Your Privacy Matters
We respect the privacy of your data.
Privacy is one of the foundations of Trustworthy Computing at Microsoft. We have a longstanding commitment to privacy, which is an integral part of our product and service lifecycle. We work to be transparent in our privacy practices, offer customers meaningful privacy choices, and responsibly manage the customer data we handle.
The Microsoft Privacy Principles, our specific privacy statements, and our internal privacy standards guide how we collect, use, and protect customer data. General information about Microsoft’s approach to privacy is available from the Microsoft Privacy Web site.
Data collection & use limits
Microsoft Customer Service and Support (“CSS”) collects and uses enterprise customer data for the purpose of providing support services.
The following chart outlines the various ways we may collect data, and provides examples of the types of data collected:
|Means of Collection||Examples of Enterprise Data Collected|
|Phone or Online Chat||When a customer contacts CSS, he or she may provide us with data such as name, phone number, email address, and a description of the support issue.|
|Remote Access (“RA”)||Accessing customer systems remotely with customer permission via a Microsoft approved tool to view desktop or server configurations over an encrypted channel so as to resolve support issues.|
|Secure File Transfer tool ("SFT")||Receipt of customer data via Microsoft's "SFT", if support issues cannot be resolved by remote access. Resolution may require that the customer upload data via the encrypted SFT tool, such as system configuration or trace data.|
|Automated Troubleshooter||Automated Troubleshooter may extract data about hardware, software, and other details related to the support incident, such as contact or authentication data, chat session personalization, data about the condition of the computer and the application when the fault occurred and during diagnostics, system and registry data about software installations and hardware configurations, and error-tracking files. |
|Recordings||Phone conversations, online chat sessions, or RA sessions with support professionals may be recorded and/or monitored. For RA, customers may also access the recording after the session.|
CSS may use this customer data in the following ways:
DATA USE CHART
| ||Customer Contact Data||Customer Data||Customer Private Data|
|Providing Support||Yes||Yes||Yes, only as necessary|
|Communications (Advice, Surveys, Security Bulletins)||Yes1||No||No|
|Voluntary Disclosure to Law Enforcement||No||No||No|
1Following a support incident, we may send you a survey about your experience. We may also send service communications such as information on technical service issues, and security announcements.
2Advertising is the promotion of third party goods and services within the service, or the transfer of data about our customers to third parties for the purposes of such advertising.
Definitions of the types of customer data we collect
Customer Contact Data – Personal data limited to business contact details of any employee of a customer who is contacting CSS regarding the services being provided to the customer (e.g., name, email, phone number of customer’s business representative).
Customer Data - means all other data, including all text, sound, software, or image files that are provided to CSS by or on behalf of customer in connection with support service.
Customer Private Data – Sub-set of customer data that, if exposed, may lead to security vulnerabilities (e.g. passwords, certificates) or identity theft (e.g., billing or financial info), or information that may be used in a discriminatory manner (i.e., health information). This information is generally not sent to CSS or is sent with increased security.
Frequently asked questions
- What is your policy on using customer credentials sent to Microsoft Services to troubleshoot an issue?
As a valued Microsoft customer, you have entrusted us to help protect your data and your information. We value this trust, and the privacy and security of your data is one of our top concerns. That is why we do not request or accept your account credentials to troubleshoot issues on your behalf. Because the protection of your data is so important to us, should such information be sent to us a part of a support transaction, we will also request that you delete the account credentials you send us.
- There have been many media reports that Microsoft provides Government access to customer’s data, is that true?
Customers around the world have serious questions and concerns as a result of recent disclosures about government surveillance. We share many of these concerns. We are especially alarmed by recent allegations in the press of a broader and concerted effort by some governments to circumvent online security measures – and in our view, legal processes and protections – in order to surreptitiously collect private customer data. Regardless of whether all of these reports are true and completely accurate – and many of the initial reports were not – there’s no question that trust in the security and privacy of online communications has been undermined. We take our customers’ privacy - and earning their trust - seriously and we have clear principles for managing and securing this data. It is the right thing to do and it is in our own business interest. Please visit this link to read more about Microsoft’s position on this topic of Government access to data.
- What happens if law enforcement requests my data held by Microsoft CSS? What does Microsoft CSS do when subpoenaed or legally mandated to produce customers' data?
We believe that our customers should control their own data to the greatest extent possible. Accordingly, if a government entity, such as law enforcement, approaches CSS directly for data stored on behalf of our customers, we will first redirect the entity to the customer to afford it the opportunity to determine how to respond.
We will endeavor to only release data to such entities when we are legally required to do so, and we will limit the data we disclose to only the data required to comply with the legal request. Finally, we will use commercially reasonable efforts to notify a business customer in advance of any production, unless legally prohibited from doing so.
- Does Microsoft CSS share customer data with Microsoft sales and marketing teams?
We prohibit secondary use of Customer Data, such as use for advertising purposes. For example, our sales and marketing personnel are not allowed to access the CSS case management tools to assist with marketing. The prohibition against secondary use of Customer Data is enforced through policy, training and access controls.
- Does Microsoft CSS share customer data with 3rd party Advertisers?
We do not transfer data about our customers to third parties for the purposes of advertising.