Effective Date: December 5, 2025

Privacy Policy

This policy is specifically for the Microsoft Teams application “Analytics 365” produced by Micro Plus Software Limited, a company registered in England (company number 02843012), whose principal place of business is at 10 Moorcroft, Harlington Road, Uxbridge, Middlesex UB8 3HD, United Kingdom (“Tollring”).

By using data generated from everyday work in Office 365, Analytics 365 helps you understand how we spend our work time and who we spend it with, and then presents actionable insights how to work smarter and how effectively we are engaging with our co-workers and customers.

Data Privacy

Analytics 365 converts data into insights by performing calculations on information that people generate through call and collaboration activity in Microsoft Teams, providing those with permissions access to metrics to help facilitate business decisions. The suite of applications is designed to deliver dashboards that help to review and improve customer engagement and experience. Where calls are recorded using Analytics 365, privacy settings ensure that the right people have access to the content of conversations:

• Analytics 365 Call Analytics provides an overview of call activity by user, group and call queue. Permissions within the application restrict data to ensure the right users have access to the right information.
• Analytics 365 Call Recording provides recording of Teams PSTN calls and Teams to Teams meetings. Recording policies and permissions can be set to ensure the right calls are recorded and the right people have access to play back conversations.
• Analytics 365 Conversation Analytics transcribes conversations for analysis. Sentiment and conversation topics can be used to quickly find the conversations that matter. Recording policies and permissions can be set to ensure the right calls are recorded and the right people have access to analyse conversations.
• Analytics 365 Collaboration Analytics provides insights to individuals and team leaders, delivering a holistic view of collaboration activity across the organization. Permissions within the application restrict data to ensure the right users have access to the right information. Administrators can configure Analytics 365 collaboration analytics licences to be ‘off’ for any specific individuals within the organization.

When signing up to Analytics 365, authorisation need to be granted to allow Microsoft 365 to synchronise with the application. Please note: disabling these permissions will restrict the analytics displayed and application performance will be sub-optimal. 

• Analytics 365 Call Analytics requires the following authorisation:
  • Organization to synchronise users, groups and call queues.
  • Access to call data.
  • Access to presence and incoming number data.
• Analytics 365 Recording and Conversation Analytics requires authorisation to synchronise users, groups and call queues and to enable the recording interface.
  • When granting permission, two users will be created in your Azure directory which should NOT be deleted. These users are associated with your Microsoft recording policy and direct traffic to the recording portal.
  • Once permission has been granted, you will also be asked to set up your Microsoft recording policy, select users to be recorded and disable/enable the Microsoft recording audio notification for participants who are not using the Teams app.
  • The Analytics 365 Recording Client app can be used by licensed recorded users to pause, resume and discard recordings. Users can download the Analytics 365 Recording Client app, or search for it in Microsoft Teams apps.
• Analytics 365 Collaboration Analytics requires authorisation to provide data on licensed users:

• Is enabled to access basic user profiles in Microsoft 365. Managers are only identified within the application if the organizational hierarchy has been set up with direct report information in Microsoft 365. Managers have the option to edit their team list if they notice any inaccuracies. Any changes the manager makes are used only in their Analytics 365 experience, and are not synchronized back to Azure AD.

• • Calls. Enable analytics on call events made.
  • Messages. Enable access to provide general analytics on messages. Messages are processed by Microsoft to deliver a sentiment score to the application. It is NOT possible to access the content of messages / personal chat.
  • Meetings. Enable to provide analytics on meetings.

Privacy Settings

Analytics 365 provides configurable settings and controls within the applications, that are designed to enable organizations and their members to address varying legal and policy needs regarding privacy and use of employee data. When enabling Analytics 365 for the organization, administrators can make the following choices:

• Determine which people have access. Admins can determine which people can access Analytics 365 by assigning permissions to only those people who should have access.
• Determine individual subscriptions. Licenses are assigned by administrators and can be revoked at any time. Analytics 365 can be configured to be “default on,” which means that licensed employees automatically contribute to incremental data and have access to their dashboard via the application, but can subsequently opt out through the settings menu.
• Determine which employees should be excluded from incremental data. Some organizations may have employees in roles who should never contribute to incremental data. To support this, Analytics 365 provides admins with the ability to manage settings to ensure these users do not contribute to incremental data. Employees only contribute to incremental data when they are issued a license with the Analytics 365 service.

Data Processing

Analytics 365 data is processed and stored in the Azure Cloud, in the data region specified on sign up. Analytics 365 processes data from the Microsoft Graph API with both the organization’s IT administrator and an individual opt in process.

• Analytics 365 is a third-party application that’s built on Microsoft Graph. Microsoft Graph consists of a set of REST-based API calls that allow developers to interact with the Microsoft technologies that a given organization uses. In order to use these API calls, developers must have specific permissions to access any data they request. Administrators control both the deployment of any Microsoft Graph application and permissions to access these applications.
• The Microsoft Graph cannot be turned on or off globally through the Office 365 Admin Center, but administrators can achieve this effect by blocking employees’ ability to install third-party apps or by restricting developer access permissions. Learn more about Microsoft Graph.

