Data protection notice for the use of collaboration platforms

Data protection notice

for the use of collaboration platforms

Stand: 15.11.2021

This data protection notice for the use of collaboration platforms (for example Microsoft Teams, SharePoint Online) provides you with an overview of the processing of your personal data by DZ BANK and your rights as a data subject as per data protection legislation.

The data protection notice is generally addressed to all persons affected by data processing who use the collaboration platform.

 

1    Who is responsible for data processing and who can you contact?


Controller:
DZ BANK AG
Deutsche Zentral-Genossenschaftsbank,
Frankfurt am Main
(kurz: DZ BANK)
Platz der Republik
60325 Frankfurt am Main
Telefon: +49 69 7447-01
Telefax: +49 69 7447-1685
E-Mail: mail@dzbank.de

You can contact our data protection officer at the same address above (DZ BANK AG)
 
or via
telephone: +49 69 7447-94101
fax: +49 69 427267-0539
e-mail: datenschutz@dzbank.de

 

2    What sources and data does DZ BANK use?

When using collaboration platforms (e.g. Microsoft Teams, SharePoint Online), different types of data categories are processed. The scope of the data depends on the information you provide before or during participation in an "online meeting".

The following personal data are subject to processing:

User details: e.g. display name, e-mail address if applicable, profile picture (optional), preferred language.

Meeting metadata: e.g. date, time, meeting ID, phone numbers, location

Text, audio and video data: You may have the opportunity to use the chat function in an "online meeting". To this extent, the text entries you make will be processed for the purpose of displaying them in the "online meeting". In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed during the meeting. You can turn off or mute the camera or microphone yourself at any time via the "Microsoft Teams" applications.

 

3    For what purpose does DZ BANK process your data and on what legal basis?

We use collaboration platforms (for example Microsoft Teams, SharePoint Online) "Microsoft Teams" to conduct "On-line Meetings". In case we wish / intend to record "online meetings", we will communicate this to you in advance before the recording starts and - if necessary - ask you for your consent.

The chat content is logged when using Microsoft Teams. Files that users share in chats are saved in the OneDrive for Business account of the user who shared the file. The files that team members share in a channel are saved on the team's SharePoint website.

3.1    In order to fulfil contractual obligations (Article 6 (1) lit. b GDPR)

3.2   Personal data is being processed due to the agreed terms of use. These constitute the legal basis for the data processing. For the purpose of legitimate interests (Article 6 (1) lit. f GDPR)

If required, DZ BANK process your data beyond the scope of simply performing the contract for the purpose of legitimate interests pursued by us or a third party, unless your interests in the protection of your personal data override the interests pursued by us or a third party.

Examples:

  • asserting legal claims and defending against legal disputes;
  • guaranteeing the security and functionality of DZ BANK’s IT system;
  • preventing and resolving criminal offences;
  • measures related to management and the improvement of services and products,
  • risk management within the DZ BANK Group.

3.3   Compliance with legal obligations (Article 6(1) lit. c GDPR)

DZ BANK has certain legal obligations, which arise directly from legislation and regulatory requirements. The purposes for which we process your personal data include the compliance with retention, control and reporting obligations under tax law and evaluating and managing risks within DZ BANK and the DZ BANK Group.

 

4   Who are the recipients of your data?

Your data is only made available within the bank to the extent required in order for us to comply with our contractual and statutory obligations. Processors we commission under (Article 28 of the GDPR) may also receive and process data for the aforementioned purposes.

 

5   Is data transferred to a third country or an international organisation?

A transfer to locations in third countries is provided for in the following cases:

In individual cases, it may be required to transfer your personal data to an IT service provider in the USA or another third country to ensure the Bank's IT operations. The transfer of personal data takes place in compliance with the European level of data protection.

Within the scope of transferring data to its own foreign branches and representative offices, DZ BANK has ensured its employees working there are committed to the internal instructions and guidelines applicable in Germany and to a level of data protection that corresponds to that at the head office.

 

6   For how long is your data stored?

DZ BANK processes and stores all necessary personal data for the duration of our business relationship. This includes the periods required to prepare and wind up a contract. Please note that our business relationship, especially to our customers, is likely to last for a number of years.

DZ BANK is also subject to a variety of retention and documentation obligations arising from national commercial and tax legislation, in addition to legal requirements for banking institutions. In Germany, the retention and documentation periods specified in this legislation last up to ten years.

The retention period is ultimately determined on the basis of national statutory limitation periods. Sections 195 et seq. of the German Civil Code, for example, specify a standard limitation period of three years. However, these limitation periods can last up to 30 years in certain circumstances.

In all cases, the standard retention periods described here may be extended if such data is required to assert, exercise or defend legal claims.

 

7   What rights do you have as a data subject?

Every data subject has a right of access in accordance with Article 15 of the GDPR, a right to rectification in accordance with Article 16 of the GDPR, a right to erasure (“right to be forgotten”) in accordance with Article 17 of the GDPR, a right to restriction of processing in accordance with Article 18 of the GDPR, a right to data portability in accordance with Article 20 of the GDPR, a right to object in accordance with Article 21 of the GDPR (specific information provided later on in this data protection notice). You also have the right to lodge a complaint with a supervisory data protection authority in accordance with Article 77 of the GDPR.

 

8  Information regarding your right to object under Article 21 GDPR

8.1  Right to object on a case-by-case basis

You have the right to object at any time on grounds relating to your particular situation to processing of personal data concerning you that is carried out on the basis of Article 6 (1) lit. f GDPR (processing of data based on a legitimate interest).

If you object, we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or the processing is for the purpose of establishment, exercise or defence of legal claims.

8.2  Objection

Objections may be made via any of the contact channels detailed above. There are no formal requirements for submitting objections.

 

9   Updates

We modify and/or update this data protection notice, particularly in response to new technological developments, in response to amended statutory and/or official requirements and organisational changes. These modifications and/or updates are posted on our website at www.dzbank.com/dataprotection. Upon request, we provide our current data protection notices as a file (PDF) or on paper, but we recommend you always refer to our website for the most recent updates. If any changes are made, we will always check if we are required to inform you of them proactively and, should this be the case, we will fulfil our obligation to do so. Otherwise, we will only replace files or printouts with the latest versions if this is something that you have requested.

Contact

Contact information for data protection enquiries

Data protection officer, DZ BANK AG

Email address: datenschutz@dzbank.de

Controller

DZ BANK AG

Platz der Republik

60265 Frankfurt am Main

Telephone: 069 74 47-01

Fax: 069 74 47-16 85 

Email address: mail@dzbank.de