Brainlab privacy notice for online meetings, conference calls and webinars via Microsoft Teams

Status: July, 2021

This document is to inform users about the processing of personal data in connection with the use of Microsoft Teams. This privacy notice applies to all Brainlab companies and subsidiaries: https://www.brainlab.com/contact-us/#offices


Purpose of processing

We use the Microsoft Teams tool to conduct conference calls, online meetings, video conferences and/or webinars (hereinafter: Online Meetings). Microsoft Teams is a service of Microsoft Corporation.


Who is the processing controller?

The controller for processing the data directly related to the conduction of Online Meetings is:

Brainlab AG
Olof-Palme-Straße 9
81829 Munich
Germany

Note: If you access the Microsoft Teams website, Microsoft Corp. (the Microsoft Teams provider) is responsible for that data processing. However, accessing the website is only necessary for downloading the software in order to use Microsoft Teams.

If you do not want to or cannot use the Microsoft Teams app, you can also use Microsoft Teams via your browser. The service will then also be provided via the Microsoft Teams website.


What data is processed?

When using Microsoft Teams, various types of data are processed. The scope of the data also depends on the data you provide before or during participation in Online Meetings.

The following personal data are subject to processing:

User details: e.g. display name, email address (if applicable), profile picture (optional), preferred language

Online Meeting metadata: e.g. date, time, meeting ID, phone numbers, location

Text, audio and video data: You may have the option of using the chat function in Online Meetings. To this extent, the text entries you make are processed in order to display them in Online meetings. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time via the Microsoft Teams applications.


Scope of processing

We use Microsoft Teams to conduct Online Meetings. If we want to record Online Meetings, we will transparently communicate this to you in advance and – if necessary – ask for consent.

The chat content is logged when using Microsoft Teams. If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will usually not be the case.

Automated decision-making within the meaning of Art. 22 GDPR is not used.


Legal bases of data processing

Insofar as personal data of Brainlab AG employees is processed, § 26 BDSG (the execution of the employment contract) is the legal basis for data processing. If you are not an employee of Brainlab, the use of Microsoft Teams might be an elementary component for the professional communication with you as a cooperation partner, customer or service provider. The legal basis in those cases is Art. 6 (1) f) GDPR. Our legitimate interest is the effective implementation of Online Meetings. In these cases, our interest is in the effective implementation of Online Meetings.

Incidentally, the legal basis for data processing when conducting Online Meetings is Art. 6 (1) lit. b) DSGVO, insofar as the meetings are conducted in the context of contractual relationships.

If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f) GDPR. Here, too, our interest is in the effective implementation of Online Meetings.


Receiving/ passing on of data

Personal data processed in connection with participation in Online Meetings will not be disclosed to third parties as a matter of principle unless it is specifically intended for disclosure. Please note that the content of Online Meetings, as well as personal meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.

Other recipients: Microsoft, as the provider of Microsoft Teams necessarily processes data. For further information please check their privacy policy: https://learn.microsoft.com/en-us/microsoftteams/security-compliance-overview

We have concluded a data processing agreement with Microsoft for the use of Microsoft services, such as Microsoft Teams.


Data processing outside the European Union

In principle, no data processing takes place outside the European Union (EU), as we have limited our storage location at Microsoft to data centers in the European Union. However, we cannot exclude the routing of data via Internet servers that are located outside the EU. This is the case in particular if participants in Online Meetings are located in a third country. However, the data is encrypted during transport over the Internet and thus protected against unauthorized access by third parties.


Data protection officer

We have appointed a data protection officer.

You can reach him as follows:

Intersoft Consulting Services AG
Katharina Ruhenstroth
Beim Strohhause 17
200097 Hamburg

Email:


Your rights as a data subject

You have the right to obtain information about the personal data concerning you. You can contact us for information at any time.

In the case of a request for information that is not made in writing, we ask for your understanding that we may require proof from you that you are the person you claim to be.

Furthermore, you have a right to rectification or deletion or to restriction of processing, insofar as you are entitled to this by law.

Finally, you have the right to object to processing within the scope of the law.

A right to data portability also exists within the framework of data protection law.

In addition, you have the right to lodge a complaint with the competent supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG).

To exercise your rights, you can contact the data controller or the data protection officer using the contact details provided in this notice. We will process your requests promptly and in accordance with the legal requirements and inform you of the measures we have taken.


Data deletion

As a matter of principle, we delete personal data when there is no need for further storage. A requirement may exist in particular if the data is still needed in order to fulfill contractual services, to check and grant or ward off warranty and, if applicable, guarantee claims. In the case of statutory retention obligations, deletion will only be considered after expiry of the respective retention obligation.


Amendment of this privacy notice

We revise this data protection notice in the event of changes to data processing or other occasions that make this necessary. You will always find the current version on this website.