Information obligations

Information Requirements Pursuant to Art. 13 GDPR – Applicants

Name and contact data of the person responsible (Art. 13 Sect. 1 a GDPR)

diconium GmbH
Rommelstrasse 11
70376 Stuttgart
E-mail: info@diconium.com

Name and contact information of the Data Protection Officer (Art. 13 Sect. 1 b GDPR)

diconium digital solutions GmbH
Rommelstraße 11
70376 Stuttgart
Personally responsible: Mr. Michael Knof
E-mail: datenschutz@diconium.com

Purpose and legal grounds for data processing (Art. 13 Sect. 1 c GDPR)

  • Handling of applicants/eRecruiting (§ 26 Sect. 1 German Federal Data Privacy Act-new)
  • Inclusion in a pool of applicants for later contact (Art. 6 Sect. 1 a GDPR)

Recipients or categories of recipients of personal data (Art. 13 Sect. 1 e GDPR)

Human resource services, providers of and consultants for the software-supported applicant portals, disposal service providers, affiliates

Transmitting to non-EU countries (Art. 13 Sect. 1 f GDPR)

Data shall not be transmitted to any non-EU countries.

Data shall be archived in compliance with the statutory retention mandates (Art. 13 Sect. 2 a GDPR)

Personal data will be deleted six months after the application process ends, in accordance with § 61b Sect. 1 German Employment ACT (ArbGG) in combination with § 15 German Employers' Act (AGG). In the case of inclusion in the applicant pool, deletion will take place after two years, if no suitable position can be offered.

If the applicant is hired, the required data will be transferred to the personnel file. Information regarding data removal can be derived from the mandatory information concerning the processing of employee data.

Right to revoke (Art. 13. Sect. 2 c GDPR)

If you have agreed to the processing of your data, you do have the right to revoke your consent with future effect. This shall be without prejudice to the legality of the processing of your data until the revocation is received.  Please contact the responsible person at the contact information provided below.

Right to information, correction, deletion, restriction, data transferability and objection (Art. 13, Sect. 2 b GDPR)

As the data subject, you have the right at any time to access, correct and delete your data and to limit handling as well as a right to data transferring. Please contact the person responsible at the contact data provided below.

Right to file a grievance (Art. 13 Sect. 2 d GDPR)

As the data subject, you have the right to file grievances at any time with the relevant state officer for data protection and freedom of information in Baden-Wuerttemberg.

Existence of a requirement to provide personal data (Art. 13 Sect. 2 e GDPR)

The collected data is necessary for the execution of application processes (purpose 1). When data is not provided it is not possible to carry out application procedures.

 

Information Requirement Pursuant to Art. 13 GDPR – Suppliers, Service Providers, Others

Name and contact data of the person responsible (Art. 13 Sect. 1 a GDPR)

diconium GmbH
Rommelstrasse 11
70376 Stuttgart
E-mail: info@diconium.com

Name and contact information of the Data Protection Officer (Art. 13 Sect. 1 b GDPR)

diconium digital solutions GmbH
Rommelstrasse 11
70376 Stuttgart
Personally responsible: Mr. Michael Knof
E-mail: datenschutz@diconium.com

Purpose and legal grounds for data processing (Art. 13 Sect. 1 c GDPR)

  • Purchase and implementation of support services for the fulfillment of business purposes (Art. 6 Sect. 1 f GDPR)
  • Fulfillment of legal obligations (Art. 6 Sect. 1 GDPR)
  • Delivery of informational materials (Art. 6 Sect. 1 f GDPR)

Interests of the person responsible when weighing the parties' interests (Art. 13 Sect. 1 d GDPR)

  • Assertion of legal claims and defense in legal disputes
  • Guarantee of the company's IT security and IT operations
  • Prevention of crime
  • Measures for business management and further development of services and products.

Recipients or categories of recipients of personal data (Art. 13 Sect. 1 e GDPR)

Government agencies, banks, financial auditors, affiliated companies, disposal service providers, credit reporting agencies.

Transmitting to non-EU countries (Art. 13 Sect. 1 f GDPR)

No data shall be transmitted to non-EU countries.

Data shall be archived in compliance with the statutory retention mandates (Art. 13 Sect. 2 a GDPR)

As a rule, personal data shall be deleted within ten years after termination of the business relationship, unless a longer statutory retention period applies in exceptional cases or if a person affected revokes consent.

