In addition to our standard data protection information, we would like to clarify Rimian’s data protection declaration regarding the processing of your personal data in connection with MICROSOFT as follows:

You have received an invitation to use a Microsoft application, such as SharePoint Online, Dynamics, Microsoft Teams, Outlook, Office products, Microsoft Forms (hereinafter MICROSOFT) from RIMIAN GmbH as the responsible party within the meaning of the applicable data protection law.

Personal data about you is processed when you use MICROSOFT applications. Please note that this data protection notice only informs you about the processing of your personal data by us when you use Microsoft applications together with us.

Microsoft 365 is software from Microsoft Corporation, One Microsoft Way Redmond, WA 98052-6399 USA. Microsoft Teams is part of the cloud application Microsoft 365, for which a user account must be created. Likewise, Microsoft reserves the right to process customer data for its own business purposes. This poses a data protection risk for users of Microsoft Teams. We have concluded data protection agreements with the provider Microsoft to guarantee a minimum level of data protection. These are regularly updated. Please note that we have no influence on Microsoft’s data processing.

To the extent that Microsoft Teams processes personal data in connection with Microsoft’s legitimate business operations, Microsoft is an independent data controller for such use and as such is responsible for complying with all applicable laws and obligations of a data controller. For more information about the purpose and scope of data collection and processing by Microsoft Teams, please refer to the Microsoft privacy policy at privacy.microsoft.com/de-de/privacystatement and the Microsoft Teams privacy policy at docs.microsoft.com/de-de/microsoftteams/teams-privacy. You can also find more information about your rights in this regard there. Microsoft may also process your personal data in the United States.

Please note: Insofar as you access the Microsoft Teams website, the provider of Teams is responsible for data processing. However, accessing the website is only necessary to use Teams in order to download the software for using Teams.

You can also use “Teams” by entering the respective meeting ID and any other access data for the meeting directly into the “Teams” app. If you do not want to or cannot use the “Teams” app, the basic functions can also be used via a browser version, which you can also find on the “Teams” website.

Terms of use for MICROSOFT applications

MICROSOFT is used primarily for informal communication and collaboration both within RIMIAN GmbH and with its customers and prospects. Information from RIMIAN GmbH, which is communicated via teams, is never legally binding, is subject to confidentiality and may not be passed on to third parties without the consent of RIMIAN GmbH. MICROSOFT applications may only be used for business purposes.

Information on the processing of personal data in the context of the use of MICROSOFT

Purposes of data processing

Where necessary, we process your personal data exclusively to ensure an effective customer or supplier relationship with you. In doing so, your data is processed in order to be able to use the tool in question for the purpose of communication and collaboration. Furthermore, your data may be processed for the purposes of information security and to ensure the functional security and stability of the IT systems.

Certain information is already processed automatically as soon as you use MICROSOFT applications. We have listed below exactly which personal data is processed:

• Your IP address used to access the Microsoft 365 applications
• Your username (access data for the Microsoft 365 applications), data used for multifactor authentication that you have stored in your Microsoft account (e.g. optionally your (private) cell phone number).
• Identification features: Information about you that identifies you as a user, sender, or recipient of data within MICROSOFT applications. This includes, in particular, the following master data: Last name, first name, business contact information such as phone number, e-mail address, business fax number, if provided by you. Other data (such as a profile picture you have stored) can also be viewed in your profile at any time. This information is visible to you at all times in your profile and also in Outlook, and you can customize it as you wish.
• Data required for authentication and license use. In the MICROSOFT applications, all user activities, such as time of access, date, type of access, information about the data/files/documents accessed and all activities related to use, such as creating, modifying, deleting a document, setting up a team (and channels in teams), making notes in the notebook, starting a chat chat, replying to a chat.
• Various types of data are processed when using “Teams”. The scope of the data also depends on the information you provide before or when participating in an “online meeting”. The following personal data is subject to processing: User information: first name, last name, telephone (optional), email address, password (if “single sign-on” is not used), profile picture (optional),
  department (optional), meeting metadata: subject, description (optional), participant IP addresses, device/hardware information; for recordings: video, audio and presentation recordings, file of all audio recordings, text file of the online meeting chat; when dialing in by phone: information on incoming and outgoing phone number, country name, start and end time. If necessary, further connection data such as the IP address of the device may be stored; text, audio and video data: You may have the option of using the chat, question or survey functions in an “online meeting”. In this respect, the text entries you make will be processed in order to display them in the “online meeting” and, if necessary, to log them. To enable the display of video and the playback of audio, the data from the microphone of your end device and from any video camera on the end device will be processed for the duration of the meeting. You can turn off the camera or mute the microphone yourself at any time using the “Teams” applications. To participate in an “online meeting” or enter the “meeting room”, you must at least provide information about your name.
• Scope of processing: We use “Teams” to conduct”online meetings”. If we want to record “online meetings” , we will inform you transparently in advance and – if necessary – ask for your consent. The fact of the recording will also be displayed to you in the “Teams” app. If it is necessary for the purposes of logging the results of an online meeting , we will log the chat content. However, this will not usually be the case. Automated decision-making within the meaning of Art. 22 GDPR is not used.

Legal basis for data processing

The legal basis depends on the reason for your cooperation with us. Below you will find a description of the legal bases on which we process your personal data when you use M365 applications. Please note that these details are only examples and not a complete or exhaustive list of the possible legal bases for data processing.

