Privacy Policy for Video Conferences via Microsoft Teams

USE OF MICROSOFT TEAMS ACC. ART. 13 GDPR 

INFORMATION FROM CADOCARE GMBH ON DATA PROTECTION WHEN USING MICROSOFT TEAMS IN ACCORDANCE WITH. ART. 13 GDPR 

Ladies and Gentlemen, 

HWe would like to inform you about the processing of your personal data in connection with the use of “Microsoft Teams” (hereinafter “Teams”). 

1. Purpose of data collection, processing, or -use 

Microsoft Teams is used as an internal and external online communication platform for conducting phone calls, video conferences, and online meetings, for example.

2. Processed Data 

Participant information 

  • Name
  • Email address
  • Profile picture (if applicable)


Meeting details 

  • Date, time, duration
  • Meeting ID / Title
  • Participant's IP address 


Communication

  • Audio and video data
  • Chat content
  • shared content (screen, files, whiteboard) 


Technical Specifications (provided by Microsoft) 

  • IP address
  • Device/Hardware Information
  • Operating System / Client Version
  • Connection details 


3. Required and optional information 

The information of the nameis is required to participate. Without this information, participation is technically not possible. Additional information and the use of features (chat, camera, microphone) are voluntary. In this context, you are free, for example, to use the chat, question, or poll functions during the online meeting and thereby disclose relevant information about yourself. 

4. Processing by Microsoft 

The service is provided by

Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland . Parent company: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, USA. 

A data processing agreement has been entered into in accordance with Article 28 of the GDPR. 

For more information about data processing by Microsoft: 

https://privacy.microsoft.com/de-de/privacystatement 

Note: When accessing the Teams website directly, Microsoft is the data controller. 

5. Recipients or categories of recipients 

The recipients of the data are: 

  • internal departments of the controller 
  • other participants in the respective online meeting
  • Microsoft as a data processor 


Information will only be disclosed to third parties to the extent necessary to conduct the meeting or where there is a legal obligation to do so.

6. Transfer of Data to Third Countries 

In accordance with the relevant contractual agreements, Microsoft processes your data strictly in accordance with our instructions. We have limited our storage locations to data centers within the European Union. However, it cannot be ruled out that your data may also be processed outside the EU or the EEA or transferred to Microsoft Corporation. Furthermore, it cannot be ruled out that Microsoft may access data from third countries in the context of support or maintenance services. 

Data transfers to the United States are subject to appropriate safeguards within the meaning of Article 46 of the GDPR through the use of standard data protection clauses and additional measures taken. We would be happy to provide you with a copy of the standard data protection clauses as well as further information on the additional measures taken upon request. 

If a data subject joins an online meeting from a third country, it cannot ruled outthat data may be routed via Internet servers outside the EU. 

7. Legal basis for processing 

If you use Teams as an employee* for business purposes, data processing is carried out on the basis of Art.6 (1) 1 lit. b in conjunction with §26(1 of the BDSG. This is because the data processing you perform via Teams is necessary, due to the requirements described above, for the purposes of carrying out your employment relationship or fulfilling the obligations owed by you under your employment contract. 

If you participate in an online meeting as an external participant, your data is generally processed on the basis of Art.6(1)1 lit.b GDPR. However, this applies only to the extent that your participation in the online meeting was necessary for the performance or fulfillment of a contract concluded with you. The same applies to cases involving pre-contractual negotiations that were initiated by you. 

Unless the processing of data in connection with the use of Teams is necessary for the purposes of the employment relationship, to fulfill a contract concluded with you, or to take steps prior to entering into a contract, it is based on Art.6(1)1 lit.f GDPR. Our legitimate interest in this regard consists of maintaining location-independent communication, cultivating business contacts, and providing the services owed. 

If, while using the tool, you voluntarily provide personal information or voluntarily use features that are not strictly necessary, the associated data processing is based on your consent, which you may revoke at any time in accordance with Art.6(1)1 lit.in conjunction with Art.7 of the GDPR and, where applicable, in conjunction with §26(1)2 of the BDSG, if you are an employee*are. 

8. Retention Period for Personal Data 

When deleting your data, we adhere in particular to the principles of purpose limitation and storage limitation in accordance with Article 5(1) of the GDPR. Therefore, we generally delete your data whenever the purpose for which the data was collected no longer applies. 

One justification for retaining data may be, in particular, that certain data is still needed to fulfill contractual obligations and to assess, grant, or contest warranty and, where applicable, guarantee claims. In the case of statutory retention requirements, e.g.e.g., under tax law, deletion may only be considered after the respective retention obligation has expired. 

If you are registered as a user in Teams, reports on online meetings (meeting metadata, phone dial-in data) can be stored in Teams for up to one month. 

9. Right of access, rectification, erasure, and restriction of processing 

You have the right to information about the personal data concerning you. You can contact us at any time for information. 

In the case of a request for information that is not made in writing, we ask for your understanding that we may require proof from you that you are the person you claim to be. 

Furthermore, you have a right to rectification or erasure or to restriction of processing, provided that the legal requirements are met. 

Finally, you have the right to object to the processing within the framework of the statutory provisions. 

There is also a right to data portability within the framework of data protection regulations. 

10. Consents 

In the event that the data processing is based on your effective consent, you have the right to withdraw this consent at any time with effect for the future.  

11. Right to File a Complaint with the Supervisory Authority 

You have the right to contact the data protection supervisory authority to obtain information about your rights under the Federal Data Protection Act (BDSG) and other data protection regulations, including the General Data Protection Regulation (GDPR). In addition, the supervisory authority serves as the point of contact for complaints regarding the processing of personal data.  

Competent supervisory authority for North Rhine-Westphalia: 

State Commissioner for Data Protection and Freedom of Information, North Rhine-Westphalia
P.O. Box 20 04 44
40102 Düsseldorf
+49 (0)211 / 38424 - 0
poststelle@ldi.nrw.de

As of June 15, 2026