Right to information, correction, deletion, restriction, data transferability and objection (Art. 13, Sect. 2 b GDPR)

As the data subject you have the right at any time to access, correct and delete your data and to limit handling as well as a right to data transferring. Please contact the responsible party at the contact information provided below.

Right to object (Art. 21. Sect. 1 GDPR)

If your information is being processed to protect legitimate interests, you have the right to object to such processing at any time by getting in touch with us at the contact information provided, if your special situation gives rise to grounds that are in conflict with such data processing. In this case, we shall seize to conduct this type of processing unless it serves more prominent protection-worthy interests at our end.

Right to file a grievance (Art. 13 Sect. 2 d GDPR)

As the data subject, you have the right to file grievances at any time with the competent state officer for data protection and freedom of information in Baden-Wuerttemberg.

Existence of a requirement to provide personal data (Art. 13 Sect. 2 e GDPR)

The collected data are required for entering into and manage the employment relationship.

 

Information Requirement Pursuant to Art. 13 GDPR – Prospects, Customers

Name and contact data of the person responsible (Art. 13 Sect. 1 a GDPR)

diconium GmbH
Rommelstrasse 11
70376 Stuttgart
E-mail: info@diconium.com

Name and contact information of the Data Protection Officer (Art. 13 Sect. 1 b GDPR)

diconium digital solutions GmbH
Rommelstrasse 11
70376 Stuttgart
Personally responsible: Mr. Michael Knof
E-mail: datenschutz@diconium.com

Purpose and legal grounds for data processing (Art. 13 Sect. 1 c GDPR)

  1. Handling and processing of inquiries from prospects (Art. 6 Sect. 1 f GDPR)
  2. Verification of sanctions lists (Art. 6 Sect. 1 c GDPR in combination with Directive (EU) No. 2580/2001 versus other individuals and organizations that are terror suspects and Directive (EU) No. 881/2002 versus Osama bin Laden, Al-Qaida and the Taliban)
  3. Preparation of quotations for prospects (Art. 6 Sect. 1 f GDPR)
  4. Closing of purchase contracts (Art. 6 Sect. 1 f GDPR)
  5. Fulfillment of legal obligations (Art. 6 Sect. 1 GDPR)
  6. Processing and delivery of orders (Art. 6 Sect. 1 f GDPR)
  7. Resolution of complaints (Art. 6 Sect. 1 f GDPR)
  8. Implementation of sales development activities (Art. 6 Sect. 1 f GDPR)
  9. Support of operational processes by service providers (Art. 28 GDPR)
  10. Implementation of customer satisfaction surveys for the demand-oriented further development of services (Art. 6 para. 1 f GDPR)

Balancing of interests for those responsible (Art. 13 Sect. 1 d GDPR)

Applies to purposes 1, 3 through 8 as well as 10:

  • Direct advertising design
  • Storing data of potential customers and partners for solicitation efforts
  • Using credit ratings for protection against payment default
  • Assertion of legal claims and defense in legal disputes
  • Guarantee of the company's IT security and IT operations
  • Prevention of crime
  • Measures for business management and further development of services and products.

Recipients or categories of recipients of personal data (Art. 13 Sect. 1 e GDPR)

Government agencies, banks, financial auditors, software providers, affiliates, disposal service providers, credit bureaus.

Transmitting to non-EU countries (Art. 13 Sect. 1 f GDPR)

No data shall be transmitted to non-EU countries.

Data shall be archived in compliance with the statutory retention mandates (Art. 13 Sect. 2 a GDPR)

As a rule, personal data shall be deleted within ten years after termination of the business relationship or even earlier if a prospect does not convert into a customer. If data processing is necessary for the performance of the contracts, the personal data processed in the context of this shall be deleted upon completion of the project, at the latest upon termination of the order processing contract.

Right to information, correction, deletion, restriction, data transferability and objection (Art. 13, Sect. 2 b GDPR)

As the data subject, you have the right to at any time receive information, have your data corrected or deleted and to have its processing restricted as well as a right to data transferability. Please contact the person responsible at the contact data provided below.

Right to object (Art. 21. Sect. 1 GDPR)

If your data is processed to protect legitimate interests (purposes 1, 3 through 8), you have the right to object to this processing through our provided contact information at any time if your situation gives you cause to object to this data processing. In this case, we shall seize to conduct this type of processing unless it serves more prominent protection-worthy interests at our end.

