Privacy Policy

Privacy guide for Analytics 365

This policy is specifically for the Microsoft Teams application “Analytics 365” produced by Micro Plus Software Limited, a company registered in England (company number 02843012), whose principal place of business is at 10 Moorcroft, Harlington Road, Uxbridge, Middlesex UB8 3HD, United Kingdom (“Tollring”).

By using data generated from everyday work in Office 365, Analytics 365 helps you understand how we spend our work time and who we spend it with, and then presents actionable insights how to work smarter and how effectively we are engaging with our co-workers and customers.

This page answers key questions on how Analytics 365 processes information in a manner that protects employee privacy and supports compliance with local regulations, such as General Data Protection Regulation (GDPR).

Summary of key points

  • Analytics 365 is not designed to enable employee tracking, automated decision making, profiling, or monitoring. Analytics 365 provides insights to individuals and team leaders through a customized dashboard within the app to understand and improve customer engagement and experience. Analytics 365 has no mechanism or option that allows anyone but the user to access the personalized information that is displayed through these surfaces, unless that person purposefully and independently shares that information. Insights provided by Analytics 365 cannot be used for automated decision making or for profiling.
  • Analytics 365 does not give employees access to new personally identifiable information on other co-workers. Analytics 365 converts data into insights by performing calculations on information that people generate just by going about their work day. The majority of the data that employees see in Analytics 365 is simply an aggregation of information to which they already have access, but that they wouldn’t be able to quickly perform calculations on without some support. It purely takes the information people currently have access to and provides a holistic view of this information.
  • Analytics 365 data is processed and stored in the Azure Cloud. Analytics 365 processes data from these sources: Teams meetings, chat and calls from the Microsoft Graph API with both the organization’s IT administrator and an individual opt in process. Analytics 365 stores and processes this data inside a secure Azure Cloud service.
  • Analytics 365 supports General Data Protection Regulation (GDPR) compliance. Tollring has designed Analytics 365 to support customers’ needs to comply with GDPR requirements. Click here for more information.
  • Once the administrator assigns a license of the Analytics 365 service to a person, that person is automatically opted in. Administrators can configure Analytics 365 to be ‘off’ for any specific individuals within the organisation so that people can choose for themselves whether to opt in after being assigned a license.
  • Analytics 365 stores data for 12 months. While a person has an active subscription, all incremental data will be populated to the service. Analytics 365 allows people to review up to 12 months of historic data. The service will only hold your data for a rolling 12-month period.
  • When an employee is unsubscribed, their data will be removed. When this happens, incremental data will immediately stop being made available to the service. All historic data pertaining to the person will be removed from the service within 30 days of termination of the service.

How Analytics 365 works

Analytics 365 presents insights using dashboards that consist of “KPI” cards. These insights are provided by using the Graph API:

Microsoft Graph

Analytics 365 is a third-party application that’s built on Microsoft Graph. Microsoft Graph consists of a set of REST-based API calls that allow developers to interact with the Microsoft technologies that a given organization uses. In order to use these API calls, developers must have specific permissions to access any data they request. Administrators control both the deployment of any Microsoft Graph application and permissions to access these applications.

The Microsoft Graph cannot be turned on or off globally through the Office 365 Admin Center, but administrators can achieve this effect by blocking employees’ ability to install third-party apps or by restricting developer access permissions. Learn more about Microsoft Graph.

Assistance for people managers

People managers often have hectic schedules and it can be tough to stay in close contact with each team member and with customers alike. Analytics 365 brings together all the information managers need to stay caught up and respond quickly to important requests. Analytics 365 provides People managers with the tools to understand how people engage with external customers across all forms of collaboration.

All assistance for managers in Analytics 365 relies exclusively on information from the manager’s own Groups; managers do not receive any incremental information from team members that could be used for performance management. For example: managers can use Analytics 365 to review how many meetings and how long a team member spends in a given period dealing with specific customers, interacting with specific Teams, or working with specific co-workers. Managers cannot see an individual team member’s chat detail.

Managers are identified by using Azure Active Directory. The feature is only available to users who have direct reports listed in Azure AD.

Managers have the option to edit their team list if they notice any inaccuracies. Any changes the manager makes are used only in their Analytics 365 experience, and are not synchronized back to Azure AD.

Privacy settings

Analytics 365 provides flexible and configurable controls that are designed to enable organizations and their members to address varying legal and policy needs regarding privacy and use of employee data. When enabling Analytics 365 for the organization, admins can make the following choices:

  • Determine which people have access to Analytics 365. Admins can determine which people can access Analytics 365 data by assigning permissions to only those people who should have access.
  • Determine individual subscriptions. Analytics 365 can be configured to be “default on,” which means that licensed employees automatically contribute to incremental data and have access to their dashboard via the Teams App, but can subsequently opt out through the Settings menu.
  • Determine which employees in sensitive roles should be excluded from incremental data.Some organizations may have employees in sensitive roles who should never contribute to incremental data. To support this, Analytics 365 provides admins with the ability to mark these people as “unsubscribed.” Unsubscribed users cannot opt in to contribute to incremental data.
  • All employees in your organization contribute to incremental data only when they are issued a license with the Analytics 365 service.
  • Analytics 365 is automatically enabled, and a license assigned to employees who belong to the Microsoft Groups (Teams or Distribution) you require insights for. Whilst a license is automatically enabled for all employees within the Microsoft Group, administrators can unsubscribe employees on an individual basis.

GDPR Compliance

Analytics 365 helps support compliance with GDPR requirements. Tollring helps data controllers meet the following obligations for Analytics 365:

  1. Secure and protect personal data of users. Analytics 365 data is stored securely in the Microsoft Azure Cloud. This data is solely used by the subscribed user:
    • Tollring will not mine customer data in Exchange Online for advertising.
    • Tollring will not voluntarily disclose any customer data to law enforcement agencies.
    • Tollring will meet all requirements related to encryption of data and implement controls to reduce security risks and help ensure business continuity, as described in its ISO 27001 policies and procedures.
  2. Notify users in the event that a breach is detected. Tollring will notify customer privacy contacts within 72 hours of Tollring becoming aware of a breach by using Tollring’s standard operating procedures.
  3. Honour user requests (DSRs) to export, delete, or restrict processing personal data. Tollring supports your need to honour user requests in the following ways:
    • Data export requests: Users can go to the Analytics 365 dashboard while signed in to their account to view the insights that are generated about how they spend their time at work. They can download Analytics 365 insights if they want to have permanent copies of their information.
    • Request to restrict processing:
      • Unsubscribe to Analytics 365 by changing your subscription. This automatically stop all relevant data from being generated and all of your historic data will be deleted within 30 days. To learn more, see GDPR Compliance.

Marketing and Opting Out

We may also use your contact information for our legitimate business interests including for marketing, market research and related purposes, such as providing you with information about our products and services, or related products and services via e-mail which may be of interest to you. We will never share your Personal Data with third parties for marketing purposes. 

You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you, or by contacting us at marketing@tollring.com. Where you opt out of receiving these marketing messages, this will not apply to Personal Data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions.

Contact Us

We welcome your feedback regarding this privacy policy. If you have questions, comments, or concerns please contact us by:

Email: analytics365@tollring.com

Postal address:
10 Moorcroft, Harlington Road, Uxbridge, Middlesex, UB8 3HD, UK