Mein Account

USDE

Data protection information for online meetings, telephone/video conferences and webinars via “Microsoft Teams”

In accordance with the provisions of Art. 13 and 14 of the General Data Protection Regulation (GDPR), we would like to inform you below about the processing of personal data in connection with the use of Microsoft Teams and Zoom.

Microsoft Teams

We would like to inform you below about the processing of personal data in connection with the use of Microsoft Teams.

Purpose of the processing

We use the “Microsoft Teams” tool to conduct phone conferences, online meetings and/or video conferences (hereinafter referred to as “online meetings”). 

The tool also offers the option of sharing the screen, recording conversations, saving chat content and, depending on the version used, also transcribing conversation content and having it summarized into a conversation log using artificial intelligence.

The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South Country Business Park, Leopardstown, Dublin 18, Ireland. The parent company is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, which is headquartered in the United States of America.

Responsible for data processing

We, Leela Lab UG (limited liability company), Moos 6, 86983 Lechbruck am See, Germany, are responsible for data processing that is directly related to the organization of online meetings. Represented by the managing director: Philipp Samor von Holtzendorff-Fehling. 

Data protection officer

We are not obliged to appoint a data protection officer.

Scope of the processing

We use Microsoft Teams to conduct online meetings. If we wish to record an online meeting, we will inform you transparently before the recording begins and – if necessary – ask for your consent. The fact of the recording will also be displayed to you in the Teams app.

If it is necessary for the purpose of logging the results of an online meeting, we will download and save any chat content afterwards. 

We also use Microsoft Copilot for Microsoft 365 (hereinafter referred to as “Copilot”). This is an assistant function with artificial intelligence that makes it possible to transcribe video calls and summarize the most important content in the form of a call log. If we have the call content transcribed, we will inform you transparently in advance and – if necessary – ask for your consent.

What data is processed?

Various types of data are processed when you use Microsoft Teams. The scope of the data also depends on what data you provide before or when participating in an online meeting, whether you share your screen, for example, and whether the video call is recorded or transcribed.

The following personal data is processed:

User details: first name, last name, telephone (optional), password (optional), email address, profile picture (optional), department (optional).

Meeting metadata: Topic, description (optional), participant IP addresses, device/hardware information.

For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.

When dialing in by phone: information on the incoming and outgoing phone number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be saved.

Text, audio and video data: You may have the opportunity to use the chat, question or survey functions in an online meeting. In this respect, the entries you make or views you grant are processed in order to display them in the online meeting and, if necessary, to log them. If transcription is activated, your voice is also recorded and spoken words are written down in text and summarized using artificial intelligence. To enable the display of video and playback of audio, the data from the microphone of your end device and from any video camera of the end device is processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the “Teams applications”.

The conference tools collect all data that you provide to use the tool (e-mail address, name, telephone number if applicable). If content is exchanged, uploaded or provided in any other way during the conference (e.g. screen sharing), this is also processed on Microsoft’s servers.

Copilot accesses content and context via Microsoft Graph. The tool uses a combination of LLMs (Large Language Models), an AI (Artificial Intelligence) algorithm that uses deep learning techniques and large datasets to understand, summarize, predict and generate content. To do this, Copilot receives real-time access to the respective business customer’s data from Microsoft Graph in order to generate company-specific and context-related answers.  Copilot can access all data stored in the respective tenant and use this information for analysis. A tenant is an isolated instance in Microsoft cloud services such as Azure, Office 365 or Microsoft 365 that is assigned to an individual customer or organization. Only the data for which the individual user has at least one display authorization is displayed.

Legal basis for data processing

The legal basis for data processing when conducting online meetings is Art. 6 para. 1b GDPR, insofar as the meetings are conducted within the framework of contractual relationships. If neither a contract nor pre-contractual measures are involved and you have given us your express consent to this data processing, the legal basis is Art. 6 para. 1a GDPR. Consent given can be withdrawn at any time with effect for the future (see section Rights as a data subject). If the processing is carried out to fulfill legal obligations and the processing is necessary and legally permissible, the data processing is based on Art. 6 para. 1c GDPR. In addition, in justified circumstances, the processing may also be based on Art. 6 para. 1f GDPR (legitimate interest).

Recipients / disclosure of data

Personal data that is processed in connection with participation in online meetings is not passed on to third parties unless it is intended to be passed on. Please note that content from online meetings and face-to-face meetings is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.

Other recipients: Microsoft necessarily receives knowledge of the above-mentioned data insofar as this is provided for in our order processing contract with Microsoft.

