Microsoft Cloud Germany Privacy Statement
Last updated: October 2016
This privacy statement applies to the Microsoft Cloud Germany online services and related offerings that display or link to this notice (the “German Online Services”). It governs the privacy practices of both Microsoft and Data Trustee (T-Systems International GmbH, a subsidiary of Deutsche Telekom AG) (collectively “we” or “us”) with respect to the German Online Services.
Microsoft’s marketing sites and other public websites associated with the German Online Services are governed by the Microsoft.com privacy statement.
Many German Online Services are intended for use by organisations. If you use an email address provided by an organisation that you are affiliated with, such as an employer, school or university, to access the German Online Services, the owner of the domain associated with your email address may: (i) control and administer your German Online Services account and (ii) access and process your data, including the contents of your communications and files. Your use of the German Online Services may be subject to your organisation’s policies, if any. If your organisation is administering your use of the German Online Services, please direct your privacy enquiries to your administrator. We are not responsible for the privacy or security practices of our customers, which may differ from those set forth in this privacy statement.
When you use social features of the German Online Services, other users in your network may see some of your activity. To learn more about the social features and other functionality, please review documentation specific to the Online Service.
The German Online Services enable you to purchase, subscribe to or use other products and online services from Microsoft or third parties with different privacy practices, and those other products and online services will be governed by their respective privacy statements and policies.
Customer Data will only be used to provide customer with the German Online Services including purposes compatible with providing those services. For example, we may use Customer Data to provide a personalised experience, improve service reliability, combat spam or other malware, or improve features and functionality of the German Online Services. We will not use Customer Data or derive information from it for any advertising or similar commercial purposes. “Customer Data” means all data, including all text, sound, video or image files, and software, that are provided to us by, or on behalf of, you or your end users through use of the German Online Service. Customer Data is not Administrator Data, Payment Data or Support Data.
Data Trustee will control all access to Customer Data other than access initiated by you or your end users. Microsoft (including Microsoft’s subcontractors) will not have access to Customer Data except:
- When such access is granted by Data Trustee for the limited purpose of Microsoft resolving a customer support incident or problem with the German Online Services or where such access is required for Microsoft to perform maintenance or improvements to the German Online Services. In those limited circumstances, Data Trustee will grant such access only for the duration necessary to resolve the issue. Data Trustee will monitor the access given and terminate the access when the issue is resolved. Or
- When such access is granted by you directly to Microsoft for assistance with resolving a customer support incident (for example, sharing desktop with a Microsoft support engineer or emailing a Microsoft support engineer a file).
For more information about the features and functionality that enable you to control Customer Data, please review documentation specific to the German Online Service.
Administrator Data is information provided to us during sign-up, purchase or administration of the German Online Services. Administrator Data includes the name, address, phone number and email address you provide, as well as aggregated usage information related to your account and administrative data, such as the controls you select, associated with your account. We use Administrator Data to provide the German Online Services, complete transactions, service the account, and detect and prevent fraud.
Microsoft may use Administrator Data to contact you to provide information about your account, subscriptions, billing and updates to the German Online Services, including information about new features, security or other technical issues. We may also contact you regarding third-party enquiries that we receive regarding use of the German Online Services, as described in your agreement. You will not be able to unsubscribe from these non-promotional communications.
Subject to your contact preferences, Microsoft may also contact you regarding information and offers about other products and services, or share your contact information with Microsoft’s partners. You may manage your contact preferences or update your information in your account profile.
Administrator Data may also include contact information of your colleagues and friends if you agree to provide it to Microsoft for the limited purpose of sending them an invitation to use the German Online Services; we may contact those individuals with communications that may include information about you, such as your name and profile photo.
Customers who make online purchases will be asked to provide information, which may include payment instrument number (e.g. credit card), name and billing address, the security code associated with the payment instrument, organisational tax ID and other financial data (“Payment Data”). We use Payment Data to complete transactions, as well as to detect and prevent fraud. When you provide Payment Data while logged in, we will store that data to help you complete future transactions.
You may update or remove the payment instrument information associated with your Microsoft account by logging in at https://commerce.microsoft.com. You may remove the payment instrument information associated with other accounts by contacting customer support. After you have closed your account or removed a payment instrument, however, Microsoft may retain your payment instrument data for as long as reasonably necessary to complete transactions, to comply with Microsoft’s legal and reporting requirements, and to detect and prevent fraud.
Support Data is the information we collect when you contact or engage Microsoft for support. It includes information you submit in a support request or provide when you run an automated troubleshooter. It may also include information about hardware, software and other details gathered related to the support incident, such as contact or authentication information, chat session personalisation, information about the condition of the machine and the application when the fault occurred and during diagnostics, system and registry data about software installations and hardware configurations, and error-tracking files. In addition to using Support Data to resolve your support incident, we use Support Data to operate, improve and personalise the products and services we offer.
Support may be provided through phone, email or online chat. With your permission, we may use Remote Access (“RA”) to temporarily navigate your machine or, for certain German Online Services, you may add a support professional as an authorised user for a limited duration to view diagnostic data in order to resolve a support incident. Phone conversations, online chat sessions or RA sessions with support professionals may be recorded and/or monitored.
Following a support incident, we may send you a survey about your experience and offerings. You must opt out of support surveys separately to other communications provided by Microsoft by contacting Support or through the email footer. To review and edit your personal information collected through our support services, please contact us by using our web form.
Some business customers may purchase enhanced support offerings (e.g. Premier). These offerings are covered by separate terms and notices.
Cookies and similar technologies
Some German Online Services may require, or may be enhanced by, the installation of local software (e.g. agents, device management applications) on a device. This section of the Privacy Statement governs your use of local software provided by Microsoft for use with the German Online Services that does not have its own privacy statement.
