Microsoft Teams privacy notice
How we process your data when using Microsoft Teams for communication and/or collaboration purposes.
This departmental privacy notice should be read in conjunction with the Council's corporate privacy notice.
Using your data
If you participate in a Council-organised Microsoft Teams meeting or conversation chats via Microsoft Teams, the Council will be processing your personal data. The personal data is collected and stored in Microsoft’s Cloud servers or Council devices/servers.
The Council may organise video or audio recording where required for certain meetings. In such instances participants are made aware that recordings will start.
The personal data that the Council processes includes:
- Your meetings and conversation chats, shared files, recordings (where a meeting has been recorded), captured audio, video and screen sharing activity, attendance and transcriptions
- Profile data - data that is shared within the Council (e.g. name, profile picture, email address etc)
- Image and/or video, should the meeting be recorded
- Call history - a detailed history of the phone calls you make via MS Teams. Details of meetings and call data are available to the Council’s IT services
- Information related to troubleshooting tickets or feedback submissions to Microsoft
- Diagnostic and service data related to service usage
Neither the Council nor Microsoft control what is shared during meetings and conversation chats. Please avoid using Microsoft Teams to disseminate special category data (sensitive personal data).
Why we are allowed to use your data
The lawful basis for the conducting of Teams meetings under UK GDPR Article 6 will, dependent on the subject matter, be either Legal Obligation or Public Task. The relevant legislation in relation to Public Task will include but is not limited to:
- The Local Government Act 1974
- The Localism Act 2011
- The Equality Act 2010
- Freedom of Information Act 2000
- Environmental Regulation 2004
- Data Protection Act 2018
Sharing your data
Personal data is shared on a need-to-know basis only with, for example:
- Relevant Council staff
- The Council’s IT Team, to provide a service
- Microsoft and Microsoft’s processors who are involved for the purposes of processing data to provide a service
- Intended participants of a meeting
Your display name will be visible to any other person within the meeting.
How long we will keep your data
The Council will only keep your information for as long as is necessary for the purpose it was collected, and in line with statutory and/or business requirements.
Transcripts of Teams meetings will be retained on Teams for a period of 60 days.
Video recordings will be retained on Teams for a period of 60 days.
Chat messages will be retained for a period of 60 days.
Calls made by Teams telephony will be retained in Teams for a period of 28 days.
How your data is protected
The Council has appropriate technical and organisational measures to safeguard and protect personal data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. The Council has ISO 270001 Information Security accreditation.
Microsoft Teams data is encrypted in transit and at rest in Microsoft services, between services, and between clients and services.
Using your data to make automated decisions
We do not use your data to make automated decisions.
Data sent to countries outside of the EEA
Generally, the Council will not process your personal data outside of the UK or the European Economic Area (EEA). In exceptions where we do, we will ensure equivalent data protection controls are in place.
Further information
To see what data is collected and how to exercise your rights to your data, please read our corporate privacy notice.