Data privacy statement for the use of Microsoft 365
Last updated: Friday, March 4, 2022
You have an invitation to use a Microsoft Office application, such as Microsoft Teams, Microsoft SharePoint Online, Microsoft Forms (hereinafter referred to as M365) by Ascendant Design and Training, Laramie, WY, United States, or by one of its affiliated companies (hereinafter referred to as "we" or "us") as the responsible party within the meaning of the respective applicable data protection laws.
Microsoft Office 365 is a productivity, collaboration and exchange platform for individual users, teams, communities and networks, that can be used both within Ascendant Design and Training, and with external partners on a cross-company basis.
With the use of M365, personal data are processed. Please note that this data privacy statement only informs you about the processing of your personal data by us when using Microsoft applications in cooperation with us. If you need information about Microsoft's processing of your personal data, please read the appropriate declaration.
Microsoft privacy statement: https://privacy.microsoft.com/en-us/privacystatement
Certain information is already automatically processed when using M365. In the following we have specified for you exactly which personal data are processed and on which legal basis this is done.
1.1. Your IP address used to access the Microsoft Office 365 applications
1.2. Your user name (access data to Microsoft Office 365 applications), data within the scope of the so-called multi-factor authentication, which you have stored yourself in your Microsoft account (e.g. optionally the (private) mobile phone number).
1.3. Identification features: Information identifying you as user, sender, recipient of data within M365. This includes in particular the following master data: name, first name, official contact data such as telephone number, e-mail address, official fax number, insofar as provided by you or if it was transmitted by your organization. This information is always visible in your profile, but in particular also in Outlook for you and other M365 users, and can be customized by you.
1.4. Data required for authentication, license use, logging and misuse detection. M365 processes all user activities, such as time of access, date, type of access, details regarding data/files/documents accessed and all activities related to use, such as creating, modifying, deleting a document, setting up a team (and channels in teams), taking notes in the notebook, starting a chat, replying in the chat.
1.5. User data: User data collected by you or from you. This includes in particular communication content (text, audio, video), files created by you or to be created by you. This depends on the application you use in M365. If audio or video content is recorded, you will be notified of this.
1.6. Data backups and archiving: The data collected from or about you is stored in our data backup. This serves to restore the system and the data itself. In addition, your data will be (partially) archived, if this is required by law.
Apart from the cases explicitly mentioned in this data privacy statement, your personal data will only be disclosed without your express prior consent if it is legally permissible and necessary. This may be the case, for example, if such processing is necessary to protect vital interests of the user or another natural person.
2.1. Data provided by you during registration will be shared within our group for internal administrative purposes, including joint customer and supplier support, to the extent necessary.
2.3. We depend on Microsoft for the use of M365. Microsoft is a so-called processor of orders and is subject to our instructions as the responsible party in the sense of the GDPR when processing personal data within the framework of Microsoft Office 365 applications used by us. In accordance with our legal obligations, we have entered into contractual agreements with Microsoft and other contract processors for the transfer of data. Processing of personal data by Microsoft takes place on servers located in the United States.
2.4. In the course of further expansion of our business, it may happen that the structure of our company changes by changing its legal form, by forming, acquiring or selling subsidiaries, parts of companies or components of companies. In such transactions, if necessary, such information may be transferred to another legal entity along with the part of the business to be transferred. Whenever personal information is transferred to third parties to the extent described above, we will ensure that this is done in accordance with this data privacy statement and applicable data protection laws.
A transfer to third countries, both within the group and by commissioning contract processors and third parties, cannot be ruled out when using M365.
Processing of your personal data for purposes other than those described above will only be carried out to the extent permitted by law or if you have consented to the changed purpose of data processing. In the event of further processing for purposes other than those for which the data were originally collected, we will inform you of these other purposes prior to further processing and we will also provide you with any other relevant information.
We delete, block or make anonymous your personal data as soon as they are no longer required for the purposes for which we have collected or used them in accordance with the above paragraphs. Subject to statutory deletion and retention periods, we store your personal data for the duration of the contractual relationship with you. Login data and IP addresses are deleted after 90 days at the latest. Your data will also be stored in data backups. These are regularly and operationally reasonably overwritten.
6.1. Right of access to data and information
You have the right to obtain from us, at any time and upon request, information on personal data processed by us and relating to you, within the scope of Article 15 GDPR. To do this, you can submit an application by e-mail to the address below.
6.2. Right to correction of inaccurate data
You have the right to ask us to immediately correct any personal data concerning you if it is inaccurate. To do so, please contact us at the addresses indicated below.
6.3. Right of deletion of data
You have the right, under the conditions described in Article 17 GDPR, to request us for the deletion of personal data referring to you. To exercise your right of deletion, please contact us at the addresses indicated below.
6.4. Right to restriction of processing
You are entitled to demand that we restrict processing in accordance with Article 18 GDPR. To exercise your right to limit processing, please contact us at the addresses indicated below.
6.5. Right to data transferability
You have the right to access any personal data concerning
you provided to us in a structured, common, machine-readable format in
accordance with Article 20 GDPR.
To exercise your right to data transferability, please contact us at the addresses indicated below.
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, which is carried out on the basis of Article 6, paragraph 1, a), e) or f) GDPR, in accordance with Article 21 GDPR. We will stop processing your personal data unless we can prove compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.
You also have the right to lodge complaints with the competent supervisory authority.
For other participating countries, please see the list at:
If you have any questions or comments regarding our handling of your personal data or if you would like to exercise any of the rights mentioned in points 6 and 7 as a data subject, please contact us:
Ascendant Design and Training, LLC
If you have any questions or comments on the practical handling and operation of M365, please contact the Ascendant Design and Training contact who invited you to use it.
We keep this data privacy statement up to date. Therefore, we reserve the right to change it from time to time and to update it if changes occur in the collection, processing or use of your data. The current version of the data privacy statement is always available at https://www.ascendantdesign.net/Document.html?Document=docs%2FDataPrivacy-Microsoft365.htm.