Microsoft 365 Terms of Use

IF YOU COMPLY WITH THESE TERMS, YOU HAVE THE RIGHTS SET FORTH BELOW. BY USING MICROSOFT365, YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT, DO NOT USE THIS FEATURE IN MICROSOFT365

1. Controller regarding the operation of the Microsoft 365 platform within the ElringKlinger Group

ElringKlinger AG
Max-Eyth-Straße 2
72581 Dettingen/Erms
Germany

2. Basic terms regarding the use of Microsoft 365 components

2.1 Use of the platform
When using the platform we kindly ask you to adhere to ElringKlinger´s values, which are as follows:

Openness
Transparency
Trust
Protection of confidentiality of data

2.2 Purpose of use
Microsoft 365 and its components shall be used exclusively for business purposes. Private use of emails is strictly forbidden und compliance will be spot-checked.

The purpose of use is to enable business collaboration in connection with projects, engagements, and with the discharge of contractual obligations vis-à-vis externals.

2.3 Scope of use
The use of the tools is only permitted within the scope of the modern workplace as defined by ElringKlinger AG and within the scope defined by the appropriate department supervisors.

Moreover, it is permitted to use Microsoft 365 on private mobile devices and tablets to the extent permitted by the BYOD regulations (see CI CU-QM 002 IT Security Directive).

It is prohibited to use the Microsoft 365 platform for purposes or activities that are in violation of applicable laws, such as copyright laws. In this case we may be under the legal obligation to hand over relevant information to the appropriate criminal enforcement agencies.

3. Need-to-know principle

User access and permissions are granted on a need-to-know basis. This ensures that access to data is permitted only where and to the extent necessary. Contents and documents may only be shared in accordance with this need-to-know principle, including for example sharing in connection with OneDrive and Microsoft Teams.

4. Data classification and non-disclosure agreement

Data classification into different categories as well as additional encryption was implemented for purposes of fulfilling regulatory obligations as well as contractual obligations based on non-disclosure agreements (NDA). This data classification must be complied with when using Microsoft 365. This applies in particular to the sharing of data and handling of confidential and highly confidential data.

5. Data storage and data sharing

Microsoft 365 offers various ways to store and collaborate simultaneously on data. Please classify and store the data as prescribed below and treat confidential data with care.

OneDrive is for me, Teams is for us, and SharePoint Online is for everyone.

Generally data of all levels of data classifications can be stored in OneDrive and SharePoint Online.

Please do not store project related or sensitive company related information in OneDrive. That type of data should be stored in SharePoint Online.
General guidelines for OneDrive (sharepoint.com)

6. Training

You will receive training on all necessary information regarding the use of the platform. In addition please also refer to further detailed information contained on the Intranet under the following link: EK University – Landing Page Template (sharepoint.com)

7. Administration

Administrators have separate accounts through which they can conduct administrative tasks and gain time-managed access to administrative tools. The use of those tools are strictly monitored and only permitted in accordance with the tasks assigned to the respective administrators.

8. Liability

ElringKlinger AG is only liable for intent and gross negligence regarding pecuniary damages in connection with the use of O365 components. Liability for negligent breaches of material contractual obligations is restricted to typically foreseeable damages. This restriction and exclusion of liability also applies to all corporate bodies, agents, and workers acting on behalf of ElringKlinger AG. This does not apply to damages to life, body, and health.

9. Special instructions regarding the use of the Microsoft 365 component Microsoft Teams

Microsoft Teams is the central tool for teamwork, collaboration, and joint work on documents, chats, and calls.

9.1 Transparency
The principle of transparency applies to all members of a ElringKlinger AG Team or meeting, including externals. In particular it is prohibited to disclose personal access credentials for a Team to unauthorized persons or to allow such unauthorized persons to attend a Team conference call, especially a telephone or video conference call. The functionalities of the video conference systems used are set in a way that each participant can see which video and audio data is recorded, transmitted, and stored.

9.2 Camera function
Workers of ElringKlinger AG are not obligated to use the camera function during video conference calls. This can also not be requested by externals.

9.3 Right to informational self-determination
Workers of ElringKlinger AG have the right to informational self-determination, which is part of the general right to protection of personality. Based on this each person can determine their own preferences regarding video and audio data concerning them and to have this preference respected by other participants and externals in a call. Hence, workers of ElringKlinger AG for example have the right to determine whether automatic dial in is allowed on the local system, whether local cameras can be controlled by other call participants, and whether application sharing is activated or not.

9.4 Recording of Microsoft Teams conference calls and live events
The recording of a Microsoft Teams meetings is disabled in general. Microsoft Teams Live Events or Town Hall Meetings can be recorded, when you fulfill the following conditions:

Announcement of recording the Teams Live Event or Town Hall Meeting

Guideline for Microsoft Teams Live Events:
Teams Live Events and Webinars (sharepoint.com)

As a general rule, video and audio recordings may only be made with the consent of the participants involved. The purpose and the participants' consent to the recording are documented within the recording. Each participant has the right to receive a copy of the recording.

The participants shall decide by mutual agreement on the use of the video and audio data stored within the scope of the intended purpose. If there is no such agreement, the data will be deleted immediately after the conference.

10. Usage of KI und KI features in Microsoft 365

10.1 Baseline is the on the guideline CI CU 090 AI Policy and Instructions.

10.2 Microsoft Copilot
It´s possible to use Microsoft 365 Copilot and Copilot for Edge. Both products are a part of the Microsoft 365 Environment of ElingKlinger Group.