Right to file a grievance (Art. 13 Sect. 2 d GDPR)

As the data subject, you have the right to file grievances at any time with the competent state officer for data protection and freedom of information in Baden-Wuerttemberg.

Existence of a requirement to provide personal data (Art. 13 Sect. 2 e GDPR)

The collected data is necessary for handling of inquiries, preparing quotations, finalizing purchase agreements, as well as the management of business operations.

 

Information Requirements Pursuant to Art. 13 GDPR – Participants

Name and contact data of the person responsible (Art. 13 Sect. 1 a GDPR)

diconium GmbH
Rommelstrasse 11
70376 Stuttgart
E-mail: info@diconium.com

Name and contact information of the Data Protection Officer (Art. 13 Sect. 1 b GDPR)

diconium digital solutions GmbH
Rommelstrasse 11
70376 Stuttgart
Personally responsible: Mr. Michael Knof
E-mail: datenschutz@diconium.com

Purpose and legal grounds for data processing (Art. 13 Sect. 1 c GDPR)

  1. The intake of participants, who are procured from the employment agency or job center, for the implementation of individual affirmative action for the betterment of one's own chances on the job market as well as the exchange of information with the employment agency and/or job center (Art. 6 Sect. 1 b and 1 f GDPR)
  2. Placement in companies for internships, work and education (Art. 6 Sect. 1 GDPR)
  3. Settlement of measures taken against the employment agency or job center (Art. 6 Sect. 1 c GDPR)

Balancing of interests for those responsible (Art. 13 Sect. 1 d GDPR)

Applies to purpose 1:

  • Assertion of legal claims and defense in legal disputes
  • Measures for business management and further development of services and products.

Recipients or categories of recipients of personal data (Art. 13 Sect. 1 e GDPR)

German Department of Labor, job centers, companies that broker internships, jobs and training, software manufacturers f in-house software programs, disposal management services

Transmitting to non-EU countries (Art. 13 Sect. 1 f GDPR)

Data shall not be transmitted to any non-EU countries.

Data shall be archived in compliance with the statutory retention mandates (Art. 13 Sect. 2 a GDPR)

Data of participants shall be deleted 2 years after the overall project has completed.

In accordance with legal requirements, payroll-relevant data will be saved after 10 years and then deleted.

Right to information, correction, deletion, restriction, data transferability and objection (Art. 13, Sect. 2 b GDPR)

As the data subject, you have the right to at any time receive information, have your data corrected or deleted and to have its processing restricted as well as a right to data transferability. Please contact the person responsible at the contact data provided below.

Right to object (Art. 21. Sect. 1 GDPR)

Insofar as the processing of your data takes place for the protection of legitimate interests (purpose 1), you have the right to object to said processing at any time through our provided contact information if your situation gives you cause to object to this data processing.  In this case, we shall cease to process this data, unless our legitimate interests outweigh your grounds.

Right to revoke (Art. 13. Sect. 2 c GDPR)

Insofar as you consented to the processing of your data (purpose 2), you have the right to revoke your consent at any time in the future. This shall be without prejudice to the legality of the processing of your data until the revocation is received. Please contact the person responsible at the contact information provided below.

Right to file a grievance (Art. 13 Sect. 2 d GDPR)

As the data subject, you have the right to file grievances at any time with the competent state officer for data protection and freedom of information in Baden-Wuerttemberg.

Existence of a requirement to provide personal data (Art. 13 Sect. 2 e GDPR)

The collected data are required for signing the agreement or implementing the integration measures. The non-provision of the information could potentially result in us not being able to implement the integration measures.

 

Information Requirements Pursuant to Art. 13 GDPR – Facebook Fanpage

Purpose and legal grounds for data processing (Art. 13 Sec. 1c GDPR)

The operation of a Facebook Fanpage for the purpose of ...

  • Public relations (Art. 6 Sec. 1 item f GDPR)
  • Public image building (Art. 6 Sec. 1 item f GDPR)
  • Contact with the person responsible (Art. 6 Sec. 1 item f GDPR)
  • Responding to support questions (Art. 6 Sec. 1 item f GDPR)
  • Statistical  analysis of user behavior for optimization and marketing purposes (Art. 6 Sec. 1 item f GDPR)
  • Employer branding (Art. 6 Sec. 1 item f GDPR)

Interests of the controller in a weighing of interests  (Art. 13 Sec. 1 d GDPR)

  • Assertion of legal claims and defense in legal disputes
  • Guarantee of the company's IT security and IT operations
  • Prevention of crime
  • Measures for business management and further development of services and products.

