M365 Terms of Use

By using M365, you agree to these terms.

1. Responsible entity for operating the Microsoft 365 platform in the Fr. Sauter Group

Fr. Sauter AG
Im Surinam 55
Postfach
CH-4058 Basel, Switzerland
Tel. +41 61 695 55 55

2. General provisions for the use of M365 components

2.1 Use of the platform

When using the platform, we ask that you act in accordance with the values of Fr. Sauter AG. We are committed to the following principles:

• Openness
• Transparency
• Trust
• Data protection and security

2.2 Purpose of use

M365 and its components are used at Fr. Sauter AG exclusively for business purposes. Private use of the email functionality is not permitted and is subject to spot checks.

The purpose of using the platform is business communication and collaboration in the context of projects, orders and internal processes, as well as ensuring the fulfilment of contractual obligations in relation to external parties.

2.3 Scope of use

Use of the tools is only permitted within the scope of the modern workplace environment as defined by Fr. Sauter AG, and within the specific use cases established by each individual company and department.

Under the BYOD policy, M365 may also be used on personal mobile devices or tablets.

Using the M365 platform for purposes or actions that violate applicable law (such as copyright law) is strictly prohibited. In such cases, Fr. Sauter AG may be legally required to provide relevant information to law enforcement authorities.

3. Need-to-know principle

Permissions and access rights are granted according to the need-to-know principle. This means that individuals receive access only to the information that they need. Content and documents may be shared solely on this basis, whether in OneDrive, SharePoint or in Microsoft Teams, for example.

4. Data classification and confidentiality agreements

To ensure compliance with legal and contractual obligations, particularly those arising from confidentiality agreements (NDAs), a data classification scheme with various categories has been introduced. This data classification must be observed when using M365. This applies especially when sharing data and when handling confidential or secret information.

5. Storing and sharing data

When using M365, various areas are available for storing and collaboratively editing data. We ask users to handle the data with appropriate care and to store it with the applicable data classification as follows:

OneDrive is personal, while Teams and SharePoint Online are for groups.

In principle, data of all classification levels can be stored in OneDrive and SharePoint Online.
The following rules apply to data storage in OneDrive and SharePoint:

6. Training

All the information you need to use the platform will be provided during training sessions.

7. Administration

Administrators each have their own dedicated account for administrative tasks and for time-controlled access to administrative tools. The use of these tools is strictly monitored and permitted only within the scope of the duties assigned to each administrator.

8. Special notes on using the M365 component Microsoft Teams

Microsoft Teams is the central hub for collaboration, working together on documents, chatting and holding meetings.

8.1 Transparency and courtesy

All members of a team or meeting, whether from Fr. Sauter AG or external partners, are required to conduct themselves with the appropriate transparency and courtesy towards everyone in the team space. It is strictly prohibited to share your access credentials for a team space with unauthorised persons or to allow others to participate secretly in a Teams meeting, especially in telephone or video conferences. The functionality of the video conferencing systems used is designed so that each participant can clearly see which video and audio data is being recorded, transmitted or stored.

8.2 Camera function

Employees of Fr. Sauter AG are not obliged to use the camera function during video conferences. Neither can this be demanded by external parties.

8.3 Participation rights

Employees of Fr. Sauter AG are entitled, in accordance with their privacy rights, to have their concerns about the use of video and audio data relating to them respected by other participants, including external parties. Employees of Fr. Sauter AG are thus entitled to have a say in decisions – including those involving external participants – about whether external users may join meetings automatically, whether conference partners may control local cameras, whether application sharing should take place, and in what form.

8.4 Recording Microsoft Teams conference calls and live events

Recording of a Microsoft Teams meeting is disabled by default, but can be enabled by participants.

Microsoft Teams live events or town hall meetings may be recorded from the start, provided the following condition is met:

• The recording of the Teams live event or town hall meeting is announced in advance.

As a general rule, video and audio recordings may only be made with the consent of the participants involved. The purpose of the recording and the consent of the participants are documented within the recording itself. Each participant has the right to receive a copy of the recording.

The participants jointly determine how the recorded video and audio data may be used for the stated purpose. In the absence of such an agreement, the data will be deleted immediately after the conference.

9. Use of AI and of AI features in Microsoft 365

9.1 Basis

The local regulations on the use of AI and the related procedural instructions apply. If the local regulations contain stricter rules or exceptions to these terms of use, the local regulations take precedence.

9.2 Microsoft Copilot

It is possible to use M365 Copilot (Enterprise – paid version) and the associated interfaces within applications. These products are paid add-ons and form part of the M365 environment of the Fr. Sauter Group.

9.3 Prohibitions and forbidden actions using Microsoft Copilot

Use of the environment is only permitted in a business context. Private use is prohibited.

The environment must not be used to share or distribute content that is protected under criminal law or copyright law.

Misuse of M365 can lead to consequences. This means:

• Act only within the law and comply with the applicable code of conduct.
• Do not attempt to hack or circumvent Copilot in any way.
• Do not attempt to research the Copilot AI or access the source code or algorithms.
• Do not enter or share any highly confidential company information.
• If your work involves sensitive and confidential material, make sure that the Copilot output is stored in a properly secured location.
• Do not engage in activities that exploit, harass, harm or threaten to harm others.
• Be respectful when collaborating and when using Copilot.
• Do not send spam or create it. Spam refers to unsolicited or unwanted mass emails, posts, prompts, requests, SMS (text messages) or instant messages.
• Do not use the Copilot environment to create or distribute inappropriate content or materials such as nudity, explicit imagery, pornography, abusive language or depictions of violence or criminal activity.
• Do not engage in fraudulent, false or misleading activities such as requesting money under false pretences or manipulating software.
• Do not circumvent any access restrictions for the Copilot function.
• Do not engage in activities that are harmful to you, to the Copilot software, or to others, including transmitting malware, stalking, publishing terrorist content, spreading hate speech or advocating violence against others.
• Do not infringe the rights of others, for example by unauthorised distribution of copyrighted music or other protected material.
• Do not engage in activities that violate the privacy of others.
• Do not assist others in breaking these rules.
• Please note that any misuse of Microsoft 365 will be logged and transmitted to the United States, where it will be stored to determine possible consequences. Any breach of these terms of use may result in disciplinary action.

10. Special notes on enhancing cybersecurity when using tools

10.1 Tools

Various tools are used as part of the measures to strengthen cybersecurity. These provide protection against spam, phishing, attacks on the infrastructure and attacks on user identities.

10.2 Warnings

When the tools are used, warnings and information are also displayed for users. Please read these carefully and respond with appropriate vigilance. If unsure how to proceed, contact your line manager or consult the service desk.

10.3 User information and supporting cybersecurity

Please always be vigilant when using the Microsoft 365 platform. Mark unusual and suspicious emails as spam and do not open any files or links that you receive from unknown senders or that you suspect may contain malware.

11. Reporting a violation of these terms of use

If you read, hear, or see inappropriate, discriminatory or threatening behaviour, or the disclosure of confidential information, please report this behaviour or disclosure to a company contact at m365@sautergroup.com

12. Suspension and deletion of access

We may temporarily suspend or permanently terminate your access. This happens automatically if your account poses a high security risk. Your access will also be suspended if you are no longer employed within the Fr. Sauter Group, and it will then be automatically deleted after 90 days.