Processing of Personal Data in Connection with Webcasts via Microsoft Teams

Subject of the processing

In the course of conducting webcasts via the “Microsoft Teams” platform, we process personal data of participants to the extent necessary for the preparation, execution, follow-up, and documentation of the event.

 

Categories of Personal Data

(1) For registration and participation in the webcast, the following personal data are collected and processed:

  • First name,
  • Last name,
  • Organization / Company,
  • Position / Function,
  • E-mail address,
  • Consent to the privacy policy.

(2) During participation in the webcast, the following data may additionally be processed:

  • Technical usage and metadata (e.g., participation time, technical log data),
  • Chat or question contributions from participants, if actively used,
  • Visibility in the participant list (accessible exclusively to speakers and moderators),
  • Image and audio data of the speakers.

(3) Participants’ cameras are disabled by default. No processing of participants’ image data occurs.

 

Recording and Publication

(1) The webcast is fully recorded. The recording includes, in particular, presentation content, image and audio recordings of speakers, and displayed content.

(2) The recording is further processed and provided for the following purposes:

  • Sending to registered participants via e-mail,
  • Publication on our YouTube channel,
  • Publication on our website.

(3) The legal basis for the recording and publication is

  • Consent pursuant to Art. 6 (1) (a) GDPR or, where applicable,
  • Our legitimate interest pursuant to Art. 6 (1) (f) GDPR in external presentation, knowledge transfer, and documentation.

 

Use of Data for Marketing Purposes

(1) Following the webcast, the provided contact details may be used to inform participants about related offers, events, or information.

(2) Processing occurs exclusively on the basis of consent pursuant to Art. 6 (1) )(a) GDPR or – where legally permissible – on the basis of our legitimate interest in direct marketing pursuant to Art. 6 (1) (f) GDPR.

(3) Objection to use for marketing purposes is possible at any time.

 

Use of Microsoft Teams

(1) For conducting the webcast, we use the “Microsoft Teams” service provided by Microsoft Corporation (Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland).

(2) Processing is carried out on the basis of a data processing agreement pursuant to Art. 28 GDPR.

(3) In connection with volume licensing and program agreements, data protection regulations are established with Microsoft to ensure data security. These regulations (Online Services Terms (OSTs) and Data Protection Addendum for Online Services (DPA)) include, among others, EU Standard Contractual Clauses and further GDPR provisions

(https://www.microsoft.com/de-de/licensing/product-licensing/products.aspx).

(4) Microsoft processes data in accordance with European data protection standards. Further information on Microsoft’s data protection is available at: https://privacy.microsoft.com/de-de/privacystatement (privacy.microsoft.com in Bing)

(5) If you log in with an existing Microsoft account, the agreements between you and Microsoft apply.
The controller may transmit personal data to courts, supervisory authorities, or law firms where a legal obligation exists pursuant to Art. 6 (1) (c) GDPR or where necessary pursuant to Art. 6 (1) (f) GDPR for the assertion, exercise, or defense of legal claims, and no reason exists to assume that participants have an overriding legitimate interest in not disclosing the data.

(6) Transmission of your provided data to a third country or international organization cannot be ruled out, as Microsoft is an international company headquartered in the USA, and access from the USA or other third countries for maintenance or support services may occur. Furthermore, U.S. authorities may legally access personal data on Microsoft’s systems without our or your knowledge.
Microsoft Corporation holds certification under the “EU-US Data Privacy Framework” (DPF). The list of certified companies is available at https://www.dataprivacyframework.gov/list, where you can search for the provider and view the certification directly.

 

Technical and Organizational Security Measures

We implement appropriate technical and organizational measures pursuant to Art. 32 GDPR to ensure the security of processed personal data. These include, in particular:

  • Encrypted data transmission,
  • Role-based access restrictions for moderators and administrators,
  • Secure storage of recordings,
  • Regular review and updating of IT security measures,
  • Data-minimizing configuration of the webcast environment.

 

Storage Duration

(1) Personal data are stored only as long as necessary for conducting the webcast, providing the recording, or fulfilling legal retention obligations.

(2) Consents may be revoked at any time with effect for the future.