Recipients or categories of recipients of personal data (Art. 13 Sec. 1 e GDPR)

  • Facebook

Transfer to non-EU countries (Art. 13 Par. 1 f GDPR)

Data will be transferred to non-EU countries, for Facebooks that are in the USA.

Data shall be archived in compliance with the statutory retention mandates (Art. 13 Sec. 2 a GDPR)

The responsible party has only a limited influence on the deletion of personal data, since Facebook has the main authority in this regard. Further information on this can be found at https://www.facebook.com/privacy/explanation.

Right to data access, rectification, deletion, restriction, handling and objection (Art. 13 Sec. 2 b GDPR)

As the data subject, you have the right at any time to access, correct and delete your data and to limit handling as well as a right to data transferring. Please contact the person responsible at the contact data provided above.

Right to object (Art. 21 Sec. 1 GDPR)

If your information is being processed to protect legitimate interests, you have the right to object to such processing at any time by getting in touch with us at the contact information provided, if your particular situation gives rise to grounds that are in conflict with such data processing. In this case, we shall cease to process this data, unless our legitimate interests outweigh your grounds.

Right to revoke (Art. 13 Sec. 2 c GDPR)

If you have agreed to the processing of your data, you do have the right to revoke your consent with future effect. This shall be without affecting the lawfulness of processing based on consent before its withdrawal. Please contact the person responsible at the contact information provided above.

Right to lodge a complaint (Art. 13 Sec. 2 d GDPR)

As the data subject, you have the right to lodge complaints at any time with the relevant state officer for data protection and freedom of information in Baden-Württemberg.

Existence of a requirement to provide personal data (Art. 13 Sec. 2 e GDPR)

The data compiled will be largely determined by Facebook. You may however also use our Facebook page without signing in to Facebook, in case you prefer not to disclose any personal data.

 

Information Requirements Pursuant to Art. 13 GDPR – Participants in a lottery

Name and contact data of the person responsible (Art. 13 Sect. 1 a GDPR)

diconium GmbH
Rommelstrasse 11
70376 Stuttgart
E-mail: info@diconium.com

Name and contact information of the Data Protection Officer (Art. 13 Sect. 1 b GDPR)

diconium digital solutions GmbH
Rommelstraße 11
70376 Stuttgart
Personally responsible: Mr. Michael Knof
E-mail: datenschutz@diconium.com

Purpose and legal grounds for data processing (Art. 13 Sect. 1 c GDPR)

1. Handling of the lottery (Art. 6 para. 1 a GDPR)

Participants at events such as trade fairs or job exchanges can take part in a competition organised by the responsible person. Data processing only takes place for the purpose of drawing the winner and providing the prize. Any further use of the data will only take place with prior express consent.

2. Inclusion in the interest-related e-mail newsletter (Art. 6 para. 1 a GDPR)

In the context of the competition, interested candidates also agree that the contact data provided may be used for e-mail and telephone advertising about the company's services and products, as well as about innovations and changes in the company and the IT industry. The data will not be passed on for other purposes, in particular for other advertising measures or a resale of the data.

Recipients or categories of recipients of personal data (Art. 13 Sect. 1 e GDPR)

E-mail providers, hosting and IT service providers, postal and parcel service providers, affiliated companies

Transmitting to non-EU countries (Art. 13 Sect. 1 f GDPR)

Registration for the lottery as well as the sending of e-mail advertising is carried out via the technical service provider HubSpot Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA ("HubSpot"), to whom we pass on the data you provided during registration. The data you enter (e.g. email address) will be stored on HubSpot's servers in Germany. We are obliged to inform you that data may be processed by HubSpot Inc. in the USA in the context of support and maintenance. The USA does not represent a safe third country. Thus, it cannot be ruled out that your data will be used for other purposes without your knowledge and that it will not be possible for you to exercise your data subject rights. In particular, this cannot be ruled out by law enforcement and intelligence agencies. By giving your consent for these services, you confirm that you are aware of these risks and accept them (Art. 49 Sect. 1 a GDPR).

Data shall be archived in compliance with the statutory retention mandates (Art. 13 Sect. 2 a GDPR)

A deletion of the lottery data takes place in principle after the drawing of the winners and its announcement. The data of the winners will be stored until the complete transmission of the prize and then deleted.

In the event of consent to the e-mail newsletter, the data will be stored until revocation of consent by the person concerned.

