Below you will find our general data protection notice in fulfillment of our duty to provide information, according to GDPR (EU General Data Protection Regulation) for the processing of your personal data in connection with online meetings (video and telephone conferences, webinars). For online meetings we use “Microsoft Teams“, a service provided by Microsoft Corporation.
Name and contact details of the Controller and the Data Protection Officer
The Controller according to Art. 4(7) GDPR is:
Carpus+Partner AG
represented by the CEO M.Re. Dipl.-Ing. Architect Tobias Ell
Forckenbeckstr. 61
52074 Aachen | Germany
Tel +49 (241) 88 75-0
Mail info@carpus.de
The Data Protection Officer for Carpus+Partner AG can be contacted at the above address, for the attention of the Data Protection Officer or at datenschutz@carpus.de.
Note: If you access the Microsoft Teams website, Microsoft is responsible for data processing. But you only need to call up the website to download the software. If you don´t want to or cannot use the app, you can also use Microsoft Teams via your browser. In this case the service is also provided via the Microsoft website.
Processing of personal data and purpose of the processing
The following types of data are processed when using Microsoft Teams. The scope of the data also depends on the information on data, which you provide before or when participating an online meeting.
- Information about the user: E.g. display name, possibly e-mail address, profile picture (optional), preferred language
- Metadata of meeting: E.g. date, time, meeting ID, phone numbers, location
- Text, audio and video data: Maybe you have the option of using the chat function in an online meeting. In this case, the text entries you make are processed in order to display them in the online meeting. In order to enable the display of video and the playback of audio, the data from the microphone and any video camera of your terminal device are processed for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time.
Legal basis
Insofar as personal data from applicants or employees of Carpus+Partner AG are processed, Art. 6(1) lit. b) GDPR is the legal basis for data processing. According to this, the processing of the data that is required in connection with the decision on the establishment and the implementation or termination of the employment relationship is permitted. If, in connection with the use of Microsoft Teams, personal data are not required for the establishment, implementation or termination of the employment relationship, but are nevertheless an elementary component in the use of Microsoft Teams, the data processing takes place according to Art. 6(1) lit. f) GDPR. In these cases, we are interested in the effective implementation of online meetings.
Otherwise, the legal basis for data processing when conducting online meetings is Art. 6(1) lit. b) GDPR, insofar as the meetings are carried out in the context of contractual relationships or pre-contractual measures.
If there is no contractual relationship, the legal basis is Art. 6(1) lit. f) GDPR. In this case, we are also interested in the effective implementation of online meetings.
If we want to record online meetings, we will inform you transparently in advance and – if necessary – ask for your consent according to Art. 6(1) lit. a) GDPR.
Storage location
Data processing outside of the European Union (EU) does generally not take place, as we have limited our storage location to data centers in the European Union. However, it cannot be ruled out that data will be transmitted to third countries (e.g. USA) in individual cases. It also cannot be ruled out that the routing of data takes place via internet servers that are located outside the EU. This can especially be the case if participants in online meetings are in a third country. However, the data are encrypted during the transport over the internet and in that way protected against unauthorized access by third parties.
Storage period
We generally delete personal data if there is no need for further storage. In particular a requirement can exist if the data are still required to fulfill contractual services or to check, grant or ward off warranty and possibly guarantee claims. In the case of statutory retention requirements, deletion can only be considered after the respective retention obligation has expired.
Recipients / disclosure of data
Personal data that are processed in connection with the participation in online meetings are generally not passed on to third parties, unless they are intended to be transferred. Please note that contents from online meetings, as well as from face-to-face meetings, are often precisely intended to be passed on and to communicate information with clients, interested parties or third parties.
The provider of Microsoft Teams necessarily receives knowledge of the above-mentioned data, insofar as this is provided in our Data Processing Addendum with Microsoft Teams. Furthermore we use an IT service provider for general maintenance and support activities. In this context, it may happen that the service provider becomes aware of personal data. We ensure that our service providers are carefully selected – especially in regard to data protection and data security – and take all measures required under data protection law for permissible data processing.
Rights of data subjects
You have the right to information about the personal data concerning your person processed by us. In the case of a request for information that is not made in writing, please understand that we may then request information from you that proves that you are the person you claim to be.
Furthermore, you have a right of correction or deletion or to restriction of the processing, insofar as you are legally entitled to this. Moreover, you have a right of objection to the processing within the context of the statutory provisions. The same applies for a right to data portability.
Please contact the Data Protection Officer (datenschutz@carpus.de) to assert your rights as a data subject.
Right of revocation and right of objection
Insofar as the data processing is based on a consent pursuant to Art. 6(1) lit. a) GDPR, you have the right to revoke your consent at any time with effect for the future. Notice of revocation does not affect the legality of the processing carried out before the revocation notice.
If your personal data are processed on the basis of legitimate interests in accordance with Art. 6(1) lit. f) GDPR, you have the right to lodge an objection against the processing of your personal data, in accordance with Art. 21 GDPR, insofar as reasons exist for this, which arise from your specific situation.
If you wish to assert your right of revocation or your right of objection, it is sufficient to send an e-mail to datenschutz@carpus.de.
Right of complaint
If you see any reason to be dissatisfied with the handling of your data by us or if you think that the data processing is not in accordance with the law, please contact the Data Protection Officer by email (datenschutz@carpus.de). The majority of questions and problems relating to data protection law can probably be resolved quickly and easily. If your request has not been dealt with satisfactorily, you have regardless to this the right to complain to a data protection supervisory authority about the processing of personal data by us.
Currency of and amendments to this data protection notice
We reserve the right to amend and update this data protection notice as required in compliance with the applicable data protection regulations. The respective current version applied for your visit.
This data protection notice applies as of: September 2023