the basic functions can also be used via a browser version. This version can also be found on Microsoft’s website.

Which data is processed?

When using MS Teams, different types of data are processed. The scope of the data also depends on what information you provide before or when participating in a web conference. The following personal data are regularly subject to processing: 

Entrant IP address(es) and device/hardware information 

    • Information about the user:
    • first name Last Name;
    • phone number (optional);
    • e-mail address;
    • password;
    • profile picture (optional);department (optional).  

When dialing in by phone:

information about the incoming and outgoing telephone number;country code;start and end time of the web conference;possibly further connection data such as the IP address of the device.  

Text, audio and video data:
When using the chat, question or survey functions, the text you enter is processed for display in the web conference and possibly logged. To enable video playback and audio playback, the data from the microphone of your terminal device and any video camera on the terminal device will be processed accordingly for the duration of the web conference. If this is not desired, you can switch off or mute the camera or microphone yourself at any time via the MS Teams application.  

When (optional) withdrawals are processed: 

    • MP4 files of all video, audio and presentation recordings;
    • M4A file of all audio recordings;
    • text file(s) of online meeting chat. 

To participate in a web conference or to enter the “conference room”, you must provide your name.  

Scope of processing
I use MS Teams to hold web conferences. These web conferences are usually not recorded. In exceptional cases, if I want to record the web conference, for example for reasons of evidence, I will inform you in advance and transparently and ask for your written consent. 

Further recipients
The provider of MS Teams necessarily receives knowledge of the above data, insofar as this is provided for in the context of my order processing contract with MS Teams.

Data processing outside the European Union
MS Teams is a service provided by a provider from Ireland and the US. Processing of personal data can therefore also take place in a third country. I have concluded an order processing contract with the provider of MS Teams (Ireland) that meets the requirements of GDPR Article 28.
The data is encrypted during transmission over the Internet and is thus protected against unauthorized access by third parties.  

More information 

    • As soon as you visit the MS Teams website to download the software for using Teams, the MS Teams provider is responsible for data processing.
    • When a meeting recording starts, MS Teams displays a notification to all participants on the desktop, web, and mobile apps, as well as those who joined by phone.
    • In exceptional cases, I will log the chat content for logging the results of a web conference.
    • In the case of webinars, questions from webinar participants can also be processed for the purpose of recording and following up on the webinars.
    • Personal data will be deleted during follow-up.
    • If you are registered as a user with MS Teams, web conferencing reports such as conference metadata, telephone dial-in information, webinar questions and answers, webinar survey functions, etc. may be stored with MS Teams for up to one month.
    • The possibility of software-based “attention tracking” has been deactivated for me.
    • I do not use automated decision-making within the meaning of Article 22 of the GDPR.   

Last update: December 2022