Right to revoke (Art. 13 Sect. 2 c GDPR)

If you have consented to the processing of your data, you have the right to revoke this at any time for the future. This does not affect the legality of the processing until revoked. For this purpose, please contact the responsible office using the contact details provided.

If you receive the e-mail newsletter, you can also declare your cancellation at any time via the unsubscribe link contained in every e-mail.

We would like to point out that if the data processing for the competition is revoked, the data for the drawing and provision of the prize cannot be taken into account by the person responsible.

Right to information, correction, deletion, restriction, data transferability and objection (Art. 13, Sect. 2 b GDPR)

As the person concerned, you have the right to information, correction and deletion of your data at any time and to restriction of processing as well as the right to data transferability. Please contact the person in charge at the contact details provided.

Right to file a grievance

If you have any complaints, you can contact the responsible state representative for data protection and freedom of information for Baden-Württemberg at any time.

Information requirements on the use of Microsoft 365

Our handling of your data and your rights - Information according to Articles 13 & 14 of the General Data Protection Regulation (GDPR)

The security of your data and the protection of your personal rights is an important and serious concern for us. Therefore, we process your personal data exclusively on the basis of applicable law. We are subject to the European Data Protection Regulation (GDPR), as well as the Federal Data Protection Act (BDSG). Data processing only takes place if the legality is checked in advance and corresponding legal bases are available. In the following, we inform you about the processing of your personal data by us and the claims and rights to which you are entitled under the data protection regulations. 

These information requirements inform you how data is processed when data processing is carried out via our Microsoft Tenant. For more information about data processing by Microsoft or about the cookies set by Microsoft, please refer to Microsoft's privacy policy.

1. Who is responsible for data processing?

diconium GmbH
Rommelstraße 11
70376 Stuttgart
Email: info@diconium.com

2. Has a data protection officer been appointed?

The diconium Group attaches great importance to the secure handling of your data and has appointed a data protection officer:

diconium digital solutions GmbH
Rommelstraße 11
70376 Stuttgart
Personally responsible: Mr. Michael Knof

Email: datenschutz@diconium.com

3. MS Teams

We use Microsoft Teams to make phone calls, video conferences, or share data and information with you as a guest.

3.1. Phone calls (Art. 6 Abs.1 f GDPR)

If you call or are called by our landline number, it will be logged as an itemized bill in Microsoft Teams. Users can see their phone number in full in their call history. Administrators can only view their phone number anonymously in the itemized bills. At least the last 4 digits of the phone number are not displayed.

If the call is from or to a Microsoft Teams account, the Microsoft Teams username is documented in the itemized bill.

Administrative itemized bills are stored for 30 days and then deleted.

Data processing is done for the interest of providing telephone services and to prevent track security incidents, misuse of telephone lines as well as excessive operational costs.

3.2. Video conference (Art. 6 Abs. 1 f GDPR)

If you participate in a videoconference by telephone, the data is processed as described in 3.1. If you participate in the video conference via the Teams applications or via browser, your video signal, your audio signal and your IP address will be processed, depending on what you enable. In addition, an administrative connection log is created. If you participate in a video conference with a registered Teams account, your username will be logged. Guest users are logged as Anonymous participants. The log records the duration of your participation, as well as the connection quality.

The connection log is deleted after 30 days.

The data processing is done in the interest of providing video conferencing and to be able to trace to be able to track security incidents.

Participation in video conferences is voluntary. In addition, participants decide for themselves whether to transmit their audio or video signal.

3.3. Recording of video conference (Art. 6 Abs. 1 a GDPR)

In individual cases, it may be necessary to record video conferences. In this case, you will already be informed of this when you receive the invitation. You will also be informed again before the recording starts. Microsoft Teams also informs you once again via a pop-up window or, in the case of telephone participants, via a voice message, that a recording has been started.

Participation in appointments that are recorded is voluntary. With your participation and prior information, you implicitly consent to the recording. You can object to the recording at any time without stating a reason for the future by leaving the conference or by declaring your objection via the contact details provided above.

As a matter of principle, recordings will only be made available to the participants who were scheduled to attend the conference. Publication will only take place with the express separate consent of the persons reproduced in the recording by image or sound.

The team screen view and the audio output and input of the person who started the recording will be recorded. This includes audio and video signals as well as the user names and abbreviations specified in teams. If a screen transmission of a participant takes place, this is also recorded.

