Kontrast

Nexia Website Nexia Website
Nexia GmbH
Wirtschaftsprüfungsgesellschaft
Steuerberatungsgesellschaft
Georg-Glock-Straße 4
40474 Düsseldorf
+49 211 171700
kontakt@nexia.de
Print

Privacy Notice Microsoft Teams

Information pursuant to Art. 13, 14 of the GDPR about the use of your personal data


Responsible entity and contact information

The responsible entity within the meaning of data protection law is

Nexia GmbH
Wirtschaftsprüfungsgesellschaft | Steuerberatungsgesellschaft
Georg-Glock-Straße 4, 40474 Düsseldorf, Germany

You will find further information about our company, details of the persons authorized to represent us and also further contact options in our Legal Notice on our website.
https://www.nexia.de/legal-notice

Contact details of the data protection officer: datenschutz@nexia.de

Note: If Microsoft's online services, such as www.teams.microsoft.com, are used, Microsoft is responsible for data processing as the provider of ‘Microsoft Teams’. The use of ‘Microsoft Teams’ online services is required, for example, in order to use the Microsoft Teams web app. This may result in additional data processing by Microsoft.


Purpose of the processing

We use Microsoft Teams to conduct telephone conferences, online meetings, video conferences and/or web conferences (hereinafter: online meetings). Microsoft Teams is a service of Microsoft Corporation.

Unless Nexia is your employer, Nexia is not responsible for the privacy and security practices of its customers that arise in the use of this product, but merely makes portions of these services available to you. Please note that when using these Services, you must always comply with your company‘s privacy policy when processing personal data. 

Data processing is carried out for the purpose of enabling Nexia employees and customers to work and communicate collaboratively.
 

Legal basis for data processing

Nexia processes your data on the following legal basis: for the performance of a contract concluded with you or in execution of pre-contractual measures with you (Art. 6 (1)(b) GDPR), for the processing of your data in the context of your employment with Nexia (§ 26 BDSG) or within the framework of a consideration of the legitimate interests of Nexia to maintain and ensure proper operation of IT, safeguarding of business records, archiving of data in the event that longer retention periods than those specified by data protection are applicable (Art. 6 (1)(f) GDPR). In addition, Nexia may process your data on the basis of your consent (Art. 6 (1)(a) GDPR). If there is no contractual relationship, the legal basis is Art. 6 (1)(f) GDPR. 
 

Which data is processed?

When using Microsoft Teams, various types of data are processed within the Microsoft cloud infrastructure, see the following point “servers used”. The scope of the data also depends on the data you provide before or during participation in an online meeting.

The following personal data are subject to processing (depending on the optional information provided by the user):

User details: e.g. display name (display name), email address if applicable, profile picture (optional), preferred language.

Meeting metadata: e.g. date, time, meeting ID, phone numbers, location

Text, audio and video data: You may have the option of using the chat function in an online meeting. To this extent, the text entries you make are processed in order to display them in the online meeting. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device are processed accordingly for the duration of the meeting. 

For recordings: e.g. MP4 files of all video, audio and presentation recordings, M4A files of all audio recordings, text files of the meeting chat

When dialling in by phone: e.g. incoming and outgoing phone number, country name, start and end time, IP address of the device if applicable

Note on the use of the data: The above-mentioned data is processed exclusively for the organisation, implementation and follow-up of Microsoft Teams meetings. You can control the use of the camera and microphone at any time by deactivating or muting them.

Server:

  • Identities and authentications: Microsoft Entra ID > Azure-Server
  • Chats: Exchange Online: > Azure-Server;
  • Channel messages: Microsoft Teams Dienste > Azure-Server
  • Voicemails and contacts: Exchange Online > Azure-Server
  • Images are stored in Media Services: Azure Blob Storage > Azure-Server
  • Files shared in a private or group chat: OneDrive for Business > Azure-Server
  • Files stored in Teams: SharePoint Online > Azure-Server
  • Recordings of online meetings: OneDrive for Business or SharePoint Online > Azure-Server

Data centers for Azure, Exchange Online, SharePoint and OneDrive as well as Stream are located in the EU for European customers. 

The servers can be selected by team administrators on a country-specific basis.

