Please follow the following guidelines for email marketing campaigns:

• Use an approved system for sending promotional emails. All electronic promotional communications, including newsletters, must be sent using an internally approved system (e.g., Exact Target for most commercial audiences; CIMS for consumer audiences) for the intended audience.
• Email campaigns must be sent using one of the following two domains: (a) Microsoft.com or (b) Email.microsoft.com.
• Ensure the promotional email contains proper header and footer details – ask your Microsoft business privacy contact to provide you with such requirements.
• All emails must be reviewed and approved by the Microsoft business privacy contact.
• Transactional or Mandatory Communications. Some transactional or mandatory service electronic communications may contain some promotional materials. Ask your Microsoft business privacy contact for requirements.

Please follow these guidelines for direct mail marketing campaigns:

• All direct mail marketing materials must contain the URL for the applicable Microsoft privacy statement.
• An offline privacy statement (hard copy) must be available to customers or partners where we request and collect personal information (e.g., a business reply card). See Privacy Statement Templates.
• All direct mail marketing materials must contain the appropriate unsubscribe language. For direct mail promotional communications sent outside North America, the Microsoft privacy expert who supports your Microsoft client should provide the appropriate language to include in the mail. For the United States and Canada, you can use the following unsubscribe language.
  • United States: "If you prefer not to receive future promotional mailings of this type from Microsoft, please send this mailing back to the sender with the following text visible to the recipient: "return to sender" and "unsubscribe me from your list". We will promptly update your contact preferences; however, please be aware you may still receive previously initiated promotional communications from Microsoft."
  • Canada: "If you prefer not to receive future promotional mailings of this type from Microsoft, you may contact Microsoft at 1 (877) 568-2495 or privca@microsoft.com. We will promptly update your preferences; however, you may still receive previously initiated promotional communications from Microsoft."

When Microsoft collects any customer or partner information, Microsoft must provide appropriate notice and obtain appropriate consent for how Microsoft intends to use the personal information. By providing notice and obtaining consent, we gather information about our customer and partner’s contact preferences. Please note:

• Many countries have specific laws regarding notice and consent requirements. Your Microsoft client can access resources on LCA Web for further details regarding these requirements.
• Contact Preferences must be accurately maintained in Microsoft’s systems. Changes to contact preferences should be updated in Microsoft’s systems as soon as possible. In some countries, there are specific time requirements for maintaining the accuracy of contact preferences. Ask your Microsoft client for more details.
• Contact preferences should be obtained for different types of communications. There may be different requirements for the collection and use of certain types of information. For example, the use of mobile phone numbers for text messaging may have different requirements than the use of email addresses.
• Please discuss contact preference requirements with your Microsoft client.

Microsoft has specific guidelines for the execution of “Tell-a-friend” or “Refer-a-friend” marketing campaigns.

• Microsoft may not use an incentive to promote use of the tell-a-friend feature. Incentives such as a free download, a discount on a purchase, or an entry into a sweepstakes are all prohibited. Work with your Microsoft client for further guidance.
• Such campaigns should use the e-mail client on the referrer's machine to facilitate the referral.
• If refer-a-friend email features are being used as a component of a marketing campaign and the emails are being sent by Microsoft on behalf of users: (a) frequency controls must be in place so that recipients do not receive more than 3 emails per campaign and (b) we must filter emails against our Do Not Contact lists.
• If a Web-based mechanism is used to collect the recipient e-mail address(es) and deliver the messages, then the following additional requirements must be met:
  • Block the number of referrals an individual may provide to no more than 10. This restriction is to discourage abuse. Include language such as the following: "To send this information to up to 10 of your colleagues, please complete the following form and click the Forward E-mail button."
  • Do not retain the e-mail addresses of the referred individuals. Recipients can be invited to respond to the e-mail message in some manner to voluntarily consent to the collection and use of their personal information, provided that the collection and use of that personal information is in accordance with Microsoft privacy policies.
• Before sending the e-mail, the referring individual must be given prominent notice that we will use the e-mail addresses of his/her friends only for the purpose of sending a one-time communication to the recipients, and will not use them for any other purpose without the consent of the recipient. The referring individual must also receive notice that his/her name will be used in the "From" line of the e-mail message. Include the following notice on the Web page:
  "Neither you nor your friend(s) will be contacted by Microsoft as a result of forwarding this mail. The e-mail address(es) you enter in the "To" line will not be retained after the mail is sent. The e-mail message(s) sent will appear to have come from the e-mail address entered in the "From" line above."
• The recipients of the e-mail must receive notice about why they are receiving the message. Include the following notice at the top of the forwarded e-mail:
  "This message has been sent at the request of the person whose name appears in the "From" line of this e-mail. Microsoft will not use or retain your e-mail address for any other purpose as a result of this referral."

