Skip to main content

PRIVACY AND DATA PROTECTION POLICY

Last Updated: February 18, 2025

Teams Plus (“we,” “our,” or “us”) takes your privacy seriously and is committed to protecting personal data in compliance with applicable laws and regulations. This policy sets out how we collect, use, and disclose data related to our proprietary applications and services (the “Services”).

This policy is consistent with Privacy and Data Protection laws from the following governing bodies, including but not limited to:

  • FCC (Federal Communications Commission)
  • PIPEDA (Personal Information Protection and Electronic Documents Act)
  • CRTC (Canadian Radio-television and Telecommunications Commission)
  • CALEA (Communications Assistance for Law Enforcement Act)
  • HIPAA (Health Insurance Portability and Accountability Act)
  • GDPR (General Data Protection Regulation)
  • Provincial Privacy Laws

This policy applies to all employees, contractors, and relevant third-party vendors acting on behalf of Teams Plus. It governs their handling of personal data while working remotely (from home, public locations) or on-site (in data centers or offices).

What Information Do We Collect?

We collect a variety of personal data needed to ensure system and service compliance. This personal information includes, but is not limited to:

  • Identifiers: Such as name, address, email address, and phone number.
  • Service-Related Data: Including call usage logs, which are handled under Customer Proprietary Network Information (CPNI) regulations.

Additional information may be tracked for specific cases including the lawful interception of data under CALEA (U.S.) and Lawful Access and Interception (LAI) standards governing Canadian telecom privacy.

Why Do We Collect Information?

Teams Plus collects personal and service data to:

  • Comply with critical regulatory frameworks including PIPEDAHIPAA, and GDPR.
  • Facilitate lawful fulfillment of Telecom Relay Service (TRS) and mandated communications services.
  • Manage data privacy rights as defined under GDPRCCPACPRA, and Canadian provincial privacy laws.

Data Protection Impact Assessments (DPIAs)

To comply with privacy regulations such as GDPR and PIPEDA, Teams Plus conducts Data Protection Impact Assessments (DPIAs) when:

  1. Implementing new projects, systems, or processes that involve the processing of personal data.
  2. Assessing privacy risks as part of the organization’s Risk Assessment and Treatment Policy.

DPIA Process:

The DPIA is designed to:

  • Identify and evaluate privacy-related risks posed by new or significant changes to data processing activities.
  • Mitigate identified risks with suitable safeguards for personal data.
  • Document findings to demonstrate compliance with privacy regulations.

DPIAs are mandatory for personal data processing activities with potential high privacy risks, such as customer account management, call log analytics, and third-party data sharing.

Data Transfers and Sovereignty Cross-Border Data Transfers

For international data transfers, Teams Plus complies with the following mechanisms and regulations:

  1. Standard Contractual Clauses (SCCs):
    SCCs or equivalent mechanisms are implemented for all cross-border transfers outside regions with data adequacy agreements, including transfers from the EU to Canada and the U.S.
  2. Canadian Data Residency:
    Data related to Canadian customers must remain within Microsoft Azure’s Canadian data centers unless otherwise authorized.
  3. Data Sovereignty Compliance:
    • For EU customers: Comply with GDPR’s SCCs and ensure transferred data is protected with equivalent safeguards.
    • For Canadian customers: Ensure onward flows of data from Canada comply with PIPEDA and third-country data-sharing rules.

Encryption for Transfers

All data transfers must use state-of-the-art encryption (e.g., TLS 1.2 or higher) to ensure compliance with GDPR, PIPEDA, and related frameworks.

Disclosure Restrictions and Legal Requests

Marketing and Disclosure Restrictions:
Data collected for telecom services like SMS marketing will not be shared with third parties or affiliates for marketing purposes without explicit consent, as required by FCC and CPNI rules.

Law Enforcement Compliance:
When legally mandated, Teams Plus cooperates with law enforcement to comply with lawful information requests, following CALEA (U.S.)CPNI, and other regional requirements. SCCs are referenced as applicable for cross-border disclosures.

Tracking Technologies and Privacy Choices

Our services use cookies and other tracking technologies for both performance and security monitoring.

User Consents:

Users can manage tracking preferences and opt-out in accordance with:

  • CASL (Canada)
  • CCPA/CPRA (California)

Incident Reporting Breach Notifications

If Teams Plus encounters a data breach involving personal data under GDPR or CPNI compliance, customers and relevant authorities will be notified within 72 hours, per regulatory requirements.

Incident Response and Mitigation

Our internal Incident Response Plan incorporates DPIA findings to manage the privacy impact of breaches and data compromises promptly and effectively.

Data Retention and Security Practices

Data is retained only as long as necessary under legal obligations as set by FCCPIPEDACPNI, and applicable telecom regulations. Retention and disposal processes are informed by DPIAs and documented in encryption-secured systems.

Changes and Contacting Us

To ensure compliance and transparency, any modifications to this policy will be proactively shared with affected customers or data subjects.

If you have privacy concerns or wish to inquire about how Teams Plus manages your data, you can contact our Security Team at security@Teamsplus.com.

Effective Date: 02/18/2025