Data protection information for the Sikom Contact Center App within Microsoft Teams


Data protection information for the Sikom Contact Center App within Microsoft Teams

1. Information about the collection of personal data

The protection of your personal data is a high priority for Sikom Software GmbH. It is important to us to inform you which personal data is collected in our Sikom Contact Center App in connection with the use via Microsoft Teams (MS Teams). The protection of your personal data is a central concern for us. Therefore, we strictly adhere to the applicable data protection laws.

2. Responsible body

The responsible body according to Art. 4 Para. 7 DSGVO is:

Sikom Software GmbH
Tullastraße 4
D-69126 Heidelberg

see our imprint: www.sikom.de/imprint

3. Data protection officer

You can contact our external data protection officer as follows:

c/o Althammer & Kill GmbH und Co. KG
Roscherstraße 7
30161 Hannover
Email: kontakt-dsb@althammer-kill.de
Telephone: +49 511 330603-90

4. Purpose of processing

We offer the Sikom Contact Center App via the MS Teams App marketplace to provide you with access to the Sikom ContactCenter instance you are using. This allows you to conduct conference calls, online meetings, video conferences and/or webinars (hereinafter: „Online Meetings“).

MS Teams is a Microsoft Office application from Microsoft Corporation, which is based in the USA.

5. What data is processed?

  1. When you use our Sikom Contact Center app, your MS Teams username and MS domain are forwarded to our Sikom forwarding service in order to identify you as a Sikom Contact Center user and subsequently gain access to our Contact Center.
  2. In addition, after the successful matching of the above data, various types of data are also processed by MS Teams. The scope of the data also depends on the information you provide before or during participation in an „online meeting“.

Within the scope of our Sikom Contact Center App via Microsoft Teams, we process the following data:

  • Authentication data
  • Log files, protocol data
  • Metadata (e.g. IP address, time, topic)
  • Profile data (e.g. your username)

6. Microsoft Teams (scope of processing, legal basis, processing outside the EU / EEA)

(1) Through the video conferencing feature of Microsoft Teams, we can offer you participation via video / audio in our „online meetings“.

  1. Microsoft Teams is part of Microsoft 365. Microsoft Teams is a collaboration tool which also includes a video conferencing function. Microsoft 365 is software from Microsoft Corporation, One Microsoft Way Redmond, WA 98052-6399 USA.
  2. Microsoft Teams is part of the cloud application Office 365, for which a user account must be created. Likewise, Microsoft reserves the right to process customer data for its own business purposes. This poses a data protection risk for Microsoft Teams users. We have concluded data protection agreements and EU standard contracts with the provider Microsoft to guarantee a minimum level of data protection. Please note that we have no influence on Microsoft’s data processing activities. To the extent that Microsoft Teams processes personal data in connection with Microsoft’s legitimate business operations, Microsoft is the independent data controller for such use and as such is responsible for compliance with all applicable laws and obligations of a data controller.
  3. For more information about the purpose and scope of data collection and processing by Microsoft Teams, please see Microsoft’s privacy notices at https://privacy.microsoft.com/de-de/privacystatement and Microsoft Teams at https://docs.microsoft.com/de-de/microsoftteams/teams-privacy. There you will also find further information on your rights in this regard. Microsoft also processes your personal data in the USA. EU standard contracts with Microsoft on Office 365 and Teams have been concluded to guarantee an appropriate level of data protection.
  4. The data protection agreement and EU standard contractual clauses with Microsoft can be found at:https://www.microsoft.com/licensing/docs/view/Online-Services-Data-Protection-Addendum-DPA?lang=14 .

(2) If we want to record „online meetings“, we will transparently communicate this to you in advance and – where necessary – ask for consent. When a recording is started, this will be apparent via the Teams app.

(3) If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will not normally be the case.

(4) In the case of webinars, we may also process questions asked by webinar participants for the purposes of recording and following up webinars.

(5) If you are registered as a user with Teams, then reports on „online meetings“ (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars, etc.) can be stored for up to one month with Teams.

(6) The possibility of software-based „attention monitoring“ („attention tracking“) in „online meeting“ tools such as Teams is deactivated.

