- I. Person responsible for data collection
- II. Data protection officer
- III. Collection and processing of personal data when participating in PMPG video conferences with Microsoft Teams
- IV. The purposes of the processing and the relevant legal bases
- V. Duration of storage
- VI. Recipients of personal data
- VII. Data transfer to third countries
- VIII. Rights of those affected
- IX. Right to object
- X. Existence of a right to lodge a complaint with a supervisory authority
- XI. What happens if the data is not provided
- XII. Security
- XIII. Links to other websites
I. Person responsible for data collection
PMPG Steuerberatungsgesellschaft PartmbB
Adenauerallee 45-49
53332 Bornheim
Phone: +49 (0) 2222 94 01-0
email: info@pmpg.de
PMPG Erftstadt KG tax consulting company
Otto-Hahn-Allee 17a
50374 Erftstadt
Phone: +49 (0) 2235 7 94 09-0
email: info@pmpg.de
PMPG Siegen Steuerberatungsgesellschaft mbH
Weidenauer Str. 60
57076 Siegen
Phone: +49 (0) 271 30 30 33-0
email: info@pmpg.de
PMPG tax consultant & lawyer PartGmbB
Hohe Str. 73,
53119 Bonn
Phone: +49 (0) 228 9 83 88-0
email: info@pmpg.de
PMPG Unternehmensberatung GmbH
Gustav-Heinemann-Ufer 72c
50968 Cologne
Phone: +49 (0) 221 29 21 36-0
email: info@pmpg.de
PMPG Aachen KG tax consulting company
Auf der Hüls 198
52068 Aachen
Phone: +49 (0) 241 96 73-0
email: info@pmpg.de
II. Data protection officer
Reinhold Goetz, Dipl. Ing. Communications Engineering
Certified data protection officer and auditor TÜV
Certified data protection specialist DEKRA
Email: rgoetz@datenschutzservice.nrw or datenschutz@pmpg.de
Web: https://www.datenschutzservice.nrw
Tel: +49 (0) 2235/9947997
III. Collection and processing of personal data when participating in PMPG video conferences with Microsoft Teams
PMPG uses the “Microsoft Teams” tool to conduct telephone conferences, online meetings, video conferences and/or webinars. Microsoft Teams is a service from Microsoft Corporation. The processing is carried out on behalf of PMPG
Microsoft Ireland Operations Limited
One Microsoft Place
South County Business Park
Leopardstown
Dublin 18
D18 P521
Ireland
Please note that this data protection notice only informs you about the processing of your personal data by PMPG when using a Microsoft Teams video conference. If you access the “Microsoft Teams” website, the “Microsoft Teams” provider is responsible for data processing. If you require information about Microsoft’s processing of your personal data, we ask you to view the relevant statement at Microsoft. You can find more information from Microsoft on this topic here:
Microsoft Privacy Policy – Microsoft Privacy Policy
Link: https://privacy.microsoft.com/de-de/privacystatement
Microsoft Teams Security Guide – Overview – Microsoft Teams | Microsoft Docs.
https://learn.microsoft.com/de-de/microsoftteams/teams-security-guide
When using “Microsoft Teams”, different types of data are processed. The extent of the data also depends on what data information you provide before or when participating in an “online meeting”.
The following personal data are the subject of processing:
IP address
User information: username, display name, email address, if applicable, profile picture, information (optional information), preferred language, etc.
Meeting metadata: meeting ID, participant IP addresses, service data for the respective session and use of the system (data from devices/hardware used, operating system, time zone), telephone numbers (if dialed in by telephone), location, name of the meeting and If applicable, password from the organizer, date, time and duration, activities recorded in the meeting (such as joining and leaving), including activities related to third-party integrations, together with the date, time, person participating in the activity and other participants in the meeting with date, time, duration.
Chat, audio and video data: In order for audio and video transmission to take place, the application needs access to your microphone or video camera. You can mute or switch these off yourself at any time. Any text entries you may have made in the chat will also be processed and saved.
No device identifiers or other location data are collected.
IV. The purposes of the processing and the relevant legal bases
We use the above-mentioned and anonymized data to monitor the quality of the service and to identify possible sources of errors during operation. Content data such as chat logs and files cannot be viewed for monitoring purposes. Processing is carried out on the basis of Article 6 Paragraph 1 Letter f GDPR. Our legitimate interest is to provide the service and maintain quality.
If you use Teams as an employee of PMPG for operational purposes, data processing is carried out on the basis of Art. 6 Para. 2, 88 GDPR in conjunction with Section 26 Para. 1 BDSG. Because the data processing you carry out using Teams is necessary for the purposes of carrying out your employment relationship or fulfilling the obligations you owe under the employment contract due to the necessities/circumstances that PMPG is faced with described above.
If you take part in an online meeting as an external participant, your data will be processed regularly on the basis of Art. 6 Para. 1 lit. b GDPR. However, this only to the extent that your participation in the online meeting took place to fulfill or implement a contract concluded with you or with the company that employs you. The same applies to cases in which a contract was initiated and this took place on your initiative.
If data processing in connection with the use of Teams is not necessary for the purposes of the employment relationship or to fulfill a contract concluded with you or to carry out pre-contractual measures, it is carried out on the basis of Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR . Our legitimate interest lies in maintaining location-independent communication, maintaining business contacts and providing services owed.
