Data privacy

Data protection is very important to us. Hereafter, we provide you with information on the collection of personal data during your utilisation of this website. Personal data is all data that can be related to you as a person, such as your name, address, e-mail addresses and user behaviour. We have implemented extensive technical and organisational safeguards to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security procedures are checked regularly and adapted to technological progress.

1. Controller

Controller pursuant to art. 4 para. 7 EU data protection regulation (GDPR) is Ewald Dörken AG, Wetterstr. 58, 58313 Herdecke (see our Legal Notice)

2. Data protection officer

For questions regarding data protection please contact our data protection officer:
Personal/confidential
To the data protection officer of Ewald Dörken AG
intersoft consulting services AG
Beim Strohhause 17
20097 Hamburg
E-mail: datenschutzbeauftragter@doerken.de

3. Legal basis of our data processing

The processing of personal data may rest upon various legal bases. To the extent that we require your data for the fulfilment of a contract with you or to respond to queries on your part regarding a contract, the legal basis for this data processing is art. 6 para. 1 s. 1 lit. b GDPR. If we obtain your consent for specific data processing, the legal basis is art. 6 para. 1. s. 1 lit. a GDPR. We conduct some data processing on the basis of our legitimate interest, whereby a balance is sought at all times between your interests requiring protection and our legitimate interest. Legal basis for this is art. 6 para lit f GDPR. To the extent that processing is required for the fulfilment of a legal obligation imposed upon us, the legal basis is art. 6 para. 1 lit. c GDPR.

4. Collection of personal data when visiting our website

When using the website solely for information purposes, i.e. if you do not register or otherwise send us information (e.g. via a contact form), we collect the following technical information (logfile data):

IP address, date and time of request, time zone difference to Greenwich Mean Time (GMT), content of request (specific site), access status/HTTP status code, respectively transferred data volume, website from which request originates, browser, operating system and its interface, language and version of browser software.

The collection of these data is required for technical reasons to display our website to you and ensure stability and security. We (and our service provider) are not regularly aware of who is behind an IP address. We do not combine the above data with other data.

We pass the collected data on to the responsible internal departments or an external service provider, contractor (e.g. hosting) for processing, to present the website, to generate content or to technical support.

Legal basis for this is art. 6 para. 1 s.1 lit f GDPR. As the collection of the data for the provision of the website and the saving in log files are essential for the operation of the website and protection against abuse, our legitimate interest in data processing is predominant at this point.

5. Data security

We have taken extensive technical and operational protective measures to protect your data from random or intentional manipulation, loss, destruction or the access of unauthorised third parties. Our security procedures are checked on a regular basis and adapted to keep pace with technological progress.

6. Data transfer

The forwarding of your personal data to third parties does not take place as a rule, unless we are obliged to do so by law, or the forwarding of the data is required for the implementation of the contractual relationship or you have given your prior, express consent to the forwarding of your data.

To the extent that our service partners process your personal data on our behalf, in the scope of data processing in accordance with art. 28 GDPR we shall ensure that these observe the terms of the data protection laws in the same way.

We place a high value on processing your data within the EU / the EEA. However, it may occur that we employ service providers who process data outside of the EU / the EEA. For this case we shall ensure that prior to the forwarding of your personal data an appropriate level of data protection, comparable to the standards within the EU, is established with the recipient.

7. Contact via e-mail or contact form

When you contact us via e-mail or a contact form the data that you communicate to us are saved in order to answer your questions and process your concerns. Legal basis for this is art. 6 para. 1 s.1 lit f GDPR. To the extent that we request details via our contact form that are not required for initiating contact, we have always indicated these as optional. We use these details to specify your enquiry and improve the processing of your request. Communication of these additional details is exclusively on a voluntary basis and with your consent, art. 6 para.1 lit. a GDPR. Your data which we have received in the scope of you contacting us are deleted as soon as they are no longer required for the achievement of the purpose of their collection, your concern has been processed in full and no further communication with you is necessary or desired by you.

