Microsoft Teams Privacy Statement

ACID Marketplace Ltd is the trading and membership arm of Anti Copying In Design Ltd (ACID)

Introduction

ACID Marketplace Ltd is committed to protecting your privacy when using Microsoft Teams for communication and collaboration. This privacy statement outlines how your personal data is collected, processed, and stored in compliance with the UK General Data Protection Regulation (UK GDPR).

For a comprehensive overview of how we handle personal data, please refer to our main Privacy Policy.

Data Controller

ACID Marketplace Ltd is the data controller for any personal data processed via Microsoft Teams.

For data protection enquiries, please contact:
Data Protection Officer: Laura Newbold Breen
Email: [email protected]
Telephone: +44 (0)800 080 3230

What Data We Collect

When using Microsoft Teams, we may process the following categories of personal data:

User Identification Data

Name, email address, job title, and organisation details.

Usage Data

Chat messages, meeting recordings, shared files, and other content uploaded to Teams.

Technical Data

IP addresses, device information, and login details.

Purpose of Processing

We process your personal data for the following purposes:

To facilitate secure communication and collaboration.
To conduct virtual meetings and webinars.
To share files and manage projects.
To maintain a record of discussions, decisions, and actions.

Legal Basis for Processing

The legal basis for processing your personal data includes:

Contractual Necessity: To provide the services you have agreed to.
Legitimate Interests: To ensure effective communication and collaboration.
Legal Obligations: To comply with legal and regulatory requirements.

Data Sharing

We do not share your personal data with unauthorised third parties. However, your data may be shared with:

Microsoft Corporation – Acts as our data processor for Microsoft Teams services under our UK-hosted tenant, processing data in accordance with Microsoft’s Data Processing Agreement and our instructions.
Legal or regulatory authorities – Where required by law, court order, or regulatory investigation.

All data sharing is conducted in compliance with UK GDPR, limited to what is strictly necessary for the specified purpose, and governed by appropriate data processing agreements where required.

Data Retention

We retain data collected through Microsoft Teams in line with our business needs, legal obligations, and best practice guidelines. In general:

Chat messages and channel posts – Business communications are normally retained for up to 2 years, and project-related discussions are retained until project completion plus a reasonable period for administration (typically 12 months).
Meeting recordings – Client meetings are normally kept for up to 3 years, internal meetings for up to 12 months, and training sessions until the material is superseded plus a short period for transition (typically 12 months).
Shared files and documents – Project deliverables and contractual documents are usually kept for at least 6 years, while working documents are retained for a shorter period (typically 12 months after project completion).
User profile and technical data – Current employees’ data is retained during employment and for a period afterwards (usually up to 6 years). For external users, we keep data for the duration of the business relationship plus a short period for administration (typically 12 months).

Where possible, Microsoft Teams is configured to automatically delete certain data (for example, meeting recordings after 12 months) unless there is a legitimate business reason to keep them longer. We may retain data beyond the normal periods where required by law, for ongoing legal matters, or for legitimate business interests such as resolving disputes or responding to regulatory investigations.

Data Security

We have implemented robust security measures to protect your data, including:

Encryption of communications within Microsoft Teams.
Secure storage of shared files and data.
Regular audits and updates to our security practices.

Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

Access: Request access to the personal data we hold about you.
Correction: Request correction of inaccuracies.
Erasure: Request deletion of your personal data (where applicable).
Restriction and Objection: Restrict or object to certain processing activities.
Data Portability: Receive your data in a commonly used format.

To exercise your rights, contact our Data Protection Officer using the details provided above.

Updates to This Privacy Statement

This privacy statement may be updated to reflect changes in our data handling practices or legal requirements. We recommend reviewing it periodically for the latest information.

Last Updated: 18^th August 2025

For more information, please visit our main Privacy Policy.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.