Status: May 2025
This privacy policy informs Botres Global employees who have access to Microsoft 365 with their company ID (“botres.com”) about the processing of their personal data when using these services.
1. responsible person
Responsible for data processing within the meaning of the General Data Protection Regulation (GDPR) is
Botres Global GmbH
Johann-Schreiner-Strasse 3,
8074 Raaba-Grambach,
Austria
E-mail: office@botres.com
2. purpose and scope of data processing
Botres Global uses Microsoft 365 as a cloud-based platform for collaboration and communication. This includes services such as Teams, Outlook, OneDrive, SharePoint, Forms and others.
The following personal data is processed when using these services:
- User name and company e-mail address
- IP address and device information when logging in
- Master data (e.. name, telephone number, profile picture, if stored)
- Usage data (e.. logins, changes to documents, chat histories, participation in meetings)
- Data for multi-factor authentication (e.g. mobile number, if required).
The processing is carried out to provide a secure and functional working environment within the framework of contractual obligations (Art. 6 para. 1 lit. b GDPR) and to safeguard the legitimate interests of Botres Global in efficient IT operations (Art. 6 para. 1 lit. f GDPR).
3. publication and transparency
This special privacy policy is available at
https://www.botres.com/datenschutz-ms365
It supplements the general data protection declaration of Botres Global, which you can find here:
https://www.botres.com/datenschutz
4. use of the data
Botres Global does not use the data collected to monitor the behaviour or performance of employees.
Data analyses (e.g. via activity logs) are only carried out in narrowly defined cases, such as
- for technical troubleshooting
- to ensure IT security
- in the event of concrete indications of abuse or violations of the law
- for the fulfilment of legal obligations to provide information
5. disclosure and order processing
Botres Global only uses trustworthy service providers for the technical support of Microsoft 365, in particular:
- Microsoft Ireland Operations Ltd. as provider of the platform
- IT service provider within the Botres Group, if applicable.
All third parties are bound by contract as processors in accordance with Art. 28 GDPR and are subject to strict data protection regulations.
Data transfer to third countries (e.. USA) is generally not planned. Should this be necessary, it will only take place on the basis of recognised guarantees such as standard contractual clauses or, in the case of certified companies, in accordance with the EU-US Data Privacy Framework. You can find information on Microsoft certification at
https://www.dataprivacyframework.gov/s/participant-search
6. storage period
Personal data is deleted as soon as it is no longer required for the purposes for which it was collected. This means that:
- Usage and login data are usually deleted after 30 days at the latest
- Contract-related data remains stored for the duration of the employment relationship and any statutory retention obligations
7. your rights
As a data subject, you have the following rights at all times:
- Information about your stored data (Art. 15 GDPR)
- Correction of incorrect data (Art. 16 GDPR)
- Erasure, unless there is a legal obligation to retain data (Art. 17 GDPR)
- Restriction of processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Objection to processing for legitimate interest (Art. 21 GDPR)
- Withdrawal of your consent with effect for the future (Art. 7 (3) GDPR)
- Complaint to a data protection supervisory authority (Art. 77 GDPR)
8. contact
If you have any questions or wish to exercise your rights, please contact:
Data Protection Office of Botres Global
E-mail: office@botres.com