7.1 Communication via Facebook Messenger

As additional communications medium, this offer uses the Facebook Messenger of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). The data and content of the communication are processed via servers in the US. Facebook also evaluates the meta data of the communication for advertising purposes, albeit not the content of the messages

For further details please see the Facebook Data Protection Guidelines.

7.2 E-Mail Marketing

General Information
On individual websites of ours you may subscribe to various newsletters, with which we inform you about the activities of our company, the latest information regarding our services, specific offers, promotions, events and competitions. The content of the individual newsletter is described briefly in the scope of the registration. Legal basis for the sending of the respective newsletter is your consent in accordance with art. 6 para. 1 s. 1 lit. a GDPR in association with §7 para. 2 no. 3 UWG - Unfair Competition Act.
For subscription to our newsletter, we use the so-called double opt-in procedure. This means that after you have subscribed, we send an e-mail to the e-mail address stated, requesting confirmation that you wish to subscribe to the newsletter. If you do not confirm your subscription, your information is deleted automatically after 14 days.
Sole compulsory entry for the sending of the newsletter is your e-mail address. The provision of further data is voluntary: These data are used to address you personally. After your confirmation we store your e-mail address for the purpose of sending you the newsletter and until revocation. In addition, at the time of your subscription we also save your current IP address, the time of subscription and the confirmation for up to three years following subscription (limitation period). The purpose of the procedure is to provide proof of your subscription and clarify any misuse of your personal data. Legal basis for the logging of the subscription is our legitimate interest in accordance with art. 6 para. 1 s.1 lit. f GDPR in the proof of a previously granted consent, see also art. 7 para. 1 GDPR.
You may revoke your consent for the sending of the newsletter at any time and unsubscribe from the newsletter. Revocation may be declared by clicking on the link provided in each newsletter e-mail or sending an e-mail to info@doerken.de.
The data that you have deposited with us for the purpose of subscribing to the newsletter is saved by us until you unsubscribe from the newsletter and deleted following unsubscribing to the newsletter. Data that we save for other purposes are not affected by this.

We use the service provider CleverReach from CleverReach GmbH & Co KG, Schafjückenweg 2, 26180 Rastede, Germany, to send the newsletter. We have concluded an order processing contract with the provider, which ensures that the data is processed exclusively in accordance with instructions within the scope of order processing and that the service provider complies with the provisions of data protection laws in the same way.

Advertising to existing customers
If you purchase goods from us or use services (such as webinars), we will subsequently send you information e-mails for similar goods or services. Legal basis for this is statutory authorisation according to §7 para. 3 UWG.
You may request to no longer receive such e-mails from us at any time. For this, please send an e-mail to info@doerken.de or click the link provided at the end of each information e-mail.

8. Application

You can additionally apply online via our application portal. Your online application will be forwarded directly to the HR department via encrypted connection and will be treated confidentially of course.

Your details will be used for processing your application and deciding whether to establish an employment relationship. The legal basis is §26 para. 1 in conjunction with. para. 8 S.2 BDSG. Furthermore, your personal data may be processed insofar as it should be necessary for the defense of asserted legal claims against us arising from said process. The legal basis for this is article 6 para. 1 p.1 lit. f DSGVO. The stated purposes also constitute the legitimate interest in the processing.

Insofar as an employment relationship arises between you and us, we may further process the personal data already received from you for the purposes of the employment relationship in accordance with §26 para. 1 BDSG if this is necessary for the implementation or termination of the employment relationship or for the exercise or fulfillment of the rights and obligations of the representation of the interests of the employees resulting from a law or a collective agreement, a company or service agreement (collective agreement).
Your application data will not be processed beyond the described use.
Your personal data will be deleted after completion of the application process after 6 months the latest, provided that no other legitimate interests on our part oppose deletion or you have not given us your consent for longer filing. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).

