Microsoft Online Services Privacy Statement
Last updated: October 2008
Microsoft is committed to protecting your privacy, while delivering services and software that bring the performance, power, and convenience that companies desire in personal computing. This privacy statement explains many of the data collection and use practices of the Microsoft Online Services that link to this Privacy Statement (the "Service").
Notice To End Users: The Service is operated by Microsoft on behalf of the third party who is Microsoft’s customer. Any data Microsoft collects or handles is processed for this third party. Please direct privacy related requests to your Business or Technical Contact at the organization that is providing you this service.
Microsoft is not responsible for the privacy practices of third parties.
Collection, Use and Sharing of Personal Information
We will collect and use personal information to provide, operate, and improve this and other Microsoft products and services. We may also use information to make the Service easier to use, such as by eliminating the need to repeatedly enter the same information.
We may also use the information to troubleshoot problems with the Service or to otherwise address support requests, as well as to provide important information about the product or service being used.
For more information about specific types of information that the Service collects and uses, please see the section below entitled “Information Collected” under each Specific Features Section.
We may supplement the information we collect with information obtained from other companies. For example, we may use services from other companies that enable us to derive a general geographic area based on your Internet Protocol (IP) address.
Information that is collected by or sent to Microsoft may be stored and processed in the United States or any other country in which Microsoft or its affiliates, subsidiaries, or service providers maintain facilities. Microsoft abides by the safe harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of data from the European Union.
Microsoft may disclose personal information if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on Microsoft; (b) protect and defend the rights of Microsoft (including enforcement of our agreements); or (c) act in urgent circumstances to protect the personal safety of Microsoft employees, users of Microsoft sites, products or services, or members of the public.
Third Parties
Except as described in this statement, we will not disclose personal information outside of Microsoft and its controlled subsidiaries and affiliates without consent.
Business Contact: The Services are offered only to organizations, and are not offered to individuals. The Business Contact listed is the current representative of the account holder’s organization. A business contact may access or controls any personal information, including electronic communications, collected by the Service from the organization’s end users. End users should consult with the organization that provides their accounts for information about how the organization handles personal information.
Partners: Microsoft partners may provide additional features or support. Please consult with the partner to find out how the partner uses the information. Business Contacts can stop Microsoft from sharing information with a Microsoft partner at any time by contacting Microsoft Support, as described below.
Other Companies: We occasionally hire other companies to provide limited services on our behalf, such as handling the processing and delivery of mailings, providing customer support, hosting websites, processing transactions, or performing statistical analysis of our services. Those service providers will be permitted to obtain only the personal information they need to deliver the service. They are required to maintain the confidentiality of the information and are prohibited from using it for any other purpose. However, for credit card processing, our fraud detection vendors may use aggregate data to help improve their service. This helps them more accurately detect fraudulent uses of credit cards.
Access to Personal Information
When Business Contacts (or Administrators or Technical Contacts acting as their representative) are logged into any of our Services, they can use the Web portal for that Service to view and modify personal information.
You can also write us through the following means, or as described in the “Contact Us” section below. Please include the words "data protection" in the subject.
For Microsoft Online Services, please follow one of the options for Microsoft Online Services Support.
Communication Preferences
The contact information provided to the Service may be used to send registration information as well as other service e-mails to the Business Contact or to end users. Microsoft may use Web beacons, customized links or similar technologies to determine whether the e-mail has been opened and which links you click in order to help provide you more relevant information.
The Business Contact may also receive marketing or educational e-mails, depending on their contact preferences. The Business Contact may opt-out of future marketing and educational e-mail from the Service by following the specific instructions in the e-mail.
Opting out of marketing and educational e-mails will not affect the delivery of service e-mails, including those containing information critical to your use of the Service and management of your account. You will continue to receive these e-mails periodically unless you cancel the Service.
Security of Your Information
Microsoft is committed to protecting the security of your information. We use a variety of security technologies and procedures to help protect your information from unauthorized access, use, or disclosure. For example, we store the information you provide on computer systems with limited access, which are located in controlled facilities. When we transmit highly confidential information (such as a credit card number or password) over the Internet, we protect it through the use of encryption, such as the Secure Sockets Layer (SSL) protocol.
