6. Microsoft Teams video conferencing software
We use Microsoft Teams for our telephony as well as for video conferences or online events. You can use Microsoft Teams if, for example, you receive an invitation to a meeting with a meeting ID and, if applicable, further access data by e-mail or you can participate in a meeting via the Teams app. By accessing the Microsoft Teams website, Microsoft is responsible for data processing. You will need to visit the website (https://teams.microsoft.com/) to download the necessary software only if you are unable to use it directly through your web browser without downloading it.
A quick start guide for new users of MS Teams and an extensive video tutorial are available from Microsoft via the following links: Microsoft Teams Video Tutorial – Office Support, https://cloudblogs.microsoft.com/industry-blog/de-de/uncategorized/2020/05/14/microsoft-teams-video-tutorials-nutzliche-tipps-und-tricks/.
To avoid technical delays during meetings, we recommend that you familiarize yourself with the software prior to a video conference.
Microsoft Teams is a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
For details of what data is collected by Microsoft Teams and for what purpose, see: (https://learn.microsoft.com/de-de/microsoftteams/teams-privacy)
Other recipients: Microsoft Corporation, as the provider of MS Teams, obtains knowledge of the above data to the extent provided for in the order processing contract with MS Teams. Microsoft is obliged to comply with the legal requirements of the applicable data protection law by means of the processing agreement concluded with MS Teams, on the basis of EU standard contractual clauses.
6.2. Data processing outside the European Union
We have limited our storage location to data centres in the European Union, therefore data processing is generally not performed outside the European Union (EU). However, we cannot technically completely rule out that data may be routed or stored on servers outside the European Union by the processor Microsoft. A secure level of data protection is guaranteed by the conclusion of supplemented EU standard data protection clauses and technical and organisational measures. In particular, data is encrypted during transport via the Internet and is generally protected from disclosure to third parties. Regarding personal data stored by Microsoft in the USA and Europe that may be subject to government requests for information from authorities in the USA, in a statement dated 20 July 2020, Microsoft warrants that such orders that would allow access to personal data will be challenged in court. In addition, as part of a legal settlement, Microsoft has acquired the right to disclose transparent reports on the number of USA national security orders directed to Microsoft. New policies have also been introduced within the US government that have restricted the use of confidentiality orders (see https://news.microsoft.com/de-de/stellungnahme-zum-urteil-des-eugh-was-wir-unseren-kunden-zum-grenzueberschreitenden-datentransfer-bestaetigen-koennen/). The level of data protection is considered sufficient when compared to the anticipated content of the video conferences, which generally do not include personal data aside from the names of the individuals participating in the video conference.
6.3. Further information on data protection by Microsoft Corporation and MS Teams
Please refer to Microsoft’s data privacy statement available at https://privacy.microsoft.com/de-de/privacystatement, under the section “Online services for companies”, as well as https://www.microsoft.com/de-de/trust-center/privacy/customer-data-definitions in connection with the Microsoft Data Protection Addendum on Microsoft products and services), in particular Annex 1 https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA?lang=14&year=2022.
7. Image, sound and media recordings
VDE is entitled, but not obliged, to take photographs, record films or make other media recordings at its events or to arrange for this to be done.
These recordings are made for publication, presentation and information purposes, including on our Website, in VDE publications, on social media and in the press.
Participants who do not wish to be photographed or otherwise recorded are requested to inform the seminar leader or event staff accordingly.
We process this data in accordance with Art. 6 (1) f) GDPR. Under this legal basis, processing for the purposes of the “legitimate interest” by the controller is lawful if the processing is required to protect the legitimate interests of the controller or of a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
We have a legitimate interest in our public relations activities and in presenting the events and activities of VDE in order to provide interesting insights into the activities of VDE .
Extensive information in accordance with Art. 13 GDPR can be found in the notes that are available at the participant reception desk.
7.2. Recordings of meetings or presentations via Microsoft Teams
Recordings may be made of meetings or presentations via MS teams in accordance with No. 6, provided that consent has been given. These recordings may be required, for example, in order to create minutes of meetings that are true to the content, to re-listen to presentations or to make them accessible to a wider audience.
If a recording is made, it will be stored in the Teams Cloud and will be available there to all persons participating in the Teams meeting (hereinafter referred to as the “owner”) for a period of 21 days.
Note: During this time, it is also possible that the recording can be downloaded to other storage media not under the control of VDE.
The recording will also automatically be stored in the owner’s personal Microsoft Stream Cloud and can also be downloaded from there. The recording is generally stored here for an unlimited period of time, but can be deleted by the owner or the VDE IT administrators and the Microsoft administrators.
If the recorder, the owner, or a VDE IT administrator deletes the recording from the Teams Cloud, Microsoft will ensure that all copies of the personal data are deleted from the Microsoft Stream Cloud within 30 days.
Note: Currently, only people from the VDE organisation can start or access recordings through Teams.