9. Cookies and the inclusion of third-party offers on our website

Cookies are data deposited on your computer by a website that you visit and that enable a renewed allocation to your browser. Cookies send information to the office that places the cookies. Cookies can save different information, such as your language setting, duration of the visit to our website or the entries that you make there. This avoids, for example, the need to input necessary form data for each visit. The information saved in cookies can also be used to recognise preferences and arrange content according to areas of interest.

There are various types of cookies: session cookies are data volumes that are only temporarily stored in the working memory and deleted when you close your browser. Persistent cookies are deleted automatically after a specified time, which can vary from cookie to cookie. For this type of cookie information can also be saved in text files on your computer. However, you can also delete these cookies at any time via the settings of your browser.

First-party cookies are placed by the website that you are currently visiting. Only this website may read information from these cookies. Third-party cookies are placed by organisations that are not operators of the website that you visit. These cookies are used by marketing companies, for example.

The legal basis for possible processing of personal data via cookies and the amount of time they are saved can vary. To the extent that you have granted us consent, the legal basis is art. 6 para.1 s.1 lit.a GDPR. To the extent that the data processing is undertaken on the basis of our predominant legitimate interest, the legal basis is art. 6 para.1 s.1 lit.f GDPR. The stated purpose then corresponds to our legitimate interest.

We use cookies to ensure the orderly operation of the website, to provide fundamental functionalities, to measure range and - with your consent - to tailor our services to preferred areas of interest. The cookies used on this website can be found here:

  • Cookie informationen

You can delete cookies saved on your terminal device at any time. If you wish to prevent the saving of cookies, you can do this via the settings of your internet browser. Please note that individual functions of our website may not function if you have deactivated the use of cookies.

When accessing our website all users of our website are also informed of the use of cookies via an info banner and referred to this data protection notice. In this, you as user are also asked for your consent for the use of cookies, particularly those relevant for the personalisation of services and marketing measures. Consent provided by you one time may be withdrawn at any time with effect for the future, by using the following link to access cookie management and remove the tick behind the processing that you have consented to.

9.1 Session storage

Session storage is used to temporarily store login information, identification features or settings for a specific user as well as any entries already made (hereinafter referred to as "session objects").
Such Session Objects contain data with which various requests can be assigned to the joint session and which enable your terminal device to be recognized. This assignment can also be made if you have interrupted the use of the services offered or have used another service in the meantime. The setting of session objects is necessary, for example, in order not to lose entries you have already made in related input masks and to enable the recovery of such entries in the event of a malfunction (for example, in the event of a brief disconnection of the Internet connection while calling up a subsequent input mask) as well as the correction of information already entered (for example, when using the "Back" button of your browser). On the other hand, session objects may also be required to provide various other functions, such as a login function as part of a user system.

Data is only stored during an active session per browser tab. In addition, we store only the most recently clicked navigation items and empty the memory after reloading the page or switching to another page at http://doerken.com. The data is deleted and is only accessible during navigation through the currently open page.
The legal basis is Art. 6 para. 1 sentence 1 lit. f DSGVO. Since the collection of data for the provision of the website and the storage in log files are absolutely necessary for the operation of the website and to protect against misuse, our legitimate interest in data processing prevails at this point.

10.1 YouTube videos

On our website we make use of services of YouTube, LLC 901 Cherry Ave., 94066 San Bruno, CA, USA, a company of Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA. In this, to protect your personal data we use the enhanced data protection option provided by YouTube. When you call a site in which a YouTube video is embedded, a connection is established to the YouTube server and the content presented via notification to your browser on the website. However, according to YouTube, in “enhanced data protection mode” data are only transferred to the YouTube server when you actively start the video. If you are logged into YouTube at that time, the information regarding the video that you have watched is assigned to your membership account at YouTube. You may prevent this by logging out of your membership account prior to visiting our website.

In some case further data processing actions may be initiated with the start of a YouTube video, over which we have no influence.

The use of YouTube is in the interest of an appealing representation of our online offers. This constitutes a justified interest as per art. 6 para. 1 lit. f GDPR. To the extent that corresponding consent has been requested, processing is undertaken solely on the basis of art. 6 para. 1 lit. a GDPR; consent is revocable at any time.