7. Legal basis for data processing

Insofar as personal data of employees of Sikom Software GmbH’s customers are processed, Art. 6 (1) lit. b) DSGVO is the legal basis for data processing. If, in connection with the use of MS Teams, personal data is not required for the implementation or termination of the contractual relationship, but is nevertheless an elementary component in the use of MS Teams, Art. 6 (1) lit. f) DSGVO is the legal basis for data processing. In these cases, our interest is in providing the Sikom Contact Center App via the Microsoft marketplace.

8. Recipients / passing on of data

(1) Personal data processed in connection with the Sikom Contact Center App and the associated participation in „online meetings“ will generally not be passed on to third parties unless they are expressly designated for disclosure. Please notethat content from „online meetings“, as well as from face-to-face meetings, is often used precisely to communicate information with employees, customers, interested parties or third parties and is therefore intended for disclosure.

(2) Other recipients: Microsoft as the provider of MS Teams necessarily receives knowledge of the data listed under 5.1. insofar as this is provided for in the context of our order processing agreement with MS Teams: https://www.microsoft.com/licensing/docs/view/Online-Services-Data-Protection-Addendum-DPA?lang=14

9. Data processing outside the European union / European economic area

(1) MS Teams is a service provided by a provider from the USA. A processing of personal data therefore also takes place in a third country. We have concluded an order processing agreement with the provider of MS Teams that complies with the requirements of Art. 28 DSGVO in conjunction with Art. 46 DSGVO. Art. 46 DSGVO.

(2) An adequate level of data protection is guaranteed by concluding the so-called EU standard contractual clauses. The standard contractual clauses (processor): https://www.microsoft.com/licensing/docs/view/Online-Services-Data-Protection-Addendum-DPA?lang=14

(3) Microsoft complies with the data protection requirements of the European Economic Area and Switzerland with respect to the collection, use, transfer, storage and other processing of personal data from the European Economic Area, the United Kingdom and Switzerland. All transfers of personal data to a third country or an international organisation are subject to appropriate safeguards as described in Art. 46 DSGVO. The legal basis for this is the necessity for the performance of a contract with Microsoft in accordance with Art. 6 Para. 1 lit. (b) DSGVO in conjunction with Art. 46 DSGVO.

(4) Further information on the type and scope of data processing by Microsoft can be found at https://privacy.microsoft.com/de-de/privacystatement.

(5) For settings options and other information on the protection of your data, please visit:https://www.microsoft.com/en-us/licensing/product-licensing/products#OST .

10. Your rights as a data subject

You have the following rights with regard to data processing concerning you:

  • Right to information about your stored data (Art. 15 DSGVO),
  • Right to have your data corrected or deleted (Art. 16, 17 DSGVO),
  • RRight to restrict the processing of your data (Art. 18 DSGVO),
  • Right to data portability (Art. 20 DSGVO),
  • Right of complaint to a supervisory authority.

If you believe that the processing of personal data concerning you violates the DSGVO, you have the right to lodge a complaint with the supervisory authority:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württember (The State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg)
Postfach 10 29 32
D-70025 Stuttgart
Tel.: +49 (0) 711/615541-0
FAX: +49 (0) 711/615541-15
Email: poststelle@lfdi.bwl.de

(2) You can exercise your rights at any time. We will be happy to explain the details and possible restrictions of the individual rights to you at your leisure; simply contact us in this regard.

(3) You will already receive information about your data stored by us in part with these data protection notices (information obligations pursuant to Art. 13 DSGVO). Of course, this does not preclude you from requesting information at any time, because we may also process (new) data from you in the future for other purposes not listed in this data protection notice.

(4) For further information on your data protection rights vis-à-vis Microsoft, please refer to the Microsoft data protection notices athttps://privacy.microsoft.com/de-de/privacystatement and Microsoft Teams at https://docs.microsoft.com/de-de/microsoftteams/teams-privacy.

11. Deletion of data

(1) We generally delete personal data when there is no need for further storage. A requirement may exist in particular if the data is still needed to fulfil contractual services, to check and grant or avert warranty and, if applicable, guarantee claims. In the case of statutory retention obligations, deletion only comes into consideration after expiry of the respective retention obligation.

(2) Authentication data, log files, protocol data and metadata (e.g. IP address, time, topic) are deleted after 180 days at the latest. Profile data (e.g. your username) are deleted at the end of the contract within the statutory periods.

12. Changes to this data protection notice

We revise this data protection notice in the event of changes in data processing or other occasions that make this necessary.

If you have any further questions about data protection, please contact the offices listed under No. 2 or No. 3.

 

last update: 13.12.2023