At your direction, the local software may transmit (i) data, which may include Customer Data, from a device or appliance to or from the German Online Services; or (ii) logs or errors reports to Microsoft for troubleshooting purposes. The local software may also collect data about the use and performance of the local software or the German Online Services that may be transmitted to Microsoft and analysed to improve the quality, security and integrity of the products and services we offer.
Use of Subcontractors
Microsoft may hire subcontractors to provide services on its behalf. Any such subcontractors will only be permitted to obtain data from the German Online Services in order to deliver the services Microsoft has retained them to provide and will be prohibited from using data for any other purpose. Microsoft subcontractors are subject to the same restrictions around access to Customer Data as is Microsoft (detailed above).
Data Trustee may not use subcontractors without written approval by Customer. Data Trustee may use certain German affiliates as identified in the agreement between you and Data Trustee and will ensure such affiliates comply with applicable requirements, including processing Customer Data subject to German law.
Disclosure of Data
Because Microsoft will have no access to Customer Data except when such access is granted and monitored by Data Trustee or customer, Microsoft cannot and will not disclose Customer Data to any third party (including law enforcement) without approval by Data Trustee or you.
If Microsoft receives a request from a third party for Customer Data, Microsoft will inform the third party that Microsoft does not have access to Customer Data and will ask the third party to contact Data Trustee and/or you.
Data Trustee will not disclose Customer Data to third parties except (1) as you direct, (2) as described in the agreement between you and Data Trustee or (3) as required by German law.
Data Trustee will not disclose Customer Data to law enforcement unless required by German law. If compelled to disclose Customer Data to law enforcement, then Data Trustee will promptly notify you and provide a copy of the demand unless legally prohibited from doing so.
Upon receipt of any other third-party request for Customer Data (such as requests from customer’s end users), Data Trustee will promptly notify you unless prohibited by law. If Data Trustee is not required by law to disclose the Customer Data, Data Trustee will reject the request. If the request is valid and Data Trustee could be compelled to disclose the requested information, Data Trustee will ask the third party to request the Customer Data from you. If a data subject requests access to its data, Data Trustee will forward such request to you.
Subject to the above, Data Trustee will not provide any third party with: (1) direct, indirect, blanket or unfettered access to Customer Data; (2) the platform encryption keys used to secure Customer Data or the ability to break such encryption; or (3) any kind of access to Customer Data if Data Trustee is aware that such data is used for purposes other than those stated in the request.
In support of the above, we may provide your basic contact information to the third party.
We will not disclose Administrator Data, Payment Data or Support Data outside of Microsoft, Data Trustee or our respective controlled subsidiaries and affiliates, except (1) as you direct, (2) with permission from an end user, (3) as described here or in your agreement(s), or (4) as required by law. We may share Administrator Data or Payment Data with third parties for purposes of fraud prevention or to process payment transactions.
The German Online Services may enable you to purchase, subscribe to or use services, software and content from companies other than Microsoft (“Third-party Offerings”). If you choose to purchase, subscribe to, or use a Third-party Offering, we may provide the third party with your Administrator Data or Payment Data. Subject to your contact preferences, the third party may use your Administrator Data to send you promotional communications. Use of that information and your use of a Third-party Offering will be governed by the third party’s privacy statement and policies.
We are committed to helping protect the security of your information. We have implemented and will maintain appropriate technical and organisational measures intended to protect your information against accidental loss, destruction or alteration; unauthorised disclosure or access; or unlawful destruction.
For more information about the security of the German Online Services, please visit the German Online Services Trust Center(s) or documentation.
Customer Data will be stored solely within Germany. The German Online Services do not control or limit the regions from which you or your end users may access or move Customer Data. Where Microsoft is provided with access to Customer Data by Data Trustee or you (as set forth above), Microsoft may do so from outside of Germany subject to the restrictions and commitments set forth in your agreement (for example, EU Standard Contractual Clauses).
Microsoft may offer preview, beta or other pre-release features and services (“Previews”) for optional evaluation. Previews may employ lesser or different privacy and security measures than those typically present in the German Online Services. Microsoft may contact you to obtain your feedback about the Preview or your interest in continuing to use it after general release.
Changes to this Privacy Statement
We will occasionally update our privacy statements to reflect customer feedback and changes in our German Online Services. When we post changes to a statement, we will revise the “last updated” date at the top of the statement. If there are material changes to the statement or in how we will use German Online Services information, we will notify you either by posting a notice of such changes before they take effect or by sending you a notification directly. In the event of a conflict between the terms of any agreement(s) between you and Microsoft or the Data Trustee and this privacy statement, the terms of those agreement(s) will control. We encourage you to periodically review the privacy statements for the products and services you use to learn how we are protecting German Online Services information.
How to contact us
We welcome your comments. If you believe that Microsoft is not adhering to its privacy or security commitments, please contact us through Customer Support or our Privacy web form. Our postal address is:
Microsoft German Online Services Privacy
One Microsoft Way
Redmond, Washington 98052 USA
Microsoft Ireland Operations Limited is our data protection representative for the European Economic Area and Switzerland. The data protection officer of Microsoft Ireland Operations Limited can be reached at the following address:
Microsoft Ireland Operations, Ltd.
Attn: Data Protection
Sandyford, Dublin 18, Ireland
To find the Microsoft subsidiary in your country or region, see http://www.microsoft.com/worldwide/.
The privacy representative for Data Trustee can be reached at the following address:
Deutsche Telekom AG
Konzerndatenschutz / Group Privacy
Konzernbeauftragter für den Datenschutz / CPO
Dr Claus-Dieter Ulmer
D-53113 Bonn, Germany