Further information regarding YouTube data protection is provided by Google at the following link: https://www.google.de/intl/de/policies/privacy/

11.2 Google Analytics

With your consent, this website uses Google Analytics, a web analysis service of Google LLC, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). Responsible body for users in the EU/ the EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Usage comprises the operating mode Universal Analytics. This makes it possible for data, sessions and interactions across multiple devices to be assigned a pseudonym user ID and the activities of a user across multiple devices to be analysed.

Google Analytics uses cookies that enable the analysis of your use of the website. The information about your use of the website generated by the cookie is typically sent to a Google server in the USA and saved there. However, in the case of activation of IP anonymisation on this website, your IP address will be abbreviated by Google beforehand within the member states of the European Union or other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and abbreviated there.

We have taken the necessary precautions in accordance with art. 44 et seq. GDPR to ensure as far as possible an appropriate level of data protection with the recipient in the third country.

The IP address communicated from your browser in the scope of Google Analytics is not combined with other data by Google. Google will then use this information on behalf of the operator of this website to analyse your use of the website in order to compile reports about website activities and provide further services associated with use of the website and internet use to the website operator.

The data that are sent and linked to cookies or user recognition (e.g. user ID) are deleted automatically after 14 months. The deletion of data whose storage limit has been reached occurs automatically once a month.

Further information on the terms of use of Google Analytics and data protection at Google can be found at https://www.google.com/analytics/terms/de.html or at https://www.google.com/analytics/terms/de.html

Legal basis for the data processing described is your consent in accordance with art. 6 para. 1 s. 1 lit. a GDPR. You may revoke your consent at any time with effect for the future.

You may prevent the saving of cookies by setting your browser software accordingly, however, we wish to point out that in this case you may not be able to make full use of all functions of our website. In addition, you may prevent the collection of the data generated by the cookie and relating to your use of the website (including your IP address) by Google as well as the processing of this data by Google by downloading and installing https://tools.google.com/dlpage/gaoptout?hl=de .

Opt-out cookies prevent the future recording of your data when visiting this website. To prevent the recording by Universal Analytics across all devices it is necessary to carry out the opt-out on all systems used.

Click here to place the opt-out cookie:

11.3 Google Tag Manager

For reasons of transparency, we wish to point out that we use Google Tag Manager. Google Tag Manager does not itself record personal data. The Tag Manager makes it easier for us to embed and manage our tags. Tags are small code elements that, amongst other things, serve to measure traffic and visitor behaviour, record the effects of online advertising and social channels, establish remarketing and the alignment to target groups and test and optimise websites. If you have undertaken a deactivation, this deactivation will be noted by Google Tag Manager. For further information about Google Tag Manager see: https://www.google.com/intl/de/tagmanager/use-policy.html.

11.4 Double Click

This website uses the marketing tool DoubleClick by Google. DoubleClick uses cookies to trigger advertisements of relevance to users, improve the reporting of campaign performance or to avoid users from being shown the same advertisement multiple times. Google uses a cookie ID to record which advertisements are shown in which browser and can therefore prevent these from being shown multiple times. In addition, DoubleClick can use cookie IDs to record so-called conversions, which have a reference to advertisement requests. This is the case, for example, where a user sees a DoubleClick advertisement and later accesses the website of the advertiser with the same browser to make a purchase. According to Google, DoubleClick cookies do not contain personal information.

We have no influence on the scope and further use of the data collected through the use of this tool by Google and consequently inform you to the best of our knowledge: with the integration of DoubleClick Google receives the information that you have called the corresponding part of our internet presence or clicked on one of our advertisements. If you have registered with a service of Google, Google can match the visit to your account. Even if you are not registered with Google or are not logged in, it is also possible for the provider to learn your IP address and save it.