Data is generally stored on Microsoft servers in the European Union (EU). Microsoft has taken extensive data protection measures and also concluded the EU standard contractual clauses, which ensure that the service provider is committed to complying with European data protection law. 

Microsoft servers are C5-certified (certification from the German Federal Office for Information Security for cloud service providers). The Microsoft Cloud also has ISO27001 certification, among other things.
 

Scope of the processing

We use Microsoft Teams to conduct online meetings. 

Automated decision-making within the meaning of Art. 22 GDPR is not used.
 

Recording of Online Meetings and Webinars

If we record online meetings or webinars, we will inform you transparently in advance. For the recording of webinars intended for later publication, we use Microsoft Teams’ “Explicit Recording Consent” function.

This means for you as a participant:

Consent request: At the beginning of the recording, all participants are asked for their consent to the recording through a notification in Microsoft Teams.

Participation with consent: If you consent to the recording, you can participate in the webinar with full functionality. This includes active participation via camera and microphone.

Participation without consent (refusal): If you refuse consent, you can still participate in the webinar. Your participation status is then set to “View only” mode. In this mode, your camera and microphone are automatically disabled, and your name will not appear in the recording. You can still see and hear the presentation.

The legal basis for processing your data in the context of recordings is your consent pursuant to Art. 6 para. 1 lit. a GDPR.


Chat Use During Recordings

The chat can also be used by all participants in recorded webinars. Please note that the entries you make in the chat are logged. If you do not want your name to appear in the chat history of the recording, we recommend that you change your display name in Microsoft Teams before joining the meeting (e.g., to your initials or a pseudonym).


Storage of Content

Files that users share in chats are stored in the OneDrive for Business account of the user who shared the file. Files that team members share in a channel are stored on the team’s SharePoint site. Chat content and shared files are stored for a limited period of time. Recordings of online meetings are stored on OneDrive for Business or SharePoint Online.

Furthermore, there is the possibility of sharing the screen or a specific display (window, application). In this case, all content of the correspondingly shared screen or display is transmitted.

When using additional services such as translators, further data may be processed by us or transmitted to the service provider for the provision of these services.

After creating a user account, advanced features are available that trigger corresponding data processing, e.g., by uploading shared files, created calendar entries, status of tasks, content created and edited in Word, Excel, PowerPoint and OneNote, inputs in surveys, as well as technical usage data for providing the functionalities and security of Microsoft Teams.
 

Recipients / data transfer

Personal data processed in connection with participation in online meetings is generally not passed on to third parties unless it is intended to be passed on. Please note that content from online meetings, as well as face-to-face meetings, is often used to communicate information with customers, prospects or third parties and is therefore intended for disclosure.

Other recipients: The Microsoft Teams provider necessarily obtains knowledge of the above data to the extent provided for in our order processing agreement with Microsoft Teams.
 

Data processing outside the European Union

Data processing outside the European Union does not take place as a matter of principle, as we have limited our storage location to data centers in the European Union. The data is encrypted during transport via the Internet and thus protected against unauthorized access by third parties.
 

Your rights as a data subject

You have the right to obtain information about the personal data concerning you. You can contact us for information at any time. 

In the case of a request for information that is not made in writing, we ask for your understanding that we may require proof from you that you are the person you claim to be. 

Furthermore, you have a right to rectification or deletion or to restriction of processing, insofar as you are entitled to this by law.

Finally, you have a right to object to processing within the scope of legal requirements.

A right to data portability also exists within the framework of data protection law.


Deletion of data

As a matter of principle, we delete personal data if there is no need for further storage. A requirement may exist in particular if the data is still needed to fulfill contractual services, to check and grant or defend against warranty and, if applicable, guarantee claims. In the case of statutory retention obligations, deletion will only be considered after expiry of the respective retention obligation.
 

Right of complaint to a supervisory authority

You have the right to complain about the processing of personal data by us to a data protection supervisory authority.
 

Modification of this privacy notice

We revise this data privacy notice in the event of changes to data processing or other occasions that make this necessary. You will always find the current version on this page.
 

Further information on Microsoft and data privacy

https://www.microsoft.com/en-gb/privacy/privacystatement
https://learn.microsoft.com/en-gb/microsoftteams/privacy/location-of-data-in-teams
https://www.microsoft.com/en-gb/trust-center


Last update of this privacy notice: 10/2025