10.3 Prohibitions and prohibited actions with Microsoft Copilot

Use of the environment is only permitted in a business context. Private use is prohibited.

The environment may not be used to share or distribute content that is protected by criminal law or copyright.

When using Microsoft 365, misuse can lead to consequences. Misuse means:

Do not do anything illegal!
Do not try to jailbreak or bypass Copilot in any way.
Do not attempt to research the copilot's AI or access the source code or algorithms.
Do not enter or share highly confidential company information. If you need to share information, contact your supervisor(s), information security or the company's data protection officer to clarify how to handle the information. There is a guideline CI CU-QM 002 IT Security Directive for this. If your work is sensitive and confidential, make sure that the location of Copilot's output is properly secured.
Do not engage in activities that exploit, harass, harm or threaten to harm children.
Be respectful when collaborating and using Copilot.
Do not send spam or use Copilot to create it. Spam is unsolicited or unsolicited mass emails, postings, prompts, contact requests, SMS (text messages) or instant messages.
Do not use the Copilot environment to create or distribute inappropriate content or material (such as nudity, bestiality, pornography, offensive language, depictions of violence or criminal activity).
Do not engage in activities that are fraudulent, false or misleading (such as soliciting money under false pretenses or manipulating the software)
Do not circumvent any access restrictions for the Copilot function.
Do not engage in activities that are harmful to you, the Copilot software or others (including transmitting viruses, stalking, publishing terrorist content, spreading hate speech or advocating violence against others).
Do not violate the rights of others (including the unauthorized distribution of copyrighted music or other copyrighted material).
Do not engage in activities that violate the privacy of others.
Do not help others to break these rules.
Please note that any misuse of Microsoft365 will be recorded and also sent to the USA and stored there for possible consequences. Breach of the terms of use may result in consequences under employment law.

11. Special instructions regarding the use of cybersecurity enhancing tools

11.1 Tools
Various tools are used to enhance the level of cybersecurity. Those tools ensure protection against spam, phishing, and against attacks on the infrastructure and user indentities.

11.2 Warnings
The tools also include the display of warnings and instructions for users. Please read those warnings and instructions carefully and react with care in accordance. In case of doubt please refer to your supervisor or ask the Service Desk.

11.3 Warnings and support by cybersecurity
Please be on alert when using the platform Microsoft 365. Please mark unusual and suspicious emails as spam and do not open any files or click on any links that you receive from unknown users or that may contain virus-infected contents (which may for example cause a hacking into an account).

12. Reporting a violation of these Terms of Use

If you read, hear or see inappropriate, discriminatory or threatening behavior or disclosure of confidential information, report this behavior or disclosure to a company point of contact data.safety[at]elringklinger.com or glb.informationsecurity[at]elringklinger.com or a Service Now Ticket

13. Suspension and deletion of access

We may suspend and terminate your access temporarily or permanently. This happens automatically if your account represents a high security risk. This blocking also happens if you are no longer responsible for ElringKlinger Group and is then automatically deleted after 90 days.

Annex 1: List of products used in connection with Microsoft

The following products are used by ElringKlinger AG as part of a modern workplace environment. The entirety of such products represent the basis for the work environment. Not all products are used by all users, however, said products may regardless process personal data of users that do not used such products directly.

Azure Active Directory Premium 1	Microsoft Defender for Cloud Apps
Azure Active Directory Premium 2	Microsoft Defender for Cloud Apps Discovery
Azure Information Protection Premium 1	Microsoft Defender for Endpoint
Azure Information Protection Premium 2 (only E5)	Microsoft Defender for Endpoint Plan 1
Azure Rights Management	Microsoft Defender for Identity
Common Data Service	Microsoft Defender for Office 365 Plan 1
Common Data Service for Teams	Microsoft Defender for Office 365 Plan 2
Exchange Online Plan 2	Microsoft Endpoint DLP (only E5)
Customer Lockbox (only E5)	Microsoft Entra ID
Data Classification in Microsoft 365 (only E5)	Microsoft Excel Advanced Analytics (only E5)
Graph Connectors Search with Index (only E5)	Microsoft Information Governance (only E5)
Information Protection and Governance Analytics Standard	Microsoft Insider Risk Management (only E5)
Information Protection for Office 365 Premium (only E5)	Microsoft ML-Based Classification (only E5)
Information Protection for Office 365 – Standard	Microsoft Records Management (only E5)
Microsoft 365 Advanced Auditing	Microsoft Forms
Microsoft 365 Apps for Enterprise	Microsoft Intune
Microsoft Azure Multi-Factor Authentication	Microsoft Planner
Microsoft 365 Defender	Microsoft Purview
Microsoft Azure MFA	Microsoft Search
Microsoft Customer Key (only E5)	Microsoft Stream for Office 365 E3
Office 365 Privileged Access Management (only E5)	Microsoft Teams
Power Apps for Office 365	Office 365 SafeDocs
Power Automate for Office 365	Office for the Web
PowerBI Pro (only E5)	Office 365 Advanced eDiscovery (only E5)
SharePoint Plan 2	Project for Office (Plan E3)
Universal Print	To-Do (Plan 2)
Windows 10/11 Enterprise	Whiteboard
Microsoft Data Investigations (only E5)	Windows Update for Business Deployment Service

Electromobility

Whistleblowing System

Job Openings

Reporting: Sustainability report 2022

Financial Reports

Announcements

AMER

EMEA

Select a location

EMEA

AMER