In addition, the cookies placed enable us to see if you carry out specific actions on our website after having viewed our advertisements on Google or on other platforms via DoubleClick or have clicked on these (conversion tracking). DoubleClick uses this cookie to comprehend the content with which you have interacted on our website, in order to send you targeted advertisements at a later time.

Due to the transfer of personal data to a third country (USA) we have taken the necessary precautions in accordance with art. 44 et seq. GDPR to ensure as far as possible an appropriate level of data protection with the recipient in the third country.

Further information on DoubleClick by Google can be found at www.google.de/doubleclick and support.google.com/adsense/answer/2839090, as well as regarding data protection at Google in general: www.google.de/intl/de/policies/privacy

Legal basis is your consent in accordance with art. 6 para.1 s. 1 lit. a GDPR.

11.5 Facebook tracking pixel

With your consent we utilise the “tracking pixel” of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). With the aid of this we can track the activity of users after they have viewed or clicked a Facebook advertisement. This enables us to record the effectiveness of Facebook advertisements for statistical and market research purposes. The data recorded for this are anonymous to us, meaning we do not see the personal data of individual users. However, these data are saved and processed by Facebook, which we inform you of to the best of our knowledge. Facebook can link this data to your Facebook account and also use it for advertising purposes, in accordance with the Facebook data use guidelines https://www.facebook.com/about/privacy/.

Facebook as well as its partners may be enabled to place advertisements on and outside of Facebook. Moreover, a cookie may be saved on your computer for this purpose.

Please note that this may result in forwarding of personal data to third countries (USA). For this case we have taken maximum precautions pursuant to art. 44 et seq. GDPR, so that prior to the forwarding of your personal data an appropriate level of data protection, comparable to the standards within the EU, is ensured as far as possible.

Please click here if you wish to revoke your consent.

Legal basis for the data processing is your consent in accordance with art. 6 para. 1 s. 1 lit. a GDPR.

12. Your rights

We will be happy to inform you whether and what type of personal data of yours are processed by us and for what purposes (art. 15 GDPR). In addition, under the respective legal prerequisites you are entitled to the right to correction (art. 16 GDPR), the right to limitation of processing (art. 18 GDPR), limitation of processing (art. 18 GDPR), the right to erasure (art. 17 GDPR) and the right to data portability (art. 20 GDPR).

Under the statutory prerequisites you have the right to object against processing (art. 21 GDPR).

To exercise your above rights, please send an e-mail to datenschutzbeauftragter@doerken.de or post to Ewald Dörken AG, Wetterstr. 58, 58313 Herdecke. Exercising your rights above is free of charge for you.

Irrespective of these rights and the opportunity, without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement if you are of the opinion that the processing of your personal data infringes GDPR (art. 77 GDPR).

The responsible regulatory authority for us is:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen

Postfach 20 04 44
40102 Düsseldorf
E-mail: poststelle@ldi.nrw.de

Data protection information for online meetings, telephone conferences via "Microsoft Teams" of Ewald Dörken AG

We would like to inform you below about the processing of personal data in connection with the use of "Microsoft Teams". Microsoft Teams is a proprietary application of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Teams can be used as follows:

  • as a client application via a login with your Microsoft 365 account
  • via the mobile app with your tablet, smartphone, etc.
  • as a web application via your web browser.

1. Who is the controller for data collection and processing?

The data controller for data processing directly related to the use of Microsoft Teams is Ewald Dörken AG, Wetterstraße 58, 58313 Herdecke, Germany.

Note: If you access the "Microsoft Teams" website, the "Microsoft Teams" provider is responsible for data processing. However, accessing the website is only necessary for the use of "Microsoft Teams" in order to download the software for the use of "Microsoft Teams".

If you do not want to or cannot use the "Microsoft Teams" app, you can also use "Microsoft Teams" via your browser. The service will then also be provided via the "Microsoft Teams" website.