Support Services
When an authorized representative of your organization submits a support request, Microsoft will consider your organization to have consented to Microsoft handling and processing some of the personal information in your account for the purposes of fulfilling this support request. This may also transfer of your information within Microsoft and across borders, to respond to your support incident with the optimal expertise or in a timely manner.
Microsoft may also collect additional information, including hardware, software, and other information related to the support incident. Microsoft may retain that information for a time in order to assist in diagnosing further problems with your account.
Additionally, Microsoft may send periodic e-mails informing you of technical service issues related to a product or service you requested. You will not be able to choose to unsubscribe to these mailings, as they are considered an essential part of the service you have requested. Additionally, when you contact Support, your organization’s information may be used to better understand your organization’s needs, and to periodically telephone you for a survey of your experience with our current services, about potential new services that may be offered, or to alert you to critical security issues.
Anti-Virus
The Service scans uploaded files for viruses or other aspects of files that may be harmful to the service (malware). Files identified as possibly malware or infected with malware may be retained and used to improve our anti-malware functionality.
Use of Cookies
The Service uses cookies to help protect the integrity of the registration process and to personalize the Service and its Web sites. A cookie is a small text file that is placed on your hard disk by a Web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can read by the Service or the Web site in the domain that issued the cookie to you. Each user has the ability to accept or decline cookies. However, some features of this Service may not run properly if cookies are declined.
Web Beacons
Microsoft Web pages may contain electronic images known as Web beacons—sometimes called single-pixel gifs—that may be used to assist in delivering cookies on our sites and allow us to count users who have visited those pages and to deliver co-branded services. We may include Web beacons in promotional e-mail messages or our newsletters in order to determine whether messages have been opened and acted upon.
If you have questions regarding this statement, you may contact us through Services’ Support. If you do not receive acknowledgement of your inquiry or your inquiry has not been satisfactorily addressed, then please contact us using this Web form.
We will occasionally update this privacy statement to reflect changes in our services and customer feedback. When we post changes to this Statement, we will revise the "last updated" date at the top of this statement. If there are material changes to this statement or in how Microsoft will use your personal information, we will provide notification either by prominently posting a notice of such changes prior to implementing the change or by directly sending you a notification. We encourage you to periodically review this statement to be informed of how Microsoft is protecting your information.
Microsoft welcomes your comments regarding this privacy statement. If you believe that Microsoft has not adhered to this statement, please contact us by using our Web Form. If you have a technical or general support question, please click to learn more about Microsoft Online Services Support offerings.
Microsoft
Privacy - UCG
Microsoft Corporation
One Microsoft Way
Redmond, Washington, 98052-6399 USA
Specific Features to Microsoft Online Customer Portal
Microsoft® Online Customer Portal allows customers to sign up for and manage time-limited trial versions (Service Trials) or make direct purchases of certain Microsoft Online Services.
Trial Period
Service Trials are provided for the purpose of testing the Service before purchase. Microsoft may retain personal information collected during a Service Trial temporarily after the end of the trial period in case you later decide to purchase the Service. However, personal information may be deleted by the Service at any time after the end of the trial period.
Marketing Information
Customers can use the Microsoft® Online Customer Portal to sign up and manage limited-time trial versions of the Service during the Beta period. During registration through Microsoft® Online Customer Portal, customers may consent to be contacted for marketing purposes. If you have provided consent and no longer wish to be contacted, please click the link at the bottom of any marketing e-mail to stop receiving marketing e-mails from the Preview or Trial. For other marketing communications, please follow the instructions above under “Access to Personal Information”.
Credit Card Purchases
If you choose to make a purchase or sign up for a paid subscription service, we will ask for additional information, such as your credit card number and billing address, which is used to create a Microsoft Online Services billing account. For information on changing or deactivating credit card information, please contact us through Microsoft Online Customer Support.
For purchases made prior to October 7, 2008, your billing records can be accessed through https://billing.microsoft.com.
Specific Features of the Business Productivity Online Suite – Standard Service
Information Collected
Personal information collected by Microsoft in
providing or running the Service may include your name, organization, postal
address, e-mail address, telephone number, facsimile number, job title, and
information about your company, as well as information about how you use the
Service.