Otherwise, data will only be passed on to recipients outside the company if this is permitted or required by law, if the transfer is necessary for the processing and thus for the fulfillment of the contract or, at your request, for the implementation of pre-contractual measures, if we have your consent or if we are authorized to provide information. Under these conditions, recipients of personal data may be, for example

  • Public bodies and institutions (e.g. public prosecutor’s office, police, supervisory authorities, tax office) if there is a legal or official obligation,
  • Recipients to whom the transfer is directly necessary for the establishment or fulfillment of a contract, such as credit agencies.

 

Location of data processing

Microsoft is a service whose parent company is based in the United States of America. The processing of data during the video call takes place regularly within the European Economic Area.

Microsoft 365 calls and also Microsoft Copilot for Microsoft 365 calls to the LLM (Large Language Model) are routed to the nearest data centers in the region, but can also call other regions where capacity is available during busy periods. For users from the European Union (EU), Microsoft has taken additional security precautions to comply with the EU data border (https://learn.microsoft.com/de-de/privacy/eudb/eu-data-boundary-learn). EU traffic remains within the EU data boundary, while global traffic can be sent to the EU and other countries or regions for LLM processing. (https://learn.microsoft.com/de-de/copilot/microsoft-365/microsoft-365-copilot-privacy).

In order to ensure an appropriate level of data protection, an order processing agreement has been concluded with Microsoft as part of the General Terms and Conditions, as well as additional EU standard contractual clauses as a further guarantee. Microsoft is also actively certified in accordance with the EU-US Data Privacy Framework, an agreement between the US and the European Union (https://www.dataprivacyframework.gov/list). The agreement is intended to ensure that European data protection standards are complied with during processing. Further information on data processing on the Microsoft website can be found in Microsoft’s privacy policy (https://privacy.microsoft.com/de-de/privacystatement).

Otherwise, personal data will only be transferred to countries outside the European Economic Area or to an international organization if this is necessary for the processing and thus for the performance of the contract or, at your request, for the implementation of pre-contractual measures, if the transfer is required by law or if you have given us your consent.

Safeguards

Microsoft 365 and Copilot comply with Microsoft’s existing privacy, security, and compliance obligations to Microsoft 365 commercial customers, including the General Data Protection Regulation and the European Union Data Boundary.

Prompts, responses, and data accessed through Microsoft Graph will not be used to train basic LLMs, including those used by Copilot, according to Microsoft.

Microsoft promises to handle the data to which AI is given access responsibly and has drawn up internal guidelines to this end:  Microsoft AI Principles and the Microsoft Responsible AI Standards: https://www.microsoft.com/de-de/ai/principles-and-approach. 

Copilot works with several protective measures, including, but not limited to, blocking harmful content, recognizing protected material and blocking prompt injection (jailbreak attacks).

Further information on data processing and data security by Microsoft in general can be found here: https://privacy.microsoft.com/en-gb/privacystatement. Further information on data processing and data security specifically in connection with the use of Copilot can be found here: https://learn.microsoft.com/de-de/copilot/microsoft-365/microsoft-365-copilot-privacy.

Automated decision-making

In principle, we do not use fully automated decision-making in accordance with Art. 22 GDPR to establish, fulfill or implement the business relationship or for pre-contractual measures. If we use these procedures in individual cases, we will inform you of this separately or obtain your consent if this is required by law.

Necessity of the provision of personal data

The provision of personal data by you is primarily voluntary, including for the decision on the conclusion of a contract, the fulfillment of a contract or for the implementation of pre-contractual measures. However, we can only make a decision within the framework of contractual measures if you provide personal data that is necessary for the conclusion of the contract, the fulfillment of the contract or pre-contractual measures.

Your rights as a data subject

You have the right to information about the personal data concerning you. You can contact us at any time for information. In the case of a request for information that is not made in writing, we ask for your understanding that we may require proof from you that you are the person you claim to be. Furthermore, you have a right to rectification or erasure or to restriction of processing, insofar as you are legally entitled to do so. Finally, you have the right to object to processing within the scope of the statutory provisions. You also have the right to data portability within the framework of the data protection regulations. You have the right to complain to a data protection supervisory authority about the processing of personal data by us.

Deletion of data

We will delete the data we have collected about you as soon as you ask us to delete it, you revoke your consent to its storage or the purpose for data processing no longer applies and there are no other overriding reasons in accordance with the applicable data protection laws, such as statutory retention obligations, to the contrary. In the case of statutory retention obligations, deletion will only be considered after the respective retention obligation has expired.

