Recording of calls and meetings on Microsoft Teams

Introduction

This Privacy Statement explains why and how BDO LLP and our subsidiaries ("we" or "us") will use your personal data when you attend an audio call or video enabled meeting via Microsoft Teams ("Teams Meeting") that is recorded by us.

We are committed to the protection of personal data and to fair and transparent processing. If you have any questions about this Privacy Statement you can contact our Data Protection Officer via email at dpo@bdo.co.uk.

Data controller

BDO LLP (a limited liability partnership registered in England with number OC305127, with a registered address of 55 Baker Street, London, W1U 7EU) is registered as a data controller under registration number Z5799637.

Security of personal data

We have policies, procedures and training in place in respect of data protection, confidentiality and information security. We regularly review such measures with the objective of ensuring their continuing effectiveness.

Microsoft Teams data is encrypted in transit and at rest in Microsoft services, between services, and between clients and services.

The information we may hold about you

When you attend a Teams Meeting, your name, image, email address and contributions via the chat function may be captured in the recording of that meeting.

Special category personal data and details of criminal offences

Certain types of personal data, known as special category data, are subject to additional safeguards under data protection law. Special category data covers personal data that reveals or concerns:

  • Your racial or ethnic origin
  • Your political opinions
  • Your religious or philosophical beliefs
  • Your membership of a trade union
  • Your physical or mental health or condition
  • Your sex life or sexual orientation; or
  • criminal allegations, proceedings or convictions

We do not process special category data during a Teams Meeting. However, if you voluntarily disclose such personal data during a Teams Meeting, we shall treat your disclosure as your explicit consent for us to hold that data.

Our purposes and legal reasons for recording a Teams Meeting

We only record a Teams Meeting where the recording is:

  1. Necessary for the performance of our contract with you or for us to take steps at your request prior to entering a contract with you; or
  2. Necessary for us to comply with our legal obligations; or
  3. Necessary for the purposes of the legitimate interests pursued by us or third parties. For example, to support the wellbeing of our people and promote a supportive work environment, or to deliver training and knowledge sharing including live broadcast events to clients, audited entities or third-party participants.

Provision of personal data to third parties

We will only share personal data with third parties where we are legally permitted to do so.

Where we transfer personal data to third parties, we will put in place appropriate contractual arrangements and seek to ensure that there are appropriate technical and organisational measures in place to protect personal data.

We may share personal data processed during a Teams meeting with:

  • Microsoft, our cloud-based software providers and data back-up and security/storage providers
  • Auditors and advisers, as required by law or as reasonably required in the management of our business
  • Third parties such as regulators and law enforcement agencies where we may be requested or compelled to disclose personal data. We will only provide personal data to such parties where there is a legal requirement or permission to do so

International transfers of your personal data

We will not transfer personal data processed as part of a recorded Teams Meeting to third parties located outside the UK or the European Economic Area.

Data retention

We will only keep personal data processed as part of a recorded Teams Meeting for as long as necessary for the purposes for which it was collected, or as required by applicable law or regulation.

Your rights

You have rights in relation to any of your personal data held by us as a data controller. Should you wish to exercise your rights, please contact our Data Protection Officer via email at dpo@bdo.co.uk. We will endeavour to respond to any request promptly and within any legally required time limit.

You also have a right to update your personal data that we hold. To do so, please either update the personal data via the web page or applications open to you, contact your usual BDO contact or otherwise contact our Data Protection Officer via email at dpo@bdo.co.uk.

Where we process your personal data based on your consent, you have a right to withdraw consent at any time. Should you wish to do so, please contact our Data Protection Officer via email at dpo@bdo.co.uk.

Finally, in addition to the rights above, you may also have other rights in relation to personal data, including a right to erasure/deletion, the right to data portability and the right to restrict and/or object to our processing of personal data.

Complaints

Should you wish to complain about our use of your personal data, please contact our Data Protection Officer via email at dpo@bdo.co.uk. We will investigate all complaints received and will endeavour to respond to complaints promptly.

You may also complain about our use of personal data to the Information Commissioner's Office. For further information on your rights and the complaints process, please visit the Information Commissioner' Office website: ico.org.uk/your-data-matters/.