Microsoft Azure Privacy Statement

Last updated: April 2014

Scope

Microsoft Azure is a cloud services platform that enables you to build, deploy, and manage applications and store data across a global network of Microsoft-managed data centers. This notice applies to the use of those services and any other Microsoft services that display or link to this notice. These services are referred to in this statement collectively as the "Services." For more information about the functionality of particular features, please review the service documentation available on the Azure Developer Center.

The Services may enable you to purchase, subscribe to, or use other products and services from Microsoft or third parties with different privacy practices. Your use of other products and services, and any information you provide to a third party, is governed by their privacy statements and policies.

Notice to users: This privacy statement is written for the organization or company (our "customer") that contracts with Microsoft for the Services. All references to "you" or "your" in this privacy statement are to our customers, who in turn, may use the Services to develop and host their own services for users. Any information Microsoft collects or handles in such circumstances is processed by us on behalf of our customer, who controls the collection and use of the information. End users should direct privacy-related requests to the entity providing their service. Microsoft is not responsible for the privacy practices of our customers.

Customer data

Customer Data is all the data, including all text, sound, software, or image files that you provide, or are provided on your behalf, to us through your use of the Services. For example, Customer Data includes data that you upload for storage or processing in the Services and applications that you or your users upload for hosting in the Services. It does not include configuration or technical settings.

We use Customer Data only to provide the Services. This may include troubleshooting aimed at preventing, detecting, and repairing problems affecting the operation of the Services and the improvement of features that involve the detection of, and protection against, emerging and evolving threats to the user (such as malware or spam).

Administrator data

Administrator Data is the information about administrators (including account contact and subscription administrators) provided during signup, purchase, or administration of the Services, such as name, address, phone number, and e-mail address.

We use Administrator Data to complete the transactions you request, administer your account, improve the Services, and help detect and prevent fraud.

We may contact you to provide information about new subscriptions, billing, and important updates about the Services, including information about security or other technical issues. We may also contact you regarding third-party inquiries we receive regarding your use of the Services, as described in your agreement(s). You will not be able to unsubscribe from these communications. Subject to your contact preferences, we may also contact you, by phone or e-mail, regarding information and offers about other products and services or to request your feedback.

You may manage your contact preferences or update your information in your account profile.

Payment data

When you make online purchases, you will be asked to provide information, which may include your payment instrument number (e.g., credit card, PayPal), your name and billing address, and the security code associated with your payment instrument (e.g., the CSV) and other financial data ("Payment Data").

We use Payment Data to complete transactions, as well as for the detection and prevention of fraud.

When you provide Payment Data while authenticated, we will store that data to help you complete future transactions without your having to provide the information again. We do not, however, retain the security code associated with your Payment instrument (e.g., the CSV) in this manner.

To remove or modify Payment Data, please contact Customer Support. After you close your account or remove Payment Data, however, Microsoft may retain your Payment Data for as long as reasonably necessary to complete your existing transaction and for the detection and prevention of fraud.

Support data

Support Data is the information we collect when you submit a support request or run an automated troubleshooter, including information about hardware, software, and other details related to the support incident, such as: contact or authentication information; chat session personalization; information about the condition of the machine and the application when the fault occurred and during diagnostics; system and registry data about software installations and hardware configurations; and error-tracking files.

Support may be provided through phone, e-mail, or online chat. We may use Remote Access (RA), with your permission, to temporarily navigate your machine. Phone conversations, online chat sessions, or Remote Access sessions with support professionals may be recorded and/or monitored. For RA, you may also access the recording after your session. For online chat or RA, you may end a session at any time of your choosing. We use Support Data as described in this privacy statement, and additionally use it to resolve your support incident and for training purposes.

Following a support incident, we may send you a survey about your experience and offerings. You must opt-out of support surveys separately from other communications provided by Microsoft, by contacting Support or through the e-mail footer.

To review and edit your personal information collected through our support services, please contact us by using our Web form.

Some business customers may purchase enhanced support offerings (for example, Premier support). These offerings are covered by separate terms and notices.

Cookies and other information

Some Azure websites use "cookies," which are small text files placed on a device’s hard disk by a web server. We may use cookies and similar technologies such as web beacons for storing users’ preferences and settings, for fraud prevention, to authenticate users, and to collect operational information about the Services.

Some of the cookies we commonly use are listed in the following chart. This list is not exhaustive, but it is intended to illustrate some of the reasons we set cookies. If users visit one of our websites, the site may set some or all of the following cookies:

Cookie nameDescription
session Sets a unique ID identifying the user session with windowsazure.com. It is used for site analytics and other operational purposes.
.ASPXAUTH Used for authentication purposes.
refreshRate Stores selected page refresh rate at windowsazurestatus.com.
hideServices Stores a list of services the user chooses to hide from current view at windowsazurestatus.com.
CURRENT_ACCOUNT_ID Identifies the Account ID of an enterprise customer in the Azure Enterprise portal.
SelectedMarket Identifies the region that the user selects for the Azure DataMarket.

In addition to the cookies Microsoft may set when you visit our websites, third parties that we have hired to provide certain services on our behalf, such as site analytics, may also set certain cookies on your hard drive when you visit Microsoft sites.