Zoom

We would like to inform you below about the processing of personal data in connection with the use of Zoom.

Purpose of the processing

We use the “Zoom” tool to conduct telephone conferences, online meetings and/or video conferences (hereinafter referred to as “online meetings”). 

The tool also offers the possibility to share the screen, record conversations, save chat content and, depending on the version used, to transcribe conversation content and have it summarized into a conversation log using artificial intelligence.

Zoom is a service of Zoom Communications Inc, San Jose, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. 

Responsible for data processing

We, Leela Lab UG (limited liability company), Moos 6, 86983 Lechbruck am See, Germany, are responsible for data processing that is directly related to the holding of online meetings. Represented by the managing director: Philipp Samor von Holtzendorff-Fehling. 

Data protection officer

We are not obliged to appoint a data protection officer.

Scope of the processing

We use Zoom to conduct online meetings. If we wish to record an online meeting, we will inform you transparently before the recording begins and – if necessary – ask for your consent. The fact of the recording will also be displayed to you in Zoom and you will be notified by Zoom.

If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content.

In addition, Zoom uses artificial intelligence which, depending on the settings and version, makes it possible to transcribe video calls and summarize the most important content in the form of a call log. If we have the call content transcribed, we will inform you transparently in advance and – if necessary – ask for your consent. 

What data is processed?

Various types of data are processed when you use Zoom. The scope of the data also depends on the data you provide before or during participation in an online meeting.

The following personal data is processed:

  • Profile and participant information: Information provided by a participant joining a meeting, such as name, display name, picture, email address, phone number, job information, specified location, user ID or other information provided by the user and/or their account holder. In addition, whether the subscriber has their own license. 
  • Device information: Information about the computers, phones and other devices used when interacting with Zoom products and services, such as information about speakers, microphone, camera, operating system version, hard disk ID, PC name, MAC address, IP address (which can be used to generally infer location at a city or country level), device attributes (such as operating system version and battery level), Wi-Fi information and other device information (such as Bluetooth signals).
  • Content and context from meetings, webinars, messaging and other collaborative work features: Content generated in meetings, webinars or messages hosted in Zoom products and services (“Customer Content”), including audio, video, meeting messages, whiteboards inside and outside of meetings, chat content, transcripts, transcript edits and recommendations, responses to post-meeting or webinar feedback requests sponsored by the account holder/host, responses to polls and Q&As, files, and associated context, such as invitation details, meeting or chat name, or meeting agenda. invitation details, name of the meeting or chat or agenda of the meeting. Depending on the account holder’s settings, what we have shared, our settings and what we do in the Zoom products and services, the content may include voice and image. 
  • Information about the use of meetings, webinars, chat, collaborative working features and the website: Information about how people and their devices interact with Zoom products and services, such as: when participants join and leave a meeting; whether participants have sent messages and with whom they exchange messages; performance data; mouse movements, clicks or actions (such as mute/unmute or video on/off), features used (such as screen sharing, emojis or filters) and other usage information and metrics. 
  • When used by us: limited information from the “Zoom Mail” and “Zoom Calendar” services
  • Content from third-party integrations: We as users can access third-party email and calendar services via the Zoom application if we integrate them. Zoom has partial access to this.

 

You can find more information about what data Zoom processes from you here: https://explore.zoom.us/de/privacy/. 

Legal basis for data processing

The legal basis for data processing when conducting online meetings is Art. 6 para. 1b GDPR, insofar as the meetings are conducted within the framework of contractual relationships. If neither a contract nor pre-contractual measures are involved and you have given us your express consent to this data processing, the legal basis is Art. 6 para. 1a GDPR. Consent given can be withdrawn at any time with effect for the future (see section Rights as a data subject). If the processing is carried out to fulfill legal obligations and the processing is necessary and legally permissible, the data processing is based on Art. 6 para. 1c GDPR. In addition, in justified circumstances, processing may also be based on Art. 6 (1f) GDPR (legitimate interest).

Recipients / disclosure of data

Personal data that is processed in connection with participation in online meetings is not passed on to third parties unless it is intended to be passed on. Please note that content from online meetings as well as face-to-face meetings is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.

Other recipients: Zoom necessarily receives knowledge of the above-mentioned data insofar as this is provided for in our order processing contract with Zoom.

Otherwise, data will only be passed on to recipients outside the company if this is permitted or required by law, if the transfer is necessary for the processing and thus for the fulfillment of the contract or, at your request, for the implementation of pre-contractual measures, if we have your consent or if we are authorized to provide information. Under these conditions, recipients of personal data may be, for example

  • Public bodies and institutions (e.g. public prosecutor’s office, police, supervisory authorities, tax office) if there is a legal or official obligation,
  • Recipients to whom the disclosure is directly necessary for the establishment or fulfillment of a contract, such as credit agencies.