3.4. Teams channels and chats (Art. 6 Abs. 1 f GDPR)

If you chat with us via teams, the content you provide, such as files and voice messages, will be stored for the purpose of processing your request or order. Channel messages, group chats or chats in conferences are visible to all participants as long as you do not write to certain persons via private messages. 1 to 1 chats are only visible to the persons involved in the communication.

Chat messages are deleted after 6 years.

4. MS Forms

Surveys are partly implemented with Microsoft Forms. Surveys can be created digitally using Microsoft Forms and completed via a link.

Surveys are basically anonymous and no data of the data subject is requested or processed by the data controller. However, it cannot be ruled out that personal information will be provided in the responses. The information is processed on the basis of the company's interest (Art. 6 para. 1 f GDPR) in the truthful reflection of the survey results. The information is stored until the survey is evaluated and then deleted. As a matter of principle, the data will not be transferred to third parties.

If surveys are not conducted anonymously or data is passed on to third parties, you will be informed of this before the start of the survey and your consent (Art. 6 para. 1 a GDPR) will be obtained.

Participation in surveys is voluntary. You can refuse participation at any time without giving a reason. If you have participated in a personal survey, you can withdraw your consent at any time without giving a reason for the future by contacting us at the above contact details.

When using Microsoft Forms, Microsoft sets cookies in order to conduct the survey on our behalf:

Cookie

Storage time

   

MUID

1 Year

FormsWebSessionId

1 Month

usenewauthrollout

1 Month

DcLcid

3 Month

__RequestVerificationToken

With closing the browser

MicrosoftApplications
TelemetryDeviceId

1 Year

ai_session

30 Minutes

MSFPC

1 Year

SRM_B

1 Year

MC1

1 Year

MS0

30 Minutes

In order to provide the MS Forms surveys, Microsoft also collects your IP address and information about your browser and operating system in order to provide the web content. This information may be used in web logging for web application security and is stored by Microsoft for 180 days.

5. Encrypted e-mails (Art. 6 Abs. 1 f GDPR)

If you receive encrypted emails with Microsoft's proprietary message encryption and you do not use MS 365 for your emails, you can view the message online. To do this, you will receive a link via email that you can use to start the retrieval. If you call the web content, a one-time password will be sent to you by e-mail, with which you can verify yourself. After verification, the email content is available to you. You can also return protected messages to the sender.

To provide online content, Microsoft processes your IP address and information about your browser and operating system. This information may be included in web logging for web application security and is stored by Microsoft for 180 days.

If you call up content via your web browser, the following cookies are also set:

Cookie

Storage time

   

X-E4E-CorrelationId

With closing the browser

X-AnonResource

With closing the browser

ClientId

1 Year

X-OmeVersion

With closing the browser

X-ConsumerEncryption

With closing the browser

X-CfmRecipientAddress

With closing the browser

E4EAnchorMailbox

With closing the browser

X-RecipientEmailAddress

With closing the browser

X-SenderEmailAddress

With closing the browser

X-SenderOrganization

With closing the browser

X-MessageId

With closing the browser

X-StoreObjectId

With closing the browser

X-RecipientPrimarySmtp

With closing the browser

X-OTPItemId

With closing the browser

X-SenderExternalOrganizationId

With closing the browser

6. Data processing in Office Online (Art. 6 Abs. 1 f GDPR)

If documents are shared with you in Office Online (Word, Excel, PowerPoint, etc.), you can edit or comment on these documents depending on the rights assigned. To provide Office Online, Microsoft collects your IP address and information about your browser and operating system to provide the web content. This information may be used in web logging for web application security and is stored by Microsoft for 180 days.

If you are not logged in to Microsoft when you access content, any changes or comments you make to the content will be logged as "Guest User". If you are logged in to Microsoft, changes and comments are associated with your user name.