Microsoft has specific guidelines for the collection of personal information (including leads).

When the personal information is collected by Microsoft the following requirements apply:

• Follow the guidelines in the Vendor Privacy Toolkit to draft the appropriate privacy statement.
• Prominently post the privacy statement in the event booth, onsite registration desk or anywhere that personal information is collected.
• Display a prominent sign with large type that is clearly visible to event attendees notifying them that they will receive communications from Microsoft if they swipe their attendee badge in our booth. For example:
  "If you swipe your badge, we may send you information about Microsoft products and services."

When the personal information is collected by sponsors or exhibitors the following requirements apply:

• Ensure that sponsors and exhibitors sign the appropriate sponsorship or exhibitor agreement.
• Verify that sponsors and other exhibitors display a prominent privacy statement in their booth.
• Ensure that any personal information transferred to sponsors or exhibitors is transferred in a secure manner.

When the personal information is sent to Microsoft from a third-party-led event, at least one of the following requirements must be met:

• The attendee must opt-in to data-sharing with Microsoft (e.g. on a registration form);
• The attendee swiped their badge at a Microsoft booth or table; or
• The attendee takes a clear action indicating that they want to be contacted by Microsoft.

Microsoft has clear guidelines on the use and implementation of surveys.

• If sending an e-mail invitation to the survey, include the following:
  • A statement explaining that the research is being conducted for Microsoft:
    "This e-mail was sent on behalf of Microsoft Corporation through [name of vendor], a marketing research firm commissioned by Microsoft to conduct this study. For information about [name of vendor] relationship with Microsoft, please see [insert Microsoft URL or provide Microsoft e-mail address so recipient can contact Microsoft to verify the survey is legitimate]."
  • A link to the survey privacy statement:
    "Microsoft is committed to protecting your privacy. Please click on the following link to review the [name of survey] privacy statement: [insert link to privacy statement]."
  • Unsubscribe language (ask your Microsoft client for further guidance).
  • A valid postal address for Microsoft located in the footer of the e-mail.
• Draft a privacy statement using the appropriate survey privacy statement template in this Vendor Privacy Toolkit.
• Follow the additional guidance for vendor-hosted Web sites in this Vendor Privacy Toolkit.

Note: If conducting a blind survey, Microsoft customer or partner data may not be used and the above requirements are not applicable. Whenever Microsoft data is used, it must be disclosed that the survey is being conducted on behalf of Microsoft. Please discuss details with the Microsoft Privacy contact.

These campaigns must be reviewed by a Microsoft Privacy contact.

Many times the data collected through a sweepstakes, contest or giveaway cannot be used for further contact because the right privacy notices and consents were not obtained. Be prepared in advanced for what those requirements are so tight turnarounds don’t restrict further data uses.

Direct your Microsoft client to review the LCA Web site for guidelines on promotions and giveaways: http://lcaweb/AdLaw/Promotions/Pages/Default.aspx

When collecting data offline such as through event evaluations, business reply cards, and contest entries, a condensed privacy statement may be used. The privacy statement must accurately disclose the data collection and use practices of the activity. You may use the following template and customize the bolded and italicized text as necessary. Please consult with your Microsoft client if changes are required.

Privacy Statement. At Microsoft, we are committed to protecting your privacy. Microsoft uses the information you provide on this form to notify you of important information about our products, upgrades and enhancements, and to send you information about other Microsoft products and services. Microsoft will not share the information you provide with third parties without your permission except where necessary to complete the services or transactions you have requested, or as required by law. Microsoft is committed to protecting the security of your personal information. We use a variety of security technologies and procedures to help protect your personal information from unauthorized access, use, or disclosure. Your personal information is never shared outside the company without your permission, except under conditions explained above.

If you believe that Microsoft has not adhered to this statement, please contact Microsoft by sending email to insert email alias that will address questions about the privacy statement or postal mail to insert postal alias that will address questions about the privacy statement.