Skip to main content

Microsoft 365 - Privacy notice

Who the council is and what the council does

West Oxfordshire District Council is a data controller under the Data Protection Legislation as the council collects and processes personal information about you in order to provide services and meet their statutory and regulatory obligations.

MS 365 is provided to users with the aim to offer more flexibility and improve communications and collaboration.

This notice explains why the council asks for your personal information, how that information will be used and how you can access your records.

Any questions regarding our privacy practices should be sent to:

Data Protection Officer (DPO)
West Oxfordshire District Council
Council Offices, Witney, OX28 1NB
Email: data.protection@westoxon.gov.uk
Tel: 01993 861194

Why the council needs your information and how the council uses it

The council processes personal data provided in connection with the use of Microsoft 365 for communication and collaboration purposes in accordance with the UK GDPR.

The data may only be used for the purpose of providing the Microsoft 365 services. Microsoft acquires no rights over it and your email or documents held by Microsoft are not scanned for advertising purposes.

For more details, please see Microsoft's Office 365 privacy statement https://privacy.microsoft.com/en-gb/privacystatement

The council does not sell your personal information to anyone else.

What is the legal process for collecting and processing this data

Under the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018, the lawful bases we rely on for processing this information are:

  • UK GDPR Article 6 (1) (e) Public Task – processing is necessary for the performance of a task carried out in the public interest in the exercise of official authority vested in the council.
  • We have a legal basis to process this as part of your contract of employment (either permanent or temporary) following data protection and employment legislation.
    • Staff administration and management of Microsoft 365 for users to have access to the applications
    • Business management and planning
    • Education or training for staff

What type of information is collected from you

  • Name
  • Job title
  • Department
  • Location
  • Directorate
  • council email address
  • content: your meetings and conversation chats, shared files, recordings (recordings capture audio, video and screen sharing activity), attendance and transcriptions
  • profile data: data that is shared within the council (e.g. name, profile picture, e-mail address etc.)
  • image and/or video: should the meeting be recorded
  • phone numbers: call recordings (if required)
  • call history: a detailed history of the phone calls you make, which allows you to go back and review your own call records
  • call quality data: details of meetings and call data are available to the council’s IT Services
  • support/Feedback data: information related to troubleshooting tickets or feedback submission to Microsoft
  • diagnostic and service data: diagnostic data related to service usage

In the context of certain meetings, the council may organise video or audio recording. In the case of video recording, the council will as much as is possible arrange for an opt-out facility for meeting participants who prefer their images are not recorded.

Please note neither the council nor Microsoft can control what you share during meetings and conversation chats. Please refrain from using Microsoft Teams to disseminate special category data (sensitive personal data).

Who your information may be shared with (internally and externally)

The personal data is disclosed, under the need to know basis, to the following recipients:

  • relevant council staff;
  • intended participants of a meeting
  • Microsoft and Microsoft’s processors involved in the data processing necessary to provide the service;

We will not normally share your information with organisations without your consent. However the council will use the information for the purpose of performing any of its statutory enforcement duties. It will make any disclosures required by law and may also share this information with other bodies responsible for detecting/preventing fraud or auditing/administering public funds.

Your information will not be disclosed to any other organisations, except where the council is required and allowed to by law, to safeguard public safety and in risk of harm or emergency situations.

The council will not share your information with third parties for marketing purposes. 

How long the council keeps your information (retention period)

We will only keep your information for the minimum period necessary. The information outlined in this privacy notice will be kept for the period of your employment plus a further six years.

Once your data is no longer needed it will be securely and confidentially destroyed or disposed of the data in line with retention schedules.

How the council protects your information

Your data is stored securely on our systems and accessed only by authorised officers using their own username and password created in line with pre-defined user credentials. Personal data is also held in electronic files on the council’s network drives. These are only accessible through personal logon credentials and access privileges to specific drives. Access to our council sites require a personal electronic pass to access staff only areas. The council has strict procedures for the way this is done. Any and all information about you is treated as confidential and with respect. There are also clear rules and guidance about storing, recording and sharing information which staff receive training on.

Microsoft Teams data is encrypted in transit and at rest in Microsoft services, between services, and between clients and services.

The council will not transfer your personal data outside the EU without your consent.

The council have implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse or unauthorised alteration or destruction.  

Please note however that where you are transmitting information to us over the internet this can never be guaranteed to be 100% secure.  

The council will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.

Your rights

You have the following rights under the Data Protection Legislations:

  • To access your personal data
  • To be provided with information about how your personal data is processed
  • To have your personal data corrected
  • To have your personal data erased in certain circumstances
  • To object to or restrict how your personal data is processed
  • To have your personal data transferred to yourself or to another business in certain circumstances
  • To be told if the council have made a mistake whilst processing your data and the council will self-report breaches to the Commissioner.

How you can access, update or correct your information

The Data Protection law gives you the right to apply for a copy of information about yourself. This is called a ‘Subject Access Request'.

If you wish to see a copy of your records you should contact the Data Protection Officer. You are entitled to receive a copy of your records free of charge, within a month.

In certain circumstances access to your records may be limited, for example, if the records you have asked for contain information relating to another person.

The accuracy of your information is important to us to be able to provide relevant services more quickly. The council is working to make our record keeping more efficient. In the meantime, if you change your address or email address, or if any of your circumstances change or any of the other information the council holds is inaccurate or out of date, please email us or write to us at:

ICT
West Oxfordshire District Council
Council Offices, Witney, OX28 1NB
Email: customer.services@westoxon.gov.uk

Further information

If you would like to know more about how the council uses your information, or if for any reason you do not wish to have your information used in any of the ways described in this privacy notice, please contact the Data Protection Officer at data.protection@westoxon.gov.uk

For more information about data protection please visit: www.westoxon.gov.uk/about-the-council/council-data-and-information/data-protection/

If you are concerned about the way the council is handling your personal information you can contact the Information Commissioner (ICO): https://ico.org.uk/make-a-complaint/

The council reserve the right to update this privacy notice from time to time by publishing a new version on our website.