 

Place of data processing

Zoom is a service provided by a provider from the USA. Personal data is therefore also processed in a third country. 

In order to ensure an appropriate level of data protection, an order processing agreement and additional EU standard contractual clauses have been agreed with Zoom as a further guarantee. Zoom is also actively certified in accordance with the EU-US Data Privacy Framework, an agreement between the USA and the European Union (https://www.dataprivacyframework.gov/list). The agreement is intended to ensure that European data protection standards are complied with during processing. Further information on data processing on the Zoom website can be found in Zoom’s privacy policy (https://explore.zoom.us/de/privacy/).

Otherwise, personal data will only be transferred to countries outside the European Economic Area or to an international organization if this is necessary for the processing and thus for the performance of the contract or, at your request, for the implementation of pre-contractual measures, if the transfer is required by law or if you have given us your consent.

Automated decision-making

In principle, we do not use fully automated decision-making in accordance with Art. 22 GDPR to establish, fulfill or implement the business relationship or for pre-contractual measures. Should we use these procedures in individual cases, we will inform you of this separately or obtain your consent if this is required by law.

Necessity of the provision of personal data

The provision of personal data by you is primarily voluntary, also for the decision on the conclusion of a contract, the fulfillment of a contract or for the implementation of pre-contractual measures. However, we can only make a decision within the framework of contractual measures if you provide personal data that is necessary for the conclusion of the contract, the fulfillment of the contract or pre-contractual measures.

Your rights as a data subject

You have the right to information about the personal data concerning you. You can contact us at any time for information. In the case of a request for information that is not made in writing, we ask for your understanding that we may require proof from you that you are the person you claim to be. Furthermore, you have a right to rectification or erasure or to restriction of processing, insofar as you are legally entitled to do so. Finally, you have the right to object to processing within the scope of the statutory provisions. You also have the right to data portability within the framework of the data protection regulations. You have the right to complain to a data protection supervisory authority about the processing of personal data by us.

Deletion of data

We delete the data collected by us via Zoom as soon as you ask us to delete it, you revoke your consent to storage or the purpose for data processing no longer applies and there are no other overriding reasons in accordance with the applicable data protection laws, such as statutory retention obligations, to the contrary. In the case of statutory retention obligations, deletion will only be considered after the respective retention obligation has expired.

Newsletter
Jetzt kostenlos anmelden und 10% Rabatt auf die nächste Bestellung erhalten.

Jetzt anmelden
Facebook-f Instagram Youtube Telegram Linkedin

DIESE WEBSITE STELLT KEINE MEDIZINISCHE BERATUNG DAR. Die auf dieser Website enthaltenen Informationen, einschließlich, aber nicht beschränkt auf Video-, Audio-, Text-, Grafik-, Bild- und andere Materialien, dienen nur zu Informationszwecken. Der Zweck dieser Website ist es, das Verständnis und das Wissen der Verbraucher über verschiedene Gesundheits- und andere Themen zu fördern. Sie dient nicht als Ersatz einer professionellen medizinischen Beratung, Diagnose oder Behandlung. Fragen Sie immer Ihren Arzt oder andere qualifizierte Gesundheitsdienstleister, wenn Sie Fragen zu einem medizinischen Anliegen oder einer Behandlung haben, und bevor Sie eine neue Gesundheitsmaßnahme ergreifen, und ignorieren Sie niemals einen professionellen medizinischen Rat oder zögern Sie nicht, diesen einzuholen, aufgrund von Informationen, die Sie auf dieser Website gelesen haben. Leela Quantum Tech® und Leela Lab UG empfehlen oder befürworten keine spezifischen Tests, Ärzte, Verfahren, Meinungen oder andere Informationen, die auf dieser Website erwähnt werden. Das Vertrauen in die Informationen auf dieser Website erfolgt ausschließlich auf eigenes Risiko. Die auf dieser Website gemachten Aussagen wurden nicht von der Food and Drug Administration (FDA), der EFSA oder einer anderen staatlichen Einrichtung geprüft. Die Produkte von Leela Quantum Tech® sind nicht dazu bestimmt, Krankheiten zu diagnostizieren, zu behandeln, zu heilen oder zu verhindern. Die Produkte von Leela Quantum Tech® sollen ausschließlich der Unterstützung des Wohlbefindens dienen.