We, the PPI AG (hereinafter referred to as PPI), would like to inform you below about the processing of personal data in connection with the use of Microsoft Teams and Cisco Webex (hereinafter referred to as online services).
We use Microsoft Teams and Cisco Webex to conduct telephone conferences, video conferences, online meetings, webinars or online trainings (hereinafter referred to as online meetings).
Microsoft Teams is a service provided by Microsoft Corporation.
Cisco Webex is a service provided by Cisco Systems, Inc.
PPI is responsible for data processing that is directly related to the conducting of online meetings.
Note: If you access the website of Microsoft or Cisco, the provider of the website is responsible for data processing.
Microsoft
You only need to visit the website of Microsoft Teams in order to download the software for using Microsoft Teams. If you do not want to or cannot use the Microsoft Teams app, there is a browser version offering the basic functions, which you can also find on the Microsoft Teams website.
Please find below more information regarding data protection by Microsoft Corporation:
https://privacy.microsoft.com/de-de/privacystatement
https://www.microsoft.com/de-de/trust-center
Cisco Webex
You only need to visit the website of Cisco Systems in order to download the software for using Cisco Webex. If you do not want to or cannot use the Cisco Webex app, there is a browser version offering the basic functions, which you can also find on the Cisco Webex website.
Please find below more information regarding data protection by Cisco Systems, Inc.:
https://www.cisco.com/c/de_de/about/legal/privacy-full.html
Various types of data are processed when using online services. The scope of the data also depends on the information you provide before or during participation in an online meeting.
The following personal data is processed:
To participate in an online meeting you must at a minimum provide information about your name.
We use Microsoft Teams and Cisco Webex to conduct online meetings. If we want to record online meetings, we will inform you transparently in advance and – if necessary – ask for your consent. The online meeting application will also display the fact that a recording is being made.
If necessary for the purposes of recording the results of an online meeting, we will log the chat content. However, this will usually not be the case.
Automated decision-making as defined in art. 22 GDPR is not used.
If personal data of employees of PPI is processed in online meetings, § 26 BDSG is the legal basis for data processing. In connection with the use of online services, art. 6 para. 1 lit. f) GDPR is the legal basis for processing any personal data that is elementary to the use of online services but is not required for the establishment, performance, or termination of the employment relationship. In these cases, we are interested in the effective conduct of online meetings.
Furthermore, the legal basis for data processing for the purposes of conducting online meetings is art. 6 para. 1 lit. b) GDPR, insofar as the meetings are held within the framework of contractual relationships.
If no contractual relationship exists, the legal basis is art. 6 para. 1 lit. f) GDPR. Here, too, we are interested in the effective conduct of online meetings.
Personal data processed in connection with participation in online meetings is generally not shared with third parties unless it is specifically intended to be passed on. Please note that content from online meetings, as is the case in personal meetings, often serves precisely to communicate information with customers, interested parties, or third parties and is therefore intended for disclosure.
Other recipients: The providers of online services necessarily obtain knowledge of the abovementioned data insofar as this is stated in our order processing agreement with Microsoft and Cisco Systems.
Microsoft Teams
Data processing outside the European Union (EU) does not take place as a matter of principle, as we have restricted our storage location to data centres in the European Union.
However, we cannot rule out the possibility that data may be transmitted to Microsoft Corp. in the USA in this context. Microsoft can also carry out remote maintenance access from other third countries. Therefore, we have concluded the standard data protection clauses of the European Commission with Microsoft Corp.
Cisco Webex
Cisco Webex is a service provided by a service provider in the USA. The processing of personal data therefore also takes place in a third country. We have concluded an order processing agreement with Cisco Systems that meets the requirements of art. 28 GDPR.
An adequate level of data protection is guaranteed, for one, by the conclusion of the EU’s Standard Contractual Clauses. As additional safeguards, we have also configured our system so that only data centres in the EU are used to conduct online meetings.
We have appointed a data protection officer.
You can contact our data protection officer as follows:
PPI AG, Data Protection Officer, Moorfuhrtweg 13, 22301 Hamburg, E-Mail: datenschutz(at)ppi.de
You have the right of information about personal data concerning you. You can contact us for information at any time.
In the case of a request for information that is not made in writing, we ask for your understanding that we may require you to provide evidence that you are the person you claim to be.
Furthermore, you have the right to rectification or erasure or to restriction of the processing, as far as you are legally entitled to do so.
Finally, you have the right to object to the processing within the scope of the statutory provisions.
You also have a right to data portability within the framework of the data protection regulations.
As a matter of principle, we erase personal data when there is no need for further storage. A requirement can exist in particular if the data is still needed to fulfil contractual services, to examine and either grant or ward off warranty and, if applicable, guarantee claims. In the case of statutory retention obligations, erasure shall be considered only after the expiry of the respective retention obligation.
You have the right to lodge a complaint in terms of art. 77 GDPR with the competent supervisory authority if you are of the opinion that the processing of your personal data is unlawful:
Free and Hanseatic City of Hamburg
The Hamburg Commissioner for Data Protection and Freedom of Information
Please note that we update this data protection policy from time to time so that it always complies with the most recent legal requirements and covers all our content. The latest version applies subject to the following update notice.
Hamburg, 07.01.2021