2. How can you reach our data protection officer?

You can reach our data protection officer at: datenschutzbeauftragter@doerken.de

3. What is the purpose of the processing?

We use the tool "Microsoft Teams" to conduct telephone conferences, online meetings, video conferences (hereinafter: "online meetings"). Our focus here is on internal and external communication.

4. What data is processed?

When using "Microsoft Teams", various types of data are processed. The scope of the data also depends on the information you provide before or during participation in an "online meeting".

The following personal data are subject to processing:

  • User details: e.g. display name ("Display name"), e-mail address if applicable, profile picture (optional), preferred language
  • Meeting metadata: e.g. date, time, meeting ID, phone numbers, location, duration of call
  • Text, audio and video data: You may have the option of using the chat function in an "online meeting". To this extent, the text entries you make are processed in order to display them in the "online meeting". In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time via the "Microsoft Teams" applications.
  • Service-generated data: This is the IP address of the user, an anonymized UserID of the user, also the ID of the teams conference as well as the tenant can be traceable.
  • Availability status: As far as you have a Microsoft account in our organization, an availability status can be visible for other users of our organization. As far as they do not want to use the automated status changes from Microsoft, you can also set them manually.

5. What is the scope of processing?

We use "Microsoft Teams" to conduct "online meetings". This serves to facilitate internal and external communication.

If a recording of an "online meeting" is required in exceptional cases, we will inform you transparently in advance and - if necessary - ask for your consent. We have always deactivated the transcription function. When recording, you can decide for yourself whether you want to activate your camera and/or microphone or write something in the chat.

If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will not usually be the case.

Automated decision-making within the meaning of Art. 22 GDPR is not used.

6. What are the legal bases of data processing?

Insofar as personal data of employees or job applicants of Ewald Dörken AG are processed, Art. 6 para. 1 lit. b) GDPR forms the legal basis for the data processing.

If meetings are held in the context of contractual relationships, the legal basis for data processing is Art. 6 para. lit. b) GDPR.

If, in connection with the use of "Microsoft Teams", personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component in the use of "Microsoft Teams", the legal basis for the data processing is generally Art. 6 para. f) GDPR. In these cases, our interest is in the effective conduct of "online meetings" for the purpose of internal and external communication. Again, our interest is in the effective conduct of "online meetings". With regard to the service-generated data, both we and Microsoft also have an interest in the proper guarantee and IT security of the IT systems.

With regard to the processing of video and/or audio recordings, this is done voluntarily by releasing the camera and/or microphone, so that Art. 6 para. 1 lit. a) GDPR (consent) is the legal basis. The consent can be withdrawn at any time with effect for the future by deactivating the camera and/or microphone. The same also applies to the use of the chat function with regard to the processing of text data.

If, in exceptional cases, we record an online meeting, we will expressly inform you as a participant in advance and ask for your permission. We will inform you in advance of the purpose of the recording. If you consent to the recording, the legal basis for the processing of the data is Art. 6 para. 1 lit. a) GDPR. You can of course switch off your camera and/or microphone if you do not want your voice and/or video image to be part of the recording. If you generally do not wish to be recorded, you can leave the online meeting at any time. You can also revoke your previously given consent to the recording at any time with effect for the future. If we wish to publish the recording, we will inform you of this separately in advance and also obtain your consent for this - in writing if necessary.

7. Who are the recipients of your data?

When using Microsoft 365, various personal data are transmitted to Microsoft. We have concluded an order processing agreement with Microsoft in accordance with Art. 28 GDPR, according to which Microsoft has submitted to comply with various obligations from the GDPR. In addition, Microsoft itself uses further sub-processors. In these respective legal relationships, the respective agreements on commissioned processing within the meaning of Article 28  para. 3 GDPR apply.

The recipients of the content expressed by you, posted or shown in the chat are still the participants in the respective "online meeting".

8. Is data processed outside the European Union?

In principle, no data processing takes place outside the European Union (EU), as we have limited our storage location to data centers in the European Union. However, we cannot exclude the routing of data via Internet servers that are located outside the EU. This may be the case in particular if participants in "Online Meeting" are located in a third country.

