Miro Digital Whiteboard, Bayer AG

Terms of Use

Information Classification

Data classification for sharing on Miro boards includes INTERNAL and RESTRICTED information. Board owners must classify their boards using Miro's built-in classification function. It is forbidden to share information classified as SECRET on Miro boards.


In case of questions about information classification, please visit the following website or reach out to your Information Classification Caretaker (ICC) (guest users: please approach the Bayer board owner for information on content classification).

Licenses / Edit Permissions

A full license is required to edit boards in Miro. Full licenses are provided upon request and based on availability. The license pool is limited. To give all Bayer employees a chance to participate, strict license management measures are in place. Full licenses are withdrawn after 30 days of inactivity without further warning. Full licenses not being used within 7 days of issuing will be withdrawn without further warning. We may change these rules and timelines based on company requirements at any time.


Every board in Miro has exactly one owner. The owner of a board is responsible for the content, lifecycle and permissions of the board. The owner must adhere to all Bayer policies and applicable laws regarding protection of data.


If employees under Legal Hold contribute to a board, board owners must export the board to Teams / SharePoint after the meeting/workshop to ensure e-discovery.

Authentication & Authorization

All Bayer accounts will access the tool via single sign-on. Board creators become owners and are responsible for the permissions on their board. Sharing via public link is disabled. Sharing boards with the whole company is not allowed.

External Sharing

Third party guests may be invited to boards. They are subject to the same security and data privacy rules as Bayer Employees. Board owners are responsible to remove guest user access as soon as it is not required any more. Board owners are responsible to inform guest users about proper handling of Bayer data. Bayer data may only be shared with external partners if a contract and/or security agreement is in place.


Miro is not an archiving solution. Board content that needs to be preserved must be exported. Boards will be automatically deleted without warning after 3 months of inactivity.

Data Privacy

Board owners are responsible for proper handling of personal identifiable information (PII) in the content of their boards. In general, it should be avoided to store personal data on Miro boards. It is not allowed to store sensitive personal information on Miro boards. Boards containing personal information that goes beyond address book data must be deleted as soon as they are not needed anymore. You can find Miro's Privacy Policy here.

Bayer Miro Data Privacy Statement

The Miro digital whiteboard (hereinafter "Miro") is provided by Bayer AG (hereinafter "Bayer", "we" or "us"). Further information can be found in our imprint.


Unless otherwise indicated below, the legal basis for the handling of your personal data results from the fact that such handling is required to make available the functionalities of Miro as a collaboration platform (Art. 6 (I) (f) GDPR).


The following types of personal data are processed:


  • Address book and login data: first name, last name, business email address, ip address, time stamp
  • Technical information: browser, operating system, device, time stamp
  • Activity information: login and board access events including time stamp

Data is deleted according to the following policy:


  • Invited users that do not have activated their invitation after 30 days
  • Users without board affiliation after 30 days
  • Users inactive for at least 12 months
  • Boards that have been inactive (not been opened) for at least 3 months
  • Log files older than 12 months

The following contacts will be glad to assist you with any matters related to data privacy.
For any questions you may have with respect to data protection, please send us an email to data.privacy@bayer.com or contact our company data protection officer at the following address:


Group Data Protection Officer
Bayer AG
51368 Leverkusen


We reserve the right to update this data privacy statement from time to time. Any updates of this data privacy statement will be announced in HowITWorks. Amendments will enter into force upon being announced in HowITWorks. We recommend that you visit the site regularly so that you are informed about any updates that may have been made.