If you access content through your web browser, the following cookies are also set:

Cookie

Storage time

   

MSPRequ

With closing the browser

MSCC

1 Year

OParams

With closing the browser

MSPOK

With closing the browser

FedAuth

With closing the browser

KillSwitchOverrides
_enableKillSwitches

With closing the browser

KillSwitchOverrides
_disableKillSwitches

With closing the browser

WordWacDataCenter

6 Month

WacDataCenter

6 Month

uaid

With closing the browser

WacUPToggleState

1 Year

PrivNote

1 Year

timeZoneId

1 Year

PNL1-ARRAffinity

With closing the browser

DcLcid

3 Month

DE5-Excel-ARRAffinity

With closing the browser

DE5-ARRAffinity

With closing the browser

ShCLSessionID

With closing the browser

PageLoadSkeletonState

1 Year

ExcelIsPreviousSession
SimplifiedRibbonOn

1 Year

ExcelWacDataCenter

6 Month

BIGipCookie

With closing the browser

PowerPointWacDataCenter

6 Month

VisioWacDataCenter

6 Month

RpsContextCookie

1 Tag

OneNoteWacDataCenter

6 Month

7. Guest access (Art. 6 Abs. 1 f GDPR)

People who collaborate with us more often can get a guest account. To create a guest account, their name, their email address or an email address assigned by us, and their username will be processed to grant them access to shared Microsoft 365 resources (Teams, SharePoint, OneDrive, etc.).

Access attempts to Microsoft 365 are logged. Likewise, the use of the services, as well as the use of data and files is logged, indicating their username and the time of modification. Likewise, data are processed that they enter in the context of the use in the services.

The data processing is based on the interest to fulfill the common tasks and orders.

As a guest you can also store a profile picture. The depositing of a profile picture takes place voluntarily without the instigation of the responsible person. By depositing your profile picture, you consent to the data processing (Art. 6 para. 1 a GDPR). You can revoke your consent at any time by deleting or replacing the profile picture, or by sending your revocation to the contact details provided above.

If you participate in Teams conferences with your guest account, further connection data will be collected. In particular, data will be collected on the end devices you use (device type, device name, operating system, camera, speakers, graphics card, network card) and on your network connection (IP address). 

Data linked to your profile will be completely removed from Microsoft 90 days after deletion of the profile.

8. Who gets access to this data?

We use Microsoft 365 to digitize and simplify communication with you. In principle, only persons involved in the communication will have access to the data. If it is necessary for the fulfillment of our tasks, other persons, affiliated companies or service providers required to process your requests in individual cases may also be involved.

To maintain IT operations and for security incidents, it may also be necessary for affiliated companies, IT maintenance, support service providers or IT security experts to have access to the data.

In addition, Microsoft has access to your data to maintain service, ensure security, and provide support in the event of problems. Access by the service provider is limited to the minimum necessary. The employees are bound to confidentiality and extensive technical and organizational measures have been taken to protect your data. The data transfer takes place on the basis of commissioned processing (Article 28 GDPR).

9. If data is transferred to a third country or to an international organization?

The data processing is carried out with the help of cloud systems of Microsoft Ireland Operations Limited. Data storage takes place within the EU. If problems arise during data processing, it may be necessary to call on the support of other Microsoft companies and service providers, which may be located in different third countries. In this case, it cannot be ruled out that the support will gain access to the personal data in order to rectify the problem. In this case, a standard EU contract has been concluded which regulates the security and handling of personal data in accordance with data protection requirements.

10. What rights do you have?

10.1. Right to information

As a data subject, you have the right to ask us at any time whether personal data concerning you is being processed by us. If this is the case, you have the right to receive information about the data processed about you.

10.2. Right to correction

As a data subject, you have the right to inform us at any time of any inaccurate data relating to you and to request that it be corrected accordingly.

10.3. Right to deletion

As a data subject, you have the right to request that the personal data concerning you be deleted at any time. In such a case, we will carry out a detailed review and delete said data if the requirements for this are met.

10.4. Right to restriction of processing

As a data subject, you have the right to request the restriction of processing at any time. In such a case, we will carry out a detailed review and restrict access to and use of said data, provided that the requirements for this are met.

10.5. Right to data portability 

If the data processing is based on consent or a contract, you as the data subject have the right at any time to have us provide you with personal data relating to you or to request that we transfer personal data relating to you to another controller, if technically feasible.

10.6. Right of objection

Insofar as the processing of your data is carried out to protect legitimate interests, you have the right to object to this processing at any time using our contact details provided if reasons arise from your particular situation that conflict with this data processing. We will then stop this processing unless it serves overriding interests worthy of protection on our part.

10.7. Right of revoke

If you have consented to the processing of your data, you have the right to revoke this consent at any time for the future. The lawfulness of the processing until the revocation is not affected by this. To do so, please contact the responsible office using the contact details provided.

10.8. Right of appeal 

As a data subject, you can contact the responsible State Commissioner for Data Protection and Freedom of Information Baden-Württemberg at any time with complaints.