For more information on managing recordings and user access, see:
7.3. Microsoft Teams encryption
Transferred and stored data from MS Teams is encrypted. To do this, Microsoft uses standard technologies such as TLS and SRTP to encrypt all data in transit between users’ devices and Microsoft data centres and between Microsoft data centres. This includes, for example, messages, files (video, audio, etc.), and other content. Dormant company data in Microsoft data centres is also encrypted in a way that allows VDE to decrypt content when needed.
MS Teams also uses TLS and MTLS to encrypt chat messages. All “server-to-server” traffic requires MTLS, whether the traffic is restricted to the internal network or crosses the internal network perimeter.
Further information on how Microsoft Teams encrypts data:
- Microsoft Teams Security Handbook – Overview – Microsoft Teams | Microsoft Learn
We process this data in accordance with Article 6 (1) a) GDPR. This authority allows for the processing of personal data when you have given consent to the processing of your personal data for one or more specific purposes. In each case, the consent of the data subjects will be obtained and recorded prior to any recording via MS Teams.
8. Recipients of personal data
As a matter of principle, your personal data is processed by us. VDE transmits data to third parties (in particular, to international standards organisations) only when there is a corresponding legal basis; in particular, this is the case if consent has been given to such transmission, if this is required in order to perform a contract, if this is justified by the balance of interests – particularly within the VDE Group – or if this is necessary in order to comply with statutory requirements obliging us to provide, report or pass on data.
Some of the software applications we use for data processing are hosted by VDE Services GmbH, Frankfurt am Main, Germany. VDE Services GmbH acts solely and exclusively on our behalf and in accordance with our instructions. VDE Services GmbH is regularly checked by us. VDE Services GmbH is a subsidiary of VDE e.V.
Various VDE events are performed by EW Medien und Kongresse GmbH, Kaiserleistr. 8A, 63067 Offenbach am Main, Germany. EW Medien und Kongresse GmbH acts solely and exclusively on our behalf and in accordance with our instructions. EW Medien und Kongresse GmbH is regularly checked by us.
We also commission external service providers that act on VDE’s behalf and in accordance with VDE’s instructions.
Within VDE, the internal offices and departments only receive the personal data that is necessary and required to perform the respective tasks.
9. Processing of your data in a third country
Data is transmitted to parties in countries outside the European Union (EU) or the European Economic Area (EEA) (“third countries") when there is a corresponding legal basis, e.g. if consent has been given, if this is required in order to perform a contract or if this is required by law.
Personal data can be transmitted to (standards) organisations in third countries outside the EU/EEA that do not have an adequate level of data protection approved by the EU Commission if you have provided your express consent.
Your data may also be processed in a third country as a result of the involvement of service providers in processing.
If there is no adequacy decision by the European Commission concerning an adequate level of data protection for the respective country, we conclude corresponding contracts in order to ensure that your rights and freedoms are adequately protected and guaranteed in line with EU data protection regulations. Corresponding information are available on request from VDE.
10. Data security
The personal data processed by us is treated confidentially and suitable technical and organisational precautions are used to protect it from loss and changes as well as unauthorised access by third parties. E-mail communication is not suitable for the unencrypted transfer of confidential information. In order to exchange messages that require protection, we strongly recommend the use of the latest encryption processes.
11. Your rights
If the statutory requirements are met, you have the right to request access to your personal data and data processing (Article 15 GDPR), correction, deletion and restriction of your personal data and data processing (Articles 16 through 18 GDPR) and transmission of your personal data (Article 20 GDPR).
If the statutory requirements are met pursuant to Article 21 GDPR, you also have a right to object to data processing. If the statutory requirements are met, you can withdraw the consent you have given in full or in part at any time with future effect.
In order to exercise any of these rights, it is sufficient to send an e-mail to: firstname.lastname@example.org or a letter to:
Data Protection Officer
VDE Verband der Elektrotechnik Elektronik Informationstechnik e.V.
63069 Offenbach am Main
In accordance with Art. 77 (1) GDPR, you also have the right to complain to the supervisory authority if you are of the opinion that the processing of your personal data is not done in a lawful manner, and in particular that it violates the GDPR.
Address of a supervisory authority:
The Data Protection Officer of Hesse
65189 Wiesbaden, Germany
Phone +49 611 1408-0,
12. Duration of data storage
We store the personal data using the procedures listed above only as long as needed for the intended purpose or as required by law. (For instance, under commercial and tax laws, for a period of at least six to ten years).
Various data, such as names in standardisation meeting reports or at delegate conferences, is permanently archived for documentation purposes.
13. Voluntary nature of provision of data
You are generally neither legally nor contractually bound to provide your personal data. You are not obliged to provide us with this data. Nevertheless, the provision of the functions of our Website and the execution of an order requires the processing of your personal data. In addition, the collection of certain personal data is necessary because, for example,
- participation in events, applications,
- the fulfilment of the membership contract
- and the performance of standardisation and committee work with VDE
are not possible without this data.