Data Retention

While a person has an active subscription, all incremental data will be populated to the service:

• Analytics 365 stores call and collaboration analytics data for 12 months. Analytics 365 allows people to review up to 12 months of historic data. The service will only hold your data for a rolling 12-month period.
  • When an employee is unsubscribed, their data will be removed. When this happens, incremental data will immediately stop being made available to the service. All historic data pertaining to the person will be removed from the service within 30 days of termination of the service.
• Call recordings are retained for the period specified in the licence name (Eg. 90 day, 1 year, 7 year). While a person has an active subscription, all incremental data will be populated to the service.
  • If all subscriptions are cancelled, recordings should be downloaded.

GDPR Compliance

Analytics 365 supports General Data Protection Regulation (GDPR) compliance. Analytics 365 has been designed to support customers’ needs to comply with GDPR requirements. Click here for more information specific to GDPR. Tollring helps data controllers meet the following obligations:

• Secure and protect personal data of users. Analytics 365 data is stored securely in the Microsoft Azure Cloud. This data is solely used by the subscribed user:
  • Tollring will not mine customer data in Exchange Online for advertising.
  • Tollring will not voluntarily disclose any customer data to law enforcement agencies.
  • Tollring will meet all requirements related to encryption of data and implement controls to reduce security risks and help ensure business continuity, as described in its ISO 27001 policies and procedures.
• Notify users in the event that a breach is detected. Tollring will notify customer privacy contacts within 72 hours of Tollring becoming aware of a breach by using Tollring’s standard operating procedures.
• Honour user requests (DSRs) to export, delete, or restrict processing personal data. Tollring supports your need to honour user requests in the following ways:
  • Data export requests: Users can go to the Analytics 365 dashboard while signed in to their account to view the insights generated. They can download insights to have permanent copies of their information.
  • Requests to restrict processing: Unsubscribe to Analytics 365 by changing your subscription. This automatically stops all relevant data from being generated and all of your historic analytics data will be deleted within 30 days. To learn more, see GDPR Compliance.

Tollring acts as a data processor (or sub-processor) on behalf of the Customer in relation to personal data:

• Basic personal data such as:
  • Username
  • Business email
  • Billing contact details
• Traffic data (eg. call detail records) including:
  • A-number, calling subscriber
  • B-number, dialled subscriber
  • Date & time of call including length
• Business call recording media and metadata
• Data Subjects
  • Employees
  • Partners’ customers
  • End customers
• Processing Activities
  • Provision of services to controller
  • Technical support, including fault correction, in accordance with Service Level Agreements (SLA)/ Maintenance & Support Agreements (M&S)
  • Application maintenance

Data Subject Rights

Tollring is committed to upholding the rights of individuals as defined under data protection regulations.
Data subjects have the following rights in relation to their personal data:

(i) Right to be Informed
Individuals have the right to be informed about the collection and use of their personal data.
This privacy policy aims to provide clear and transparent information about how data is
handled within Analytics 365.

(ii) Right of Access
You have the right to request confirmation of whether your personal data is being processed
and to access that data. Please refer to the “Subject Access Request (SAR)” section for how
to submit such a request. SAR request Process

(iii) Right to Erasure
You may request the deletion of your personal data, subject to certain conditions (e.g., if the
data is no longer necessary for the purpose for which it was collected). Requests for
deletion can be submitted through the designated support channels.

(iv) Right to Restriction of Processing
You may request restriction of processing where there is a dispute over the accuracy or the
lawfulness of processing, or if you object to processing and verification is pending.

(v) Right to Data Portability
You may request that your personal data be provided to you or another data controller in a
structured, commonly used, and machine-readable format where the processing is based
on consent or contract and carried out by automated means.

(vi) Right to Object
You have the right to object to the processing of your personal data where processing is
based on legitimate interests or for direct marketing purposes. Tollring will cease processing
unless there are compelling legitimate grounds to continue.

(vii) Rights in Relation to Automated Decision-Making and Profiling
You have the right not to be subject to decisions based solely on automated processing,
including profiling, which produces legal or similarly significant effects. Tollring does not
make such decisions in relation to Analytics 365.

For any of the above rights, you may contact us using the contact information listed in the “Contact Us”
section of this policy. Requests will be handled in accordance with the applicable data protection laws
and within the statutory response periods.

Marketing and Opting Out

We will never share your Personal Data with third parties for marketing purposes. We may use your contact information for our legitimate business interests including for marketing, market research and related purposes, such as providing you with information about our products and services, or related products and services via e-mail which may be of interest to you.

You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you, or by contacting us at marketing@tollring.com. Where you opt out of receiving these marketing messages, this will not apply to Personal Data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions.