Skip to main content
Topas Therapeutics GmbH

Falkenried 88, Haus A
20251 Hamburg GERMANY

+49 40 302089010
info@topas-therapeutics.com

Data Protection Information for Events using Microsoft Teams

Compliance with data protection regulations is a high priority for us. In the following, we would like to inform you about the collection and processing of your personal data.

Person responsible

The controller for data processing in connection with the use of Microsoft Teams is Topas Therapeutics GmbH, Martinistraße 64, 20251 Hamburg, Germany, Phone: +49 40 302089010, E-Mail: info@topas-therapeutics.com

If you access the “Teams” website, Microsoft Corporation as the provider of “Teams” is responsible for data processing. However, accessing the website is only necessary for the use of “Teams” in order to download the software for the use of “Teams”. If you do not want to or cannot use the “Teams” software (app), you can also use “Teams” via your browser. The service is then also provided via the Microsoft Corporation website.

Purpose and legal basis of data processing

Data processing when using Microsoft Teams

We use the “Teams” tool from the US provider Microsoft Corporation to organise conference calls, online meetings, video conferences and webinars (hereinafter referred to as “online meetings”). Depending on the type and scope of use of “Teams”, various types of data are collected or processed. This includes, in particular, personal data (e.g. first and last name, email address, profile picture), meeting metadata (e.g. date, time and duration of communication, name of the meeting, participant IP address), text, audio and video data (e.g. chat histories, video and audio playbacks) and connection data (e.g. phone numbers, country names, start and end times, IP addresses).

As an employee, you may have a user account with which you can organise and hold online meetings as a “user” or “host”. To create your user account or to plan and organise an online meeting, the following data, among others, will be collected and processed from you: Name, user name, e-mail or telephone number, password (if no single sign-on is used). The legal basis for data processing is Art. 88 GDPR in conjunction with. § Section 26 para. 1 sentence 1 BDSG, if and insofar as the organisation of online meetings is necessary for the purposes of the employment relationship.

If you are attending an online meeting as a guest, you will receive an access link from the host by email. When registering for the online meeting, you must then enter your name and, if applicable, your e-mail address. As a participant, you can take part in meetings directly via the browser without installing the Teams app. Data processing is carried out on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR if your participation in the online meeting is necessary for the fulfilment of a contract concluded with you. The same applies if the online meeting is necessary for the implementation of pre-contractual measures that are carried out at your request.

In addition, the tool collects user data that is necessary for the provision, technical and operational support and improvement of the services provided. This includes, in particular, technical data about your devices, your network and your Internet connection, such as IP address, MAC address, other device IDs, device type, operating system type and version, client version, camera type, microphone and loudspeaker or type of connection.

The provision of the aforementioned data is required for registration and participation in the event. Participation is not possible without providing this data. 

You can provide further information about yourself, but you do not have to. You are also free to use the chat, question or survey functions during the online meeting. You can also switch your camera and microphone on and off or mute them yourself.

If you use the chat, question or survey function, the text entries you make will be processed in order to display them in the “online meeting” and, if necessary, to log them. If you switch on your camera or microphone, the data from your end device’s microphone and any video camera on the end device will be processed for the duration of the meeting. Please note that all information that you or others upload, provide or create during an online meeting will be processed at least for the duration of the meeting. This includes, in particular, chat/instant messages, files, whiteboards and other information shared while using the service.

If data processing in connection with the use of “Teams” is not necessary for the purposes of the employment relationship or for the fulfilment of a contract concluded with you or for the implementation of pre-contractual measures, it is carried out on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR. We process data of contact persons for a company or organisation on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR. As a contact person, you can object to this processing at any time with effect for the future in accordance with Art. 21 GDPR.

Further information on the processing of your data when using “Teams” can be found at: https://privacy.microsoft.com/de-de/privacystatement and https://news.microsoft.com/de-de/datenschutz-und-sicherheit-in-microsoft-teams-nutzer/ 

Obligation to provide your personal data

You are neither contractually nor legally obliged to provide your data. However, if you do not provide your data, we will not be able to contact you.  

Storage period/criteria for determining the storage period

We only process your data for as long as it is required for the purposes for which it was collected. Your data will then be deleted unless the processing or storage of your data is necessary for the assertion, exercise or defence of legal claims. In the case of statutory retention obligations, erasure will only be considered after expiry of the respective retention obligation.

Your data will be deleted at the end of the event. Tax-relevant data is generally stored for 10 years due to statutory retention periods.

The following storage and deletion periods also apply to the data processed in Teams:  

All user account data will be deleted after the end of the provision of the service.

If you have a user account, you can completely delete your user profile, including the data stored about you, at any time.

Admin users in the controller’s account can completely delete usage profiles of any user, including the data stored there, at any time.

Media that is sent between participants in a “meeting room” is saved, unless at least one participant raises objections.

Audio and video content is processed in the stream and not saved.

Chat messages are saved by default. You can object to this at any time.

Stored technical logs/technical diagnostic information are deleted or anonymised after a maximum of 180 days.

Recipients of your data

As a matter of principle, we do not transfer your data to third parties. Data will only be passed on if it is specifically intended to be passed on, if you have expressly consented to the transfer in advance or if we are obliged or authorised to do so by law. Data may be passed on, for example, to other companies in the group of companies for the purpose of event management or for tax purposes or as part of IT services. 

When processing your data, Microsoft Ireland Operations Ltd and Microsoft Corporation support us as service providers and (sub)processors within the meaning of Art. 28 GDPR strictly in accordance with our instructions. It cannot be ruled out that your data will also be processed in third countries outside the EU or the EEA. With regard to these data transfers, an adequate level of data protection is guaranteed by the conclusion of the EU standard contractual clauses and supplementary measures based on them, unless an adequacy decision within the meaning of Art. 45 para. 3 GDPR exists for the third country concerned.

Your data protection rights

You have the right to receive information about the personal data stored about you free of charge upon request (Art. 15 para. 1 GDPR). In addition, if the legal requirements are met, you have the right to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR) and restriction of processing (Art. 18 GDPR) of your personal data and to data portability (Art. 20 GDPR).

You have the right to revoke your consent at any time with effect for the future if your data is processed on the basis of Art. 6 para. 1 sentence 1 lit. a) GDPR. Please send your cancellation to: info@topas-therapeutics.com

You have the right to object to data processing in accordance with Art. 21 GDPR if your data is processed on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR. Please send your objection to: info@topas-therapeutics.com

In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a data protection supervisory authority: Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit, Kurt-Schumacher-Allee 4, 20097 Hamburg, E-Mail: mailbox@datenschutz.hamburg.de

Contact details of the data protection officer

Our data protection officer datenschutz nord GmbH can be reached via office@datenschutz-nord.de. 

When contacting our data protection officer, please quote the above-mentioned person responsible.