Learn more about how to control cookies and similar technologies.

Local software

Some features of Azure may enable or require that you install local software (e.g., agents). This software may collect data from your local environment in order to provide the services that you have requested. Local agents may also collect telemetry information that will be sent to Microsoft for operating and improving the Services. For more information about agents, please consult the relevant service documentation.

Sharing your information

We will not disclose Customer Data, Administrator Data, Payment Data or Support Data ("your information") outside of Microsoft or its controlled subsidiaries and affiliates except as you direct, or as described in your agreement(s) or this privacy statement.

  • We occasionally contract with other companies to provide services (such as customer support) on our behalf. We may provide these companies with access to your information where necessary for their engagement. These companies are required to maintain the confidentiality of your information and are prohibited from using it for any purpose other than that for which they are engaged by Microsoft.
  • We will not disclose Customer Data to a third party (including law enforcement, other government entity, or civil litigant; excluding our subcontractors) except as you direct or unless required by law. Should a third party contact us with a demand for Customer Data, we will attempt to redirect the third party to request it directly from you. As part of that, we may provide your basic contact information to the third party. If compelled to disclose Customer Data to a third party, we will use commercially reasonable efforts to notify you in advance of a disclosure unless legally prohibited.
  • Microsoft may share Administrator Data or Payment Data with third parties for purposes of fraud prevention or to process payment transactions.
  • The Services may enable you to purchase, subscribe to, or use services, software, and content from companies other than Microsoft ("Third Party Offerings"). If you choose to purchase, subscribe to, or use a Third Party Offering, we may provide the third party with your Administrator Data or Payment Data to enable the third party to provide its offering to you (and subject to your contact preferences, send you promotional communications). That information and your use of a Third Party Offering will be governed by the applicable privacy statement and policies from the third party.
  • We will not substantively respond to data protection and privacy requests from your users without your prior written consent, unless required by applicable law.

Security

For more information about the security of the Services, please visit the Microsoft Azure Trust Center.

Data location

You may specify the geographic region of the Microsoft data centers in which Customer Data will be stored. Microsoft may transfer Customer Data within a major geographic region (for example, within the United States or within Europe) for data redundancy or other purposes. Microsoft will not transfer Customer Data outside the major geographic region you specify (for example, from the United States to Asia or from Europe to the United States) except:

  • where you configure the account to enable this, including through use of features that may not enable regional selection or may use multiple regions, as specified in the Microsoft Azure Trust Center (which Microsoft may update from time to time but Microsoft will not add exceptions for existing features in general release); or
  • where necessary to provide customer support, to troubleshoot the service or to comply with legal requirements.

Microsoft does not control or limit the regions from which you or your users may access or move Customer Data.

Subject to the above restrictions, Customer Data that Microsoft processes on your behalf may be transferred to, and stored and processed in, the United States or any other country in which Microsoft or its affiliates or subcontractors maintain facilities. You appoint Microsoft to perform any such transfer of Customer Data to any such country and to store and process Customer Data in order to provide the Services. Microsoft abides by the EU Safe Harbor and the Swiss Safe Harbor frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of data from the European Union, the European Economic Area, and Switzerland.

Microsoft account

In order to access the Services, you or your users may be required to sign in with a Microsoft Account or another authentication mechanism. Use of Microsoft Account is subject to the privacy statement. By signing into one Microsoft service, you may be automatically signed into other Microsoft services that use these credentials.

Preview releases

Azure preview, beta or other pre-release services ("Previews") are optional evaluation versions of the Services offered by Microsoft to obtain customer feedback prior to general release. This section describes the different or additional terms specific to Previews:

  • Administrator Data: We may contact you to obtain your feedback about the Preview or your interest in continuing to use it after general release.
  • Customer Data: We may use Customer Data from Previews to improve the Preview, Services, and related Microsoft products and services.
  • Customer Data Location: Previews may not enable geographic regional selection or may use multiple geographic regions, as specified in the Microsoft Azure Trust Center.
  • Security: Previews may employ lesser or different security measures than those typically present in the Services. Some Customer Data may be particularly sensitive to you or your organization, and hence may require a level of security that Previews do not provide.

Changes to this Privacy Statement

We will occasionally update our privacy statements to reflect customer feedback and changes in our Services. When we post changes to a statement, we will revise the "last updated" date at the top of the statement. If there are material changes to the statement or in how Microsoft will use your information, we will notify you either by posting a notice of such changes before they take effect or by directly sending you a notification. We encourage you to periodically review the privacy statements for the products and services you use to learn how Microsoft is protecting your information.

How to contact us

Microsoft welcomes your comments. If you believe that Microsoft is not adhering to its privacy or security commitments, please contact through Customer Support or our Privacy web form. Our mailing address is:

Microsoft Privacy
Azure Platform Privacy
Microsoft Corporation
One Microsoft Way
Redmond, Washington 98052 USA

Microsoft Ireland Operations Limited is our data protection representative for the European Economic Area and Switzerland. The data protection officer of Microsoft Ireland Operations Limited can be reached at the following address:

Microsoft Ireland Operations, Ltd.
Attn: Data Protection
Carmenhall Road
Sandyford, Dublin 18, Ireland