Enter your keyword

Privacy policy for Microsoft Bookings

regarding data processing and your privacy  rights


The protection of personal data of our employees, customers and business partners is important to us. Additionally, there are legal requirements that obliged us to protect this data. Due to this responsibility and legal obligation, we would like to inform you about the processing of your personal data within the scope of Microsoft Bookings and your rights as a data subject,in accordance with Art. 13, 14 of the General Data Protection Regulation (GDPR)

We are providing you with this information to ensure transparent processing of personal data. We process your personal data exclusively in accordance with the applicable data protection laws, in particular the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).


  1. The controller responsible for processing your personal data:

Lurse Pension & Benefits Consulting GmbH
Winkhauser Straße 15
33154 Salzkotten

Telephone: +49 5258 9818-0
E-mail: info@lurse.de
Internet: www.lurse.de


  1. Contact details Data protection officer of the controller:

Maisel Consult
Oliver Maisel
Kämmereigasse 2
95444 Bayreuth

Phone: +49 921 793 07 07
E-mail: datenschutz@maisel.co


  1. Personal data that we process

The controller uses the “Microsoft Bookings” service of Microsoft Ireland Operations Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland or Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. For further information on the processing of your personal data, please refer to Microsoft`s Privacy Statement.. Within Microsoft Bookings, we process personal data in electronic form, that is necessary within the scope of the employment and customer relationship, as outlined below:

  • Contact and communication data (business and private): name, first name, telephone number, e-mail address
  • Appointments (time and location details with company address)
  • Types of Appointment : virtual or in-person ; appointment types such as consultation, group event, seminar, etc.
  • Availability of Lurse users
  • Information in free-text fields regarding appointment content, such as company pension scheme, process, insurance, etc.

Within the scope of the employment and customer relationship, you are only required  to provide the personal data necessary for appointment scheduling with Microsoft Bookings.

Microsoft Bookings includes a notification feature that informs users via email about  appointment bookings. You can use an online booking function integrated into our website, which serves as a self-service tool for appointment booking and cancellation.. Information regarding the processing of  personal data on our website at www.lurse.de can be found in a separate privacy statement at www.lurse.de/en/privacy-policy/

Microsoft Bookings is integrated into Outlook and is also available as an app. Each appointment booked online generates a meeting link that is sent to the participants, allowing them to join  via a web browser, telephone dial-in or the Teams app.


  1. Data subjects

The following are affected by this data processing:

  • Employees of the controller and the clients
  • Former employees of the client companies
  • Customers or contact persons of customers


  1. Purpose and legal basis of data processing

We process the personal data outlined above  for the purpose of planning and managing  appointments, which includes fulfilling contractual obligations within the scope of  the employment and customer relationship, as well as  for legal purposes.

Any further processing of your data for purposes other than those related to will only take place if this is the employment and customer relationship will only take place if it is compatible with these purposes or if we have obtained your explicit consent. . The legal basis for data processing for contractual and legal purposes is provided by Art. 6 para. 1 b, c GDPR. If you have given us your consent to process personal data and have not revoked it, we process your data in accordance with Art. 6 para. 1a GDPR.

As far as necessary, we  process your data beyond the actual fulfillment of the contract to protect our legitimate interests or those of third parties. This includes the following purposes in particular:

  • the assertion and enforcement of legal claims
  • the preservation of evidence within the framework of statutes of limitation

The legal basis for this data processing results from Art. 6 para. 1f GDPR. We process this data as part of a balancing of interests to protect our legitimate interests or those of third parties. An overriding legitimate interest exists due to the purposes described.


  1. Origin of the personal data

We collect this data directly from you, either by you providing  it to us, entering it yourself or by us determining it based on your activities with us.


  1. Recipients of personal data, forwarding to third parties

Within our organization, only positions and individuals who require access to your data for the fulfillment of contractual or legal obligations will have access to it. Users of the customer-specific calendar can only see the availability of other users, but not the nature or content of the appointment if the time slot is no longer available. Only the administrators of Microsoft Bookings at the responsible party have further rights. Supervisors also only have the usual user rights.

If service providers are engaged for order processing, this is done only on the basis of Article 28 of the GDPR, following careful selection and examination of the technical and organizational security measures, and ensuring an adequate level of protection according to Articles 44 ff. of the GDPR for service providers outside the EU.

We only transmit your personal data to external third parties if this is legally or contractually required, or if you have given your consent. Recipients of your personal data may include business partners or affiliated companies. The transmission is therefore primarily for contractual purposes.

Data transfers to third countries may occur in the context of technical necessities (e.g. support access) or communication (e.g. video conferences), as well as other exceptions expressly provided for in the GDPR. Otherwise, no transmission to third countries takes place.


  1. Retention period and deletion periods

We primarily store your personal data for the purpose of fulfilling contractual or legal obligations. Your data is generally deleted no later than 12 months after the purpose of the storage ceases to exist, for example, when the contractual service has been provided, the legal basis has ceased to exist, or immediately if you revoke your consent. Storage may also occur if required by law, such as in a number of cases to fulfill legal retention obligations, for example, for commercial letters for at least six years, or for booking data, invoices, and billing for at least ten years, each starting from the end of the year. Deletion will occur after the expiration of the storage period. The data will also be stored as long as there is an overriding legitimate interest, such as for legal enforcement, preservation of evidence within the framework of limitation periods, or data security.


  1. Voluntary nature of the provision of personal data

The provision of your personal data is voluntary, so you are not obligated to book appointments through Microsoft Bookings. However, for the provision of our work-related or customer contractual services, booking an appointment is necessary. If you do not provide us with this data, we may not be able to continue providing our services.


  1. Your rights as a data subject

You have the right to:

  • request information about the personal data we process about you, in accordance with Article 15 of the GDPR.
  • request the immediate correction of inaccurate or completion of your personal data stored by us, in accordance with Article 16 of the GDPR.
  • request the deletion of your personal data stored by us, in accordance with Article 17 of the GDPR.
  • request the restriction of the processing of your personal data, in accordance with Article 18 of the GDPR.
  • receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format, or to request the transmission of this data to another controller (data portability), in accordance with Article 20 of the GDPR.


Right to withdraw consent

You have the right to revoke your consent to the processing of personal data at any time, in accordance with Article 7(3) of the GDPR. As a result, we may no longer continue the data processing based on this consent in the future. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent before its withdrawal. If you wish to exercise your right to revoke consent, a simple notification through any known communication channels is sufficient.


Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority in accordance with Article 77 of the GDPR. Usually, you can contact the supervisory authority of your habitual residence, place of work, or our company headquarters for this purpose.


Right to object

If your personal data is processed based on legitimate interests according to Article 6(1)(f) of the GDPR, you have the right to object to the processing of your personal data in accordance with Article 21 of the GDPR, provided that there are reasons arising from your particular situation or if the objection is directed against direct marketing. In the latter case, you have a general right to object, which we will implement without requiring you to provide specific reasons.

If you wish to exercise your right to object, a simple notification through any known communication channels is sufficient.

After exercising your right to object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims. This does not apply if the processing is for direct marketing purposes. In that case, we will no longer process your personal data for this purpose.