Further processing purposes:
Your personal data may be processed by PMPG based on other legal obligations, such as a court order. Legal basis based on legal requirements (Art. 6 Para. 1 lit. c) GDPR) or in the public interest (Art. 6 Para. 1 lit. e) GDPR).
To the extent necessary, PMPG processes your data beyond the actual fulfillment of the contract to protect our legitimate interests or those of third parties. For example for:
Ensuring IT security and IT operations, e.g. transmission protocols,
Assertion of legal claims and defense in legal disputes.
Legal basis: This processing is based on PMPG’s legitimate interest (Article 6 (1) (f) GDPR).
You have the right to object to this processing of personal data concerning you at any time for reasons relating to your particular situation. You can object to the use of your personal data for direct advertising at any time without giving reasons.
According to Microsoft’s information, as part of “business activities,” Microsoft processes data for the following activities related to providing the products and services to Customer: (1) billing and account management; (2) Compensation (e.g. calculation of employee commissions and partner incentives); (3) internal reporting and business modeling (e.g. forecasting, sales, capacity planning, product strategy); (4) combat fraud, cybercrime, or cyberattacks that may affect Microsoft or Microsoft products; (5) improving core functionality related to accessibility, data protection or energy efficiency; and (6) financial reporting and compliance with legal obligations (subject to the restrictions on disclosure of processed data described below).
When processing for these business activities, Microsoft applies data minimization principles and will not use or process Customer Data, Professional Services Data or Personal Data for: (a) user profiling, (b) advertising or similar commercial purposes, or (c) any other purposes, except for the purposes set forth in this section. For the processing of data for the aforementioned business purposes, Microsoft determines both the means and the purposes of data processing. Microsoft considers itself solely responsible for this data processing for compliance with all applicable laws and the fulfillment of its obligations.
V. Duration of storage
If your personal data is no longer required for the purposes mentioned above, it will be deleted regularly.
Anonymized log data is stored for access by PMPG for up to 30 days. Access is only carried out to identify system errors, troubleshoot errors, clarify security questions and check for manipulation or other misuse. It is only accessible to administrators of the M365 platform.
Chat messages sent within a Teams video conference can also be viewed by those involved after 30 days. After 30 days, the external participant will be displayed in the chat as “Unknown User” and the chat content will be deleted. This means that it can no longer be traced who wrote the chat and what the chat contained.
VI. Recipients of personal data
In order to provide the contractual service, the data required to provide the service will be transferred to Microsoft. In particular, the user ID and IP address are passed on to Microsoft. When you use the service, content data is transferred to Microsoft, and you determine which data is transferred. According to Microsoft, the transmission of content data is encrypted. For more information about Microsoft’s processing of personal data and encryption, see the Microsoft Teams Security Guide – Overview – Microsoft Teams | Microsoft Docs:
https://learn.microsoft.com/de-de/microsoftteams/teams-security-guide
VII. Third country
A transfer of personal data to service providers outside the European Economic Area (EEA) takes place in compliance with the regulations of Chapter V of the GDPR on the transfer of personal data to third countries.
In principle, data processing outside the European Union (EU) does not take place, as we have limited our storage location to data centers in the European Union. However, we cannot rule out that data is routed via internet servers located outside the EU. This can be the case in particular if participants in an “online meeting” are in a third country. Access to data from third countries cannot be ruled out in individual cases in support and maintenance cases or when processing by Microsoft for business purposes.
However, the data is encrypted during transport over the Internet and is therefore protected from unauthorized access by third parties.
VIII. Rights of those affected
If PMPG has stored data about you, you can request information about the data stored about you. Please inform us if we have stored incorrect data about you or if you do not agree to parts of the data being stored so that we can correct it, delete it or restrict its processing.
You will receive personal data that you have entered in a transferable format upon request, within the framework of the legal requirements.
To exercise a data subject’s right, please contact datenschutz@pmpg.de stating:
your contact details the data subject rights that you want to exercise.
You also have the right to correct, block or delete your personal data, provided there is no legal obligation to retain it. If such an obligation exists, we will block your data upon request.
IX. Contradiction
You have the right to object at any time to the processing of personal data concerning you for reasons relating to your particular situation, provided that this processing takes place within the framework of the balancing of interests or in the public interest. You can object to the use of your personal data for direct advertising at any time without giving reasons. Please contact datenschutz@pmpg.de
X. Existence of a right to lodge a complaint with a supervisory authority
In the event of complaints, you can contact a responsible supervisory authority. The responsible body is:
State Commissioner for Data Protection and Freedom of Information
PO Box 20 04 44
40102 Düsseldorf, Germany
Phone: +49 (0) 211/38424-0
Fax: +49 (0) 211/38424-10
Email: poststelle@ldi.nrw.de
XI. What happens if the data is not provided
Without this personal data, we will not be able to carry out the video conference with you.
XII. Security
PMPG takes appropriate technical and organizational measures to ensure a level of protection appropriate to the risk and to protect personal data from destruction, loss, alteration or unauthorized disclosure and access. The effectiveness of these measures is regularly checked, assessed and evaluated. This also applies to the selection of the processors used.
XIII. Links to other websites
If you access an external website from our site (external link), the external provider may receive information from your browser about the page from which you came. The external provider is responsible for this data. Like every other provider, we are unable to influence this process.