regarding data processing and your privacy rights
The protection of the personal data of our employees, customers and business partners is very important to us. In addition, there are legal requirements that oblige us to protect this data. Based on this responsibility and legal obligation, we would like to inform you about the processing of your personal data within Microsoft Teams and your rights as a data subject in accordance with Articles 13 and 14 of the GDPR.
We provide this information to ensure transparent processing of personal data. We process your personal data exclusively in accordance with the applicable data protection laws, in particular the General Data Protection Regulation (GDPR).
1. The controller responsible for processing your personal data is:
SONAX GmbH
Münchener Str. 75
86633 Neuburg
Germany
Phone: +49 / 84 31 / 53-0
Email: info@sonax.de
Internet: www.sonax.com
2. Contact details of the data protection officer of the controller:
Ms Vera Schneider
Email: datenschutz@sonax.de
also available via the contact details of the controller.
3. Personal data that we process
The controller uses the ‘Microsoft Teams’ service provided by Microsoft Ireland Operations Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, or Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. For more information about the processing of your personal data, please refer to the Microsoft privacy policy. We process personal data in Microsoft Teams in electronic form as described below and as required within the scope of the working and customer relationship. This includes in particular
Microsoft access data, device data (log data), IP address, call quality
Authentication and licence data, data for multi-factor authentication, etc.
Contact and communication data (business and private): surname, first name, address, telephone number, email address
Appointments (time and location details with company address)
Appointment types: virtual or in person; appointment types such as consultation, meeting, group event, seminar, tour, etc.
User availability
Information in free field regarding meeting content
Personal data within chats and shared documents
Stored profile picture
User activities, e.g. time, date, type of access; data, documents accessed; editing, deleting documents; editing teams, channels, notes in the notebook, etc.
Within the scope of the working and customer relationship, you only need to provide the personal data that we require for the meeting with Microsoft Teams.
Microsoft Teams includes a notification feature that informs users about the meeting via email. Microsoft Teams is integrated into Outlook and is also available as an app. Each appointment booked online creates a meeting link that is sent to the participants so that they can join via a web browser, phone dial-in or the Teams app.
Information regarding personal data that we process in connection with our website at www.sonax.com can be found in a separate privacy policy at https://www.sonax.com/en/footer/legal/privacy-policy.
4. Data subjects
The following are particularly affected by this data processing:
Customers, business partners, service providers, etc.
Employees or contact persons of the controllers, customers, business partners, service providers, etc.
5. Purpose and legal basis of data processing
We process the personal data provided for the planning and organisation of meetings, communication, project collaboration, IT security and system stability, i.e. for the purposes of fulfilling contracts, e.g. employment, customer or business partner relationships, or for legal purposes.
Any further processing of your data for other purposes will only take place if this is compatible with the purposes, e.g. of the employment, customer or business partner relationship, or if you have given your express consent. The legal basis for data processing for contractual and legal purposes is provided by Art. 6 para. 1 b, c GDPR in conjunction with other legal bases such as statutory retention obligations. If you have given us your consent to process personal data, we will process your data in accordance with Art. 6 para. 1a GDPR.
Where necessary, we also process your data beyond the actual fulfilment of the contract to protect our legitimate interests or those of third parties. This includes in particular:
the implementation of and compliance with data protection and IT security requirements
the assertion and enforcement of legal claims
the preservation of evidence within the scope of limitation periods
The legal basis for this data processing is Art. 6 para. 1f GDPR. We process this data within the scope of a balancing of interests to protect our legitimate interests or those of third parties. An overriding legitimate interest exists due to the purposes described above.
6. Recipients of personal data, forwarding to third parties
Within our organisation, only departments and persons who need your data to fulfil contractual or legal obligations have access to it. Only the administrators of Microsoft Teams at the controller have further rights.
If service providers are engaged for order processing, this is only done on the basis of Art. 28 GDPR after careful selection and review of the technical and organisational security provisions and ensuring an adequate level of protection in accordance with Art. 44 ff. GDPR for service providers outside the EU.
When using Teams, Microsoft is used as a processor and is subject to our instructions when processing personal data, as we are the controller within the meaning of the GDPR. Any transfer of personal data is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in designing our IT processes effectively, as well as on the provisions on order processing pursuant to Art. 28 GDPR, according to which we have carefully selected third-party companies and external service providers, regularly review them and have contractually obliged them in accordance with Art. 28 (3) GDPR to process all personal data exclusively in accordance with our instructions.
We only transfer your personal data to external third parties if this is required by law or contract or if you have given your consent. Data transfers to third countries may occur within the scope of technical requirements (e.g. support access) or communication (video conferencing) as well as other exceptions expressly provided for in the GDPR. Otherwise, no data will be transferred to third countries.
7. Storage period and deletion periods
We store your personal data primarily for the fulfilment of contractual or legal obligations. Log data is generally stored for 60 days. Your data will generally be deleted after the purpose of storage no longer applies, e.g. because the contractual service has been provided or the legal basis no longer applies, or immediately if you withdraw your consent. Storage may also take place if required by law, for example in a number of cases to fulfil statutory retention obligations. The data will also be stored for as long as there is an overriding legitimate interest or it is necessary for the performance of our tasks, e.g. for law enforcement, preservation of evidence within the framework of limitation periods or data security.
Upon termination of the contractual relationship with Microsoft, the stored customer data will be deleted in accordance with Art. 28 (3) lit. g GDPR after 180 days at the latest, unless statutory retention periods prevent this, see chapter ‘Storage and deletion of data’ on page 20 of the DPA from Microsoft.
8. Voluntary provision of personal data
You are under no legal or contractual obligation to participate in meetings with Microsoft Teams or to provide us with your personal data. Alternatively, you can use telephone or email. However, you cannot use Microsoft Teams without the processing of personal data as described above.
9. Your rights as a data subject
You have the right
pursuant to Art. 15 GDPR, to request information about your personal data processed by us.
pursuant to Art. 16 GDPR, to request the immediate correction of incorrect or incomplete personal data stored by us.
pursuant to Art. 17 GDPR, to request the deletion of your personal data stored by us.
pursuant to Art. 18 GDPR, to request the restriction of the processing of your personal data.
pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request its transfer to another controller (data portability).
Right to withdraw consent
In accordance with Art. 7 (3) GDPR, you have the right to withdraw your consent to data processing at any time. As a result, we will no longer be permitted to continue processing the data based on this consent. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal. If you wish to exercise your right of withdrawal, an informal notification via any known communication channel is sufficient.
Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our registered office.
Right to object
If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right to object, which we will implement without you having to specify a particular situation.
If you wish to exercise your right to object, an informal notification via any of the known communication channels is sufficient.
After you have exercised your right to object, we will no longer process your personal data for these purposes, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims. This does not apply if the processing is for direct marketing purposes. In this case, we will no longer process your personal data for this purpose.
10. Up-to-dateness and changes to this privacy information
This privacy information is currently valid and was last updated in April 2025.
Due to the further development of our processes and services or due to changes in legal provisions, it may be necessary to adapt this privacy policy. You can access the current privacy information at any time here.