epi uses Teams for telephone conferences, online meetings inclusive breakout sessions, video conferences and webinars (hereinafter referred to as "online meeting").
1. Description of data processing, purposes and types of data
Personal data is processed in the Teams platform only for the purpose of carrying out the online meeting. Following data will be collected and processed: name, username, e-mail or telephone number, password (if no single sign-on is used), if applicable, your Teams account name.
The tool also collects user data required for the provision of technical and operational support and improvements to the services provided. This includes in particular technical data about your devices, your network and your Internet connection, such as IP address, MAC address, other device IDs (UDID), device type, operating system type and version, client version, camera type, microphone or loudspeaker, type of connection.
2. Required data and functions
Text, audio and video data will be collected and processed for the purpose of carrying out the online meeting. When the recording is made, the participants of the online meeting will be informed by the system both via video and audio. "Public" chats and messages sent directly to the hosts will be logged for the same purpose as mentioned above. Private chat content between individual participants is not logged.
If you switch on your camera or microphone, the data from your terminal device's microphone and any video camera on the terminal device will be processed for the duration of the meeting. When you join the online meeting, your camera and microphone are turned off by default. Switching on the video camera is voluntary and therefore requires your implied consent. If you do not wish to record images, you can leave the camera switched off during the session.
For further information on the processing of your data when using “Teams”, please visit: Microsoft Privacy Statement – Microsoft privacy.
We have no influence on the data processing of any photos that might be taken by the participants during the meeting. However, we would ask all participants not to publish these photos on social media channels or similar without the consent of those concerned.
3. Voluntary information and functions
Please note that any information that you or others upload, post, or create during the online meeting will be processed at least for the duration of the meeting. This includes, but is not limited to, chat/instant messages, files, whiteboards and other information shared while using Teams.
If, when using the tool, you also voluntarily provide personal information or voluntarily use functions that are not absolutely necessary, the associated data processing is carried out on the basis of your revocable consent. You can revoke your consent at any time with effect for the future. Please note that processing that took place before the revocation is not affected.
4. Legal basis for data processing
Depending on the different type of the online meeting you participate in your data could be processed based on given consent. Your data could be further also processed based on concluded contract, insofar as your participation in the online meeting is necessary for the performance of a contract concluded with you. The same applies if the implementation of the online meeting is necessary for the implementation of pre-contractual measures that take place at your request.
If the processing of data in connection with the use of Teams is not necessary for the purposes mentioned above, it is carried out on necessary for the performance of a task carried out on the Founding Regulation or on the basis of a legitimate interest. Our legitimate interest in this respect is basis of the maintenance of location-independent communication, the maintenance of business contacts and the provision of services owed.
5. Transfer of your data
As a matter of principle we do not transfer your data to third parties. We will only pass on your data to third parties if the data is intended to be passed on, if you have expressly consented to the transfer in advance or if we are obliged or entitled to do so by law.
The personal data is disclosed, on a need-to-know basis, to the following recipients:
- epi staff;
- epi’s third-party providers for service maintenance and support services;
- Microsoft Corporation supports us in the processing of your data as an external service provider and processor. As a processor, Microsoft Corporation processes your data strictly in accordance with instructions and on the basis of a separately concluded order processing agreement. Data processing outside the European Union (EU) or the European Economic Area (EEA) does not take place as a matter of principle, as we have restricted our storage location to data centers in the European Union. However, it cannot be ruled out that your data may also be processed outside the EU or the EEA or transmitted to Microsoft Corporation. The transfer of data to the USA is subject to appropriate safeguards through the use of standard data protection clauses and additional measures taken.
6. Deletion of your data
As a matter of principle, we process your data only as long as they are required for the purposes for which they were collected. After that, your data will be deleted, unless the processing or storage of your data is necessary for the assertion, exercise or defense of legal claims. In the case of statutory retention obligations, deletion will only be considered after the expiry of the respective retention obligation.
7. Rights as a data subject
You have the right to obtain information from the data controller about the personal data concerning you and to have incorrect data corrected or deleted, for example if the data is no longer needed for the purposes for which it was collected. You also have the right to limit processing. In cases where we process your personal data, you also have the right to object at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling reasons for processing, which are worthy of protection and which outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.
epi, Bayerstrasse 83, 80335 Munich, Germany,
is responsible for data collection and processing.
You can assert your data protection rights here: Petra Zimmermann, epi Secretariat,
Bayerstrasse 83, 80335 Munich, Germany, Tel: +49 89 242052-0, Fax: +49 89 242052-220, email@example.com.
Our data protection officer will be pleased to answer any queries and address any concerns you may have on all matters relating to data protection: datenschutz süd GmbH, E-Mail: firstname.lastname@example.org, Phone: +49 931 30 49 76 0.