maxingvest GmbH & Co. KGaA - The holding company and its sub-groups

About Us

Data protection information for meetings via Microsoft Teams

Compliance with data protection regulations is a high priority for us. In the following text, we would like to inform you about the collection and processing of your personal data.

Controller

The Controller for data processing in connection with the use of Microsoft Teams is the company, that initiated the meeting:

maxingvest GmbH & Co. KGaA

Alter Wandrahm 17/18

20457 Hamburg (Germany)

E-Mail: info@maxingvest.de

Tel.: +4940306982696

Participia Holding GmbH

Alter Wandrahm 17/18

20457 Hamburg (Germany)

Tel.: +4940306982696

E-Mail: info@participia.de

Polaris Immobilienmanagement GmbH

Alter Wandrahm 17/18

20457 Hamburg (Germany)

Tel.: +4940306982696

E-Mail: info@polaris-immo.de

If you access the "Teams" website, the Microsoft Corporation as the provider of "Teams" is responsible for data processing. However, accessing the website is only necessary for the use of "Teams" in order to download the software for the use of "Teams". If you do not want to or cannot use the "Teams" software (app), you can also use "Teams" via your browser. The service is then also provided via the Microsoft Corporation website.

Purpose and legal basis of data processing

Data processing for participation in the meeting

For the purpose of planning, organising and implementing digital event formats, the aforementioned body processes your personal data for the organisation before the meeting. The legal basis for this is the legitimate interest pursuant to Art. 6 (1) (f) GDPR in the proper planning and realisation of the digital meeting. Dialling in takes place via company-internal as well as external (private) Internet-enabled end devices.

Data processing when using Microsoft Teams

We use the "Teams" tool from the US provider Microsoft Corporation to organise conference calls, online meetings, video conferences and webinars (hereinafter referred to as "online meetings"). Depending on the type and scope of use of "Teams", various types of data are collected or processed. This includes, in particular, personal data (e.g. first and last name, email address, profile picture), meeting metadata (e.g. date, time and duration of communication, name of the meeting, participant IP address), text, audio and video data (e.g. chat histories, video and audio playbacks) and connection data (e.g. phone numbers, country names, start and end times, IP addresses).

As an employee, you may have a user account with which you can organise and hold online meetings as a "user" or "host". To create your user account or to plan and organise an online meeting, the following data, among others, will be collected and processed from you: Name, user name, e-mail or telephone number, password (if no single sign-on is used). The legal basis for data processing is Art. 6 (1) (b) GDPR resp. (in Germany) Art. 88 GDPR in conjunction with § 26 (1) BDSG (German Federal Data Protection Act), if and insofar as the organisation of online meetings is necessary for the purposes of the employment relationship.

If you are attending an online meeting as a guest, you will receive an access link from the host by email. When registering for the online meeting, you must then enter your name and, if applicable, your e-mail address. As a participant, you can take part in meetings directly via the browser without installing the Teams app. Data processing is carried out on the basis of Art. 6 (1) (b) GDPR if your participation in the online meeting is necessary for the fulfilment of a contract concluded with you. The same applies if the online meeting is necessary for the implementation of pre-contractual measures that are carried out at your request.

In addition, the tool collects user data that is necessary for the provision, technical and operational support and improvement of the services provided. This includes, in particular, technical data about your devices, your network and your Internet connection, such as IP address, MAC address, other device IDs, device type, operating system type and version, client version, camera type, microphone and loudspeaker or type of connection.

The provision of the aforementioned data is required for registration and participation in the meeting. Participation is not possible without providing this data.

You can provide further information about yourself, but you do not have to. You are also free to use the chat, question or survey functions during the online meeting. You can also switch your camera and microphone on and off or mute them yourself.

If you use the chat, question or survey function, the text entries you make will be processed in order to display them in the "online meeting" and, if necessary, to log them. If you switch on your camera or microphone, the data from your end device's microphone and any video camera on the end device will be processed for the duration of the meeting. Please note that all information that you or others upload, provide or create during an online meeting will be processed at least for the duration of the meeting. This includes, in particular, chat/instant messages, files, whiteboards and other information shared while using the service.

