Privacy Policy for Online Meetings, Telephone Conferences, and Webinars via “Microsoft Teams”
We would like to inform you below about the processing of personal data in connection with the use of “Microsoft Teams”.
Purpose of Processing
At the explicit request of the customer, we use the tool “Microsoft Teams” to conduct project work, telephone conferences, online meetings, video conferences, and/or webinars (hereinafter: “Online Meetings”). “Microsoft Teams” is a service of Microsoft Corporation.
Microsoft Ireland Operations Limited One Microsoft Place South County Business Park Leopardstown Dublin 18 D18 P521 Ireland
When using “Microsoft Teams,” various types of data are processed. The scope of the data also depends on the information you provide before or during participation in an “Online Meeting” and during project work.
The following personal data are subject to processing:
- User Information:g., display name, email address, profile information
- Meeting Metadata:g., date, time, meeting ID, phone numbers, location
- Text, Audio, and Video Data: You may have the option to use the chat function in an “Online Meeting.” In this case, the text entries you make are processed to display them in the “Online Meeting.” To enable the display of video and the playback of audio, the data from your device’s microphone and any video camera are processed during the meeting. You can turn off the camera or mute the microphone at any time via the “Microsoft Teams” application.
As a rule, “Online Meetings” are not recorded. If we record “Online Meetings” at the customer’s request as part of project work, we will inform you transparently in advance and, if necessary, request your consent.
A user can read the chat history after the fact and without participating in a meeting, as long as the meeting was invited from a team and they are a member of that team. Therefore, the chat history of meetings can generally be read afterward.
Automated decision-making within the meaning of Art. 22 GDPR is not used by us.
As part of project work on the Microsoft Teams platform, project content can be shared in various file formats (Word, PDF, etc.) and made visible to all members of the respective team.
Please note that Microsoft reserves the right to process customer data (including yours) for its own legitimate business purposes. Unfortunately, we have no influence on this processing by Microsoft. We try to maintain privacy-friendly settings in our MS Teams accounts as much as possible.
If Microsoft processes data as a controller for its own legitimate purposes, Microsoft is also responsible for ensuring compliance with all applicable data protection regulations. For more information, please visit Microsoft Privacy Statement.
Legal Basis for Processing
When using Microsoft Teams for “Online Meetings” as part of project work or in a pre-project phase, the legal basis for data processing is Art. 6(1)(f) GDPR. In these cases, our interest lies in the effective conduct of “Online Meetings” and project work in and with Microsoft Teams.
Otherwise, the legal basis for data processing in the conduct of “Online Meetings” and project work is Art. 6(1)(b) GDPR, insofar as the meetings are conducted within the framework of contractual relationships.
Recipients or Categories of Recipients of Personal Data
Personal data processed in connection with participation in “Online Meetings” and project work are not generally disclosed to third parties by us, unless they are specifically intended for disclosure. Please note that content from “Online Meetings,” as with in-person meetings, often serves to communicate information with customers, prospects, or third parties and is thus intended for disclosure.
Additional Recipients: The provider of “Microsoft Teams” necessarily gains knowledge of the above-mentioned data, insofar as this is provided for in the context of our data processing agreement with “Microsoft Teams” (see “Transfer of Personal Data to a Third Country”).
Transfer of Personal Data to a Third Country
In principle, data processing in a third country outside the European Union does not take place, as we have restricted the storage location to data centers within the European Union. However, it cannot be ruled out that, in individual cases, companies affiliated with Microsoft outside the EU may gain access (so-called third countries) to the data. Such transfers to third countries are only possible if an adequacy decision by the EU Commission exists, the controller or processor has provided appropriate safeguards for the protection of personal data, or one of the exceptions under Art. 49 GDPR applies.
On July 10, 2023, the European Commission issued an adequacy decision (EU-U.S. Data Privacy Framework – DPF) for the transfer of personal data from the EU to companies in the USA. This means that, from this point onward, data from companies in the EU can be transferred to companies in the USA covered by the adequacy decision without the need for additional safeguards. This adequacy decision only applies if the recipient of the data in the USA has, through self-certification, subjected itself to the DPF and the associated data protection obligations. In these cases, the transfer of data to this recipient is considered secure. Microsoft has such certification; see here.
Duration of Storage of Personal Data
We generally delete personal data when there is no longer a need for further storage. A need may exist, in particular, if the data are still required to fulfill contractual services, to review and grant warranty and, if applicable, guarantee claims, or to defend against them. In the case of legal retention obligations, deletion will only be considered after the respective retention period has expired.
Contact for Data Protection Questions
embedded brains GmbH & Co. KG Dornierstr. 4 D-82178 Puchheim Germany Phone: +49-(0)89-189 47 41-00 Email: info@embedded-brains.de
Your Rights as a Data Subject
You have the right to information about the personal data concerning you. You can contact us at any time for information.
For information requests that are not made in writing, we ask for your understanding that we may require proof from you to confirm that you are the person you claim to be.
Furthermore, you have the right to rectification, erasure, or restriction of processing, insofar as this is provided for by law.
You also have a right to object to processing within the framework of legal provisions.
A right to data portability also exists within the framework of data protection regulations.
Right to Lodge a Complaint with a Supervisory Authority
You have the right to lodge a complaint about the processing of your personal data by us with a supervisory authority for data protection.