Consent (Art. 6 para. 1 lit. a GDPR)

We only process certain personal data with your prior, explicit and free consent, e.g. if you arrange a demo appointment with us. Recording of team meetings for use outside the livestream is only done on the basis of your consent. Consent is given by accepting the invitation to the meeting and subsequently participating in the meeting. There is neither a contractual nor a legal obligation to provide the data. Consent is voluntary and can be revoked in whole or in part at any time with effect for the future. The legality of the processing remains unaffected until consent is withdrawn.

Fulfillment of a contract with you (Art. 6 para. 1 lit.b GDPR)

Your data will be processed on the basis of Art. 6 para. 1 lit. b) GDPR if the use is based on a contract.

Fulfillment of a legal obligation (Art. 6 para. 1 lit.c GDPR)

We are subject to a number of legal requirements and may process your processyour personal data to fulfill our legal obligations. For example, we are legally obliged to provide information to certain public authorities (including law enforcement authorities) upon request.law enforcement authorities) upon request.

Protection of our legitimate interests or those of a third party (Art. 6 para. 1 lit. f GDPR)

We process your personal data to protect our legitimate interests or the interests of third parties on the basis of Art. 6 para. 1 lit. f) GDPR. However, this only takes place if your interests as the data subject do not take precedence over our interests in individual cases. Legitimate interests that are pursued when using M365 are: effective conduct of meetings, optimization of business processes, protection of the vital interests of our employees and thus the fulfillment of our duty of care as an employer by reducing the number of face-to-face meetings, e.g. during a pandemic.

Recipients or categories of recipients of the personal data

We always ensure that your personal data is only accessible to a limited number of authorized persons who need to know this data for the provision of the above-mentioned processing purposes.

As part of the processing of your inquiries and your use of our services , we also commission external IT and and IT contractors. These service providers are contractually obliged to comply with data protection regulations and only process personal data in accordance with our instructions.

Microsoft Corporation is a so-called processor for the provision of the service and the associated data processing and is subject to our instructions as the controller within the meaning of the GDPR when processing personal data as part of the Microsoft 365 applications used by us. If individual data is processed outside the EU, Microsoft ensures data protection compliance by agreeing the EU standard contractual clauses(DPF program). Further information on data processing by Microsoft can be found in the MS Trust Center and the MS Privacy Policy.

Disclosure and transfer of data

A transfer of your personal data without your express prior consent in addition to the cases explicitly mentioned in this privacy policy, only then, if it is legally permissible or. required by law. This may be the case the case if the processing is necessary, to protect the vital interests of the user or another natural person.

As part of the further development of our business, the structure of our company may change by changing its legal form or by founding, buying or selling subsidiaries, parts of the company or components. In such transactions, customer information may be passed on together with the part of the company to be transferred. Whenever personal data is passed on to third parties to the extent described above, we ensure that this is done in accordance with this data protection declaration and the applicable data protection law. Any disclosure of personal data is justified by the fact that we have a legitimate interest in adapting our corporate form to the economic and legal circumstances as required and that your rights and interests in the protection of your personal data within the meaning of Art. 6 para. 1 lit. f) GDPR do not outweigh this.

Insofar as personal data of employees of the RIMIAN GmbH, § 26 BDSG is the legal basis for data processing. If , in connection with the use of “Teams” , personal data is not required for the establishment, performance or termination of the employment relationship, nevertheless be an elementary component in the use of “Teams”, Art. 6 para. 1 lit. f) GDPR is the legal basis for data processing. In these cases, we are interested in the effective conduct of “online meetings”.

Otherwise, the legal basis for data processing when conducting “online meetings” is Art. 6 para. 1 lit. b) GDPR, insofar as the meetings are held within the framework of contractual relationships. If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f) GDPR. Here too , we are interested in the effective conduct of “online meetings”.

Data is not transferred to third countries.

Changes of purpose

Your personal data will onlybe processed for purposes other than those described, to the extent permitted by law or if you have consented to the changed purpose of the data processing. In the event of further processing for purposes other than those, for which the data was originally collected, we will inform you of these other purposes prior to further processing and provide you with all other relevant information.

Rights of data subjects

You have the right to information about the personal data concerning you. You can contact us at any time for information. In the case of a request for information that is not made in writing, we ask for your understanding that we may require proof from you that you are the person you claim to be. We may ask you to provideproof that you are the person you claim to be.

Furthermore, you have a right to rectification or erasure or to restriction of processing, insofar as you are legally entitled to do so. Finally, you have the right to object to the processing within the framework of the legal requirements. You also have the right to data portability within the framework of the data protection regulations.

Deletion of data

We generally delete personal data, if there is no requirement for further storage. A requirement may exist in particular if the data is still needed, to fulfill contractual services, to check and grant or defend warranty and , if applicable, guarantee claims. to be able to check and grant or defend against warranty claims. In the case of statutory retention obligations , deletion will only be deletion will only be considered after expiry of the respective retention obligation.

Right to lodge a complaint with a supervisory authority

You have the right, to complain about the processing of personal data by us to the the competent supervisory authority for data protection.

Amendment of this data protection notice

We will revise this data protection information in the event of changes to data processing or other occasions that make this necessary. You will always find the current version on this website.

Stand: 06.10.2023