We may collect certain information about your visit, including the pages you
view, the links you click and other actions taken in connection with the
Service’s Web sites. Additionally, we collect certain standard information
about your use of the Service, including your IP address, browser type and
language, access times and referring Web site addresses.
In the course of running the Service, Microsoft may collect many types of information, and may log that information. Personal information collected and logged may include user’s name, organization, postal address, e-mail address, telephone number, facsimile number, job title, and company information, as well as information about the nature of a user’s usage of our service.
We may collect and log certain information about service visits, including the pages viewed, the links you click and other actions taken in connection with the Service’s web sites. Additionally, we collect certain standard information that your browser sends to every website you visit, such as your Internet Service Provider, IP address, browser type and language, access times and referring Web site addresses.
This can include information collected to assist administrators or other users, including information from Active Directory (“AD”), or collected to compile a new AD, such as an end-user’s first and last name, title, e-mail addresses or aliases, and phone numbers (including office mobile, alternate, pager, fax, or others). Additional information collected may include what components of the Service a user has access to, and information about those components, such as the names of Microsoft® Office SharePoint Online sites associated with your account.
Individual components of the Service, such as Microsoft® Exchange Online or Microsoft® Office SharePoint Online, may collect and use personal information, such as e-mails, files, or documents.
This list of types of information collected is not intended to be a complete or exhaustive of the types of information Microsoft may retain or log in the course of running or improving the Service.
Microsoft® Online Sign-in
Microsoft Online Sign-In configures an end user’s machine for use with the Service, and changes Microsoft Outlook and Windows network settings on your computer. The client also stores your authentication information in order to keep you logged into the network. You have the option of either storing your complete authentication information or signing in with your password at the beginning of each session.
Migration Client
The Migration client will automatically migrate the AD and e-mails from your existing mail solution to Microsoft Online and Exchange Online.
Security Notice: The migration client will create additional unencrypted copies of your end users personal information on your computer. Please consult the migration client documentation for information on how to find and remove these files from your computer.
Microsoft® Directory Sync Client (“Directory Sync”)
Directory Sync transfers information from your AD to Microsoft for use with the AD for the Service. If you load the client and turn on the Directory Sync feature in the Microsoft Online Administrative Center, Directory Sync will collect all information in AD and then regularly and automatically connect with Microsoft to provide updates to the online version of your AD. This feature will update AD information for each new end-user, including, if available, the new end-user’s first and last name, title, e-mail addresses or aliases, and phone numbers (including office mobile, alternate, pager, fax, or others). Directory Sync uses this information to create a new account for the end-user in the Service. Directory Sync also transmits your IP address and authentication credentials, in the course of running this feature.
Microsoft® Exchange Online
Microsoft® Exchange Online is the hosted e-mail component of the Service.
Microsoft® Office Outlook 2007: In Outlook, the Outlook privacy statement describes what information is transmitted to Microsoft. If using Outlook in conjunction with Microsoft Exchange Online, significant additional information will be transmitted to and stored by Microsoft, as part of this Service. This includes all information in your Service mailbox, as long as you are connected to Microsoft Exchange Online
Microsoft® Office SharePoint Online
Microsoft® Office SharePoint Online is
the document sharing and collaboration component of the Service.
Security Notice: Users who are not on a computer using the Microsoft®
Online Sign-in Client you may be prompted to enter credentials when accessing
SharePoint Online sites. It is strongly recommended that administrators warn
users that, when responding to these prompts, do not click on “Remember My
Password”. Additionally, close the browser or log-out of SharePoint each time a
site is accessed in this way..
If your user does click “Remember My Password”, the SharePoint will be accessible to anyone using Windows credentials on that computer until the authentication credentials are removed. Authentication credentials can be removed from the “Stored User Names and Passwords” section of “Windows User Management” in Windows Vista.
Microsoft® Office Live Meeting Service
For information about specific features of the Microsoft® Office Live Meeting Service, see the Microsoft® Office Live Meeting 2007 Privacy Statement.
Microsoft® Exchange Hosted Services
For information about specific features of the Microsoft® Exchange Hosted Services, see the Exchange Hosted Services Privacy Statement.