top of page

Privacy

  1. 1. Data protection at a glance

  2. General Information

  3. The following notices provide a simple overview of what happens to your personal data when you use Teams Assistant from itk communications GmbH. Personal data is any data that can be used to identify you personally. For detailed information on data protection, please refer to the privacy policy listed in this text.

  4. Data collection in Teams Assistant

  5. Who is responsible for data collection?
    Responsible for data processing in the Teams Assistant is the itk communications GmbH. You can find their contact details under point 2: General information and mandatory information. 


  6. What data is collected in the Teams Assistant?

  7. The Teams Assistant accesses the following data of the customer:
    - User email address and user-ID of the user for which the service is licensed. 
    - Microsoft tenant ID
    - Azure Communication Token for licensed Users
    - User access token of the "service user" (used for Graph API access with delegate permissions)
    - Number of licenses

  8.  

  9. Why is this data collected?
    Data that is stored is necessary for the proper operation of the Teams Assistant.


  10. Deletion
    We delete all data, including log entries for a customer, as soon as the SaaS has been canceled and the data is not needed anymore to provide the Teams Assistant Service (24h after cancelation or 7 days after the subscription was suspended), billing information (90 days after cancelation) and license management (30 days after cancelation).


  11. What rights do you have regarding your data?
    You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have a right to request the correction, blocking or deletion of this data. For this purpose, as well as for further questions on the subject of data protection, you can contact the address of the responsible office at any time. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.
    You also have the right to request the restriction of the processing of your personal data under certain circumstances. For details, please refer to the privacy policy under "Right to restriction of processing".


  12. Third-party tools
    Detailed information on this can be found in the following under point 4.  


  13. 2. General notes and mandatory information

  14. Data protection

  15. The manufacturer of Teams Assistant takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations and this privacy policy.
    Personal data is data with which you can be personally identified. This Privacy Policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.
    We would like to point out that data transmission on the Internet can have security gaps. Complete protection of data against access by third parties is not possible.
    Note on the responsible office
    The responsible party for data processing is:
    ITK Communications GmbH
    Gotzkowskystr. 20/21
    10555 Berlin
    Phone: +493088911990
    E-mail: info@itk-com.de

  16. The responsible party is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses or similar).

  17. By using Teams Assistant, the user consents to the processing of the above data. Saving of data in case of objection to data processing can be disabled. This is equivalent to terminating the service, as the service will then no longer be operational.

  18. Right of appeal to the competent supervisory authority 

  19. In the event of violations of the GDPR, data subjects shall have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged violation. The right of appeal is without prejudice to other administrative or judicial remedies. 

  20. Right to data portability 

  21. You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done insofar as it is technically feasible. 

  22. Data security

  23. The Teams Assistant SaaS is based on the azure cloud services. We exclusively use the azure core services which are GDPR compliant.

  24. TLS encryption (Encryption-in-transit)

  25. For security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator, this site uses TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. TLS is also used for communication between all service components.

  26. Data encryption (Encryption-at-rest)

  27. As a data storage the azure SQL Database service with Transparent Data Encryption (TDE)  is used. The TDE encrypts the entire database using an AES encryption algorithm (details see here). Critical and very sensitiv data like access tokens are stored in azure Key Vaults. Key Vault encrypts secrets at rest with a hierarchy of encryption keys, with all keys in that hierarchy are protected by modules that are FIPS 140-2 compliant (details see here).

  28. Integration type

  29. During the Teams Assistant SaaS onboarding process you grant permissions to access some of your Microsoft 365 tenant's data through the Microsoft Graph API. After completion of the onboarding the Teams Assistant App is registered as Enterprise Application within your Azure Active Directory. You can revoke the granted rights at any time through the Azure Portal. To connect to your CRM  instance through the Rest API you also have to give permissions to the Teams Assistant App during the setup. This permissions can be revoked at any time through the admin portal.

  30. Information, blocking, deletion and correction 

  31. Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of data processing and, if necessary, a right to correction, blocking or deletion of this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time at the address given in the responsible office. 

  32. Right to restriction of processing 

  33. You have the right to request the restriction of the processing of your personal data. To do this, you can contact us at any time at the address given in the imprint. The right to restriction of processing exists in the following cases: 

  34. If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the review, you have the right to request the restriction of the processing of your personal data. 

  35. If the processing of your personal data has happened / is happening unlawfully, you can request the restriction of data processing instead of deletion. 

  36. If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of erasure. 

  37. If you have lodged an objection pursuant to Art. 21 (1) GDPR, a balancing of your and our interests must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data. 

  38.  

  39. If you have restricted the processing of your personal data, this data may - apart from being stored - only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State. 

  40. 3. Data protection officer

  41. Data protection officer required by law
    We have appointed a data protection officer for our company.
    DEUDAT GmbH
    Zehntenhofstraße 5 b
    65201 Wiesbaden Germany


  42. Phone: +49 611 950008-40
    E-mail: itk@deudat.de

  43.  

  44. 4. third-party tools

  45. Privacy Statement from Microsoft:
    https://privacy.microsoft.com/en-us/privacystatement
    Standard agreement/license terms from Microsoft:
    https://learn.microsoft.com/de-de/azure/marketplace/standard-contract

bottom of page