If data processing in connection with the use of "Teams" is not necessary for the purposes of the employment relationship or for the fulfilment of a contract concluded with you or for the implementation of pre-contractual measures, it is carried out on the basis of Art. 6 (1) (f) GDPR. We process data of contact persons for a company or organisation on the basis of Art. 6 (1) (f) GDPR. As a contact person, you can object to this processing at any time with effect for the future in accordance with Art. 21 GDPR.

Further information on the processing of your data when using "Teams" can be found at: https://privacy.microsoft.com/de-de/privacystatement and https://news.microsoft.com/de-de/datenschutz-und-sicherheit-in-microsoft-teams-nutzer/.

Obligation to provide your personal data

You are neither contractually nor legally obliged to provide your data. However, if you do not provide your data, we will not be able to contact you.

Storage period/criteria for determining the storage period

We only process your data for as long as it is required for the purposes for which it was collected. Your data will then be deleted unless the processing or storage of your data is necessary for the assertion, exercise or defence of legal claims. In the case of statutory retention obligations, erasure will only be considered after expiry of the respective retention obligation.

Your data will be deleted at the end of the meeting. Tax-relevant data is generally stored for 10 years due to statutory retention periods.

The following storage and deletion periods also apply to the data processed in Teams:

If you have a user account, you can completely delete your user profile, including the data stored about you, at any time.
Admin users in the Controller's account can completely delete usage profiles of any user, including the data stored there, at any time.
Audio and video content is processed in the stream and not saved.

Recipients of your data

As a matter of principle, we do not transfer your data to third parties. Data will only be passed on if it is specifically intended to be passed on, if you have expressly consented to the transfer in advance or if we are obliged or authorised to do so by law. Data may be passed on, for example, to other group companies for the purpose of event management or for tax purposes or as part of IT services. If the Controller of the data processing is Participia Holding GmbH or Polaris Immobilienmanagement GmbH, Microsoft Teams is provided via maxingvest GmbH & Co. KGaA as a processor. There is a data processing agreement in accordance with Art. 28 GDPR.

When processing your data, Microsoft Ireland Operations Ltd and Microsoft Corporation support us as service providers and (sub)processors within the meaning of Art. 28 GDPR strictly in accordance with our instructions. It cannot be ruled out that your data will also be processed in third countries outside the EU or the EEA. With regard to these data transfers, an adequate level of data protection is guaranteed by the EU Commission's adequacy decision for the USA (EU-U.S. Data Privacy Framework) in accordance with Art. 45 GDPR. In addition, EU standard contractual clauses also exist.

Your data protection rights

You have the right to receive information about the personal data stored about you free of charge upon request (Art. 15 (1) GDPR). In addition, if the legal requirements are met, you have the right to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR) and restriction of processing (Art. 18 GDPR) of your personal data and to data portability (Art. 20 GDPR).

You have the right to revoke your consent at any time with effect for the future if your data is processed on the basis of Art. 6 (1) (a) GDPR. Please send the revocation to the e-mail address of the respective Controller (see "Controller").

You have the right to object to data processing in accordance with Art. 21 GDPR if your data is processed on the basis of Art. 6 (1) (f) GDPR. Please send your objection to the e-mail address of the respective Controller (see "Controller").

Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your data violates data protection regulations. The right to lodge a complaint can be asserted in particular with a supervisory authority in the Member State of your habitual residence, your place of work or the place of the suspected infringement.

Contact details of the data protection officer

Our external data protection officer will be happy to provide you with information on the subject of data protection under the following contact details:

datenschutz nord GmbH

Sechslingspforte 2

22087 Hamburg (Germany)

Web: https://www.dsn-group.de/

E-mail: office@datenschutz-nord.de

If you contact our data protection officer, please also indicate the respective Controller (see "Controller").