However, the data is encrypted during transport over the Internet and thus protected against unauthorized access by third parties.

To the extent that data is processed in the U.S., Microsoft Corp. has certified itself under the Data Privacy Framework (DPF) program and is included in the International Trade Administration's (ITA) Data Privacy Framework list. This means that Microsoft Corp. has publicly committed to complying with DPF obligations and that any transfer of data to the U.S. is unobjectionable based on the European Commission's current adequacy decision of July 10, 2023.

Since Microsoft servers are distributed worldwide and a transfer to other third countries cannot be completely ruled out, processing in third countries takes place on the basis of the EU standard data protection clauses adopted by the European Commission in accordance with Art. 46 of the GDPR. These are contractually agreed with Microsoft and corresponding obligations are passed on to Microsoft's sub-processors. In addition, many different additional measures are taken by Microsoft and us to ensure a comparable level of data protection in the third country, e.g.:

  • Microsoft is certified to ISO 27001, ISO 27002 and ISO 27018, among others.
  • The introduction of Microsoft 365 was closely coordinated with our data protection officer.
  • End-to-end encryption has been centrally enabled for 1:1 VoIP calls with Microsoft Teams.
  • As far as this is adjustable by us, the optional Connected Experiences will be deactivated by us and the data transfer of diagnostic and telemetry data to Microsoft will be kept as low as possible. This reduces the analysis of your behavior by Microsoft for their own purposes and the number of data transfers to third countries as far as possible.

9. When will your personal data be deleted?

As a matter of principle, we delete personal data when there is no need for further storage. A requirement may exist, in particular, if the data is still needed to fulfill contractual services, to check and grant or defend against warranty and, if applicable, guarantee claims. In the case of statutory retention obligations, deletion will only be considered after expiry of the respective retention obligation.

You can access, extract, and delete content data stored in Teams at any time. Audio and video calls are not recorded. Service-generated data is retained by default for up to 180 days after collection; longer retention periods are possible if required for service security or to comply with legal or regulatory requirements.

Any recordings will only be stored for as long as is necessary for their respective purpose. If you, as a participant in a recorded online meeting, revoke your previously given consent, we will either remove you completely from the recording or - if this is not technically possible - delete the entire recording.

10. What rights do you have in connection with the processing of your data?

You have the following rights with respect to us regarding personal data concerning you:

10.1. General rights

You have the right to information, correction, deletion, restriction of processing, objection to processing and data portability. If processing is based on your consent, you have the right to withdraw it with effect for the future.

10.2. Rights in data processing according to the legitimate interest

Pursuant to Article 21 para. 1 GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 para. 1 lit. e) GDPR (data processing in the public interest) or on the basis of Article 6 para. 1 lit. f) GDPR (data processing for the purposes of safeguarding a legitimate interest); this also applies to profiling based on this provision. In the event of your objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

10.3. Rights in the case of direct advertising

If we process your personal data for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing pursuant to Art. 21 para. 2 GDPR; this also applies to profiling insofar as it is related to such direct marketing.

In the event of your objection to processing for the purpose of direct marketing, we will no longer process your personal data for these purposes

10.4. Right to complain to a supervisory authority

You also have the right to complain to a competent data protection supervisory authority about our processing of your personal data.

11. Is there an obligation to provide your personal data?

The provision of your data is generally voluntary. However, if you do not agree to the data processed in the course of your use of Microsoft Teams, you will not be able to use the services provided.

In order to enter into or perform an employment relationship, you must provide us with the personal data that is required for the performance of the employment relationship or that we are required to collect by law. If you do not provide us with this data, it will not be possible for us to carry out the employment relationship.

12. Updating the privacy policy

We adapt the privacy policy to changed functionalities or changed legal situations. We therefore recommend that you read the privacy policy at regular intervals. If your consent is required or components of the data protection notice contain provisions of the contractual relationship with you, the changes will only be made with your consent.

 

Status: 07.09.2023