Requirements for marketing campaigns

Microsoft's privacy policy describes 10 principles for the protection and appropriate use of our customers’ and partners’ information. These principles provide an umbrella to support specific privacy standards as well as business unit operating procedures and guidelines. This policy applies to all business operations across Microsoft.

To obtain more information about Privacy at Microsoft, please ask your Microsoft contact. Your Microsoft contact may access more information about privacy requirements at //privacy and may access a network of privacy experts within his/her organization.

  • Please follow the following guidelines for email marketing campaigns:

    • Use an approved system for sending promotional emails. All electronic promotional communications, including newsletters, must be sent using an internally approved system (e.g., Exact Target for most commercial audiences; CIMS for consumer audiences) for the intended audience.
    • Email campaigns must be sent using one of the following two domains: (a) or (b)
    • Ensure the promotional email contains proper header and footer details—ask your Microsoft business privacy contact to provide you with such requirements.
    • All emails must be reviewed and approved by the Microsoft business privacy contact.
    • Transactional or Mandatory Communications. Some transactional or mandatory service electronic communications may contain some promotional materials. Ask your Microsoft business privacy contact for requirements.
  • Please follow these guidelines for direct mail marketing campaigns:

    • All direct mail marketing materials must contain the URL for the applicable Microsoft privacy statement.
    • An offline privacy statement (hard copy) must be available to customers or partners where we request and collect personal information (e.g., a business reply card).
    • All direct mail marketing materials must contain the appropriate unsubscribe language. For direct mail promotional communications sent outside North America, the Microsoft privacy expert who supports your Microsoft client should provide the appropriate language to include in the mail. For the United States and Canada, you can use the following unsubscribe language.
      • United States: "If you prefer not to receive future promotional mailings of this type from Microsoft, please send this mailing back to the sender with the following text visible to the recipient: "return to sender" and "unsubscribe me from your list". We will promptly update your contact preferences; however, please be aware you may still receive previously initiated promotional communications from Microsoft."
      • Canada: "If you prefer not to receive future promotional mailings of this type from Microsoft, you may contact Microsoft at 1 (877) 568-2495 or We will promptly update your preferences; however, you may still receive previously initiated promotional communications from Microsoft."
  • When Microsoft collects any customer or partner information, Microsoft must provide appropriate notice and obtain appropriate consent for how Microsoft intends to use the personal information. By providing notice and obtaining consent, we gather information about our customer and partner’s contact preferences. Please note:

    • Many countries have specific laws regarding notice and consent requirements. Your Microsoft client can access resources on the LCA website for further details regarding these requirements.
    • Contact Preferences must be accurately maintained in Microsoft’s systems. Changes to contact preferences should be updated in Microsoft’s systems as soon as possible. In some countries, there are specific time requirements for maintaining the accuracy of contact preferences. Ask your Microsoft client for more details.
    • Contact preferences should be obtained for different types of communications. There may be different requirements for the collection and use of certain types of information. For example, the use of mobile phone numbers for text messaging may have different requirements than the use of email addresses.
    • Please discuss contact preference requirements with your Microsoft client.
  • Microsoft has specific guidelines for the execution of “Tell-a-friend” or “Refer-a-friend” marketing campaigns.

    • Microsoft may not use an incentive to promote use of the tell-a-friend feature. Incentives such as a free download, a discount on a purchase, or an entry into a sweepstakes are all prohibited. Work with your Microsoft client for further guidance.
    • Such campaigns should use the email client on the referrer's machine to facilitate the referral.
    • If refer-a-friend email features are being used as a component of a marketing campaign and the emails are being sent by Microsoft on behalf of users, frequency controls must be in place so that recipients do not receive more than 3 emails per campaign.
    • If a web-based mechanism is used to collect the recipient email address(es) and deliver the messages, then the following additional requirements must be met:
      • Block the number of referrals an individual may provide to no more than 10. This restriction is to discourage abuse. Include language such as the following: "To send this information to up to 10 of your colleagues, please complete the following form and click the Forward E-mail button."
      • Do not retain the email addresses of the referred individuals. Recipients can be invited to respond to the email message in some manner to voluntarily consent to the collection and use of their personal information, provided that the collection and use of that personal information is in accordance with Microsoft privacy policies.
    • Before sending the email, the referring individual must be given prominent notice that we will use the email addresses of his/her friends only for the purpose of sending a one-time communication to the recipients, and will not use them for any other purpose without the consent of the recipient. The referring individual must also receive notice that his/her name will be used in the "From" line of the email message. Include the following notice on the webpage:
      "Neither you nor your friend(s) will be contacted by Microsoft as a result of forwarding this mail. The email address(es) you enter in the "To" line will not be retained after the mail is sent. The email message(s) sent will appear to have come from the email address entered in the "From" line above."
    • The recipients of the email must receive notice about why they are receiving the message. Include the following notice at the top of the forwarded email:
      "This message has been sent at the request of the person whose name appears in the "From" line of this email. Microsoft will not use or retain your email address for any other purpose as a result of this referral."
  • Microsoft has specific guidelines for the collection of personal information (including leads).

    When the personal information is collected by Microsoft the following requirements apply:

    • Prominently post the offline privacy statement in the event booth, onsite registration desk or anywhere that personal information is collected from customers or potential customers. The privacy statement must be clearly visible at all times, and customers and potential customers must have an opportunity to read the statement before providing their name and contact information to Microsoft.
    • Please ensure that all names and contact information collected during events are kept confidential and secure at all times, and that your collection, use, and disclosure of this information fully complies with the applicable supplier agreement between you and Microsoft. Please also ensure that you track and disclose to Microsoft the contact information acquired at each separate event.

    When the personal information is collected by sponsors or exhibitors the following requirements apply:

    • Ensure that sponsors and exhibitors sign the appropriate sponsorship or exhibitor agreement.
    • Verify that sponsors and other exhibitors display a prominent privacy statement in their booth.
    • Ensure that any personal information transferred to sponsors or exhibitors is transferred in a secure manner.

    When the personal information is sent to Microsoft from a third-party-led event, at least one of the following requirements must be met:

    • The attendee must opt in to data-sharing with Microsoft (for example, on a registration form);
    • The attendee swiped their badge at a Microsoft booth or table; or
    • The attendee takes a clear action indicating that they want to be contacted by Microsoft.
  • Microsoft has clear guidelines on the use and implementation of surveys.
    • If sending an email invitation to the survey, include the following:
      • A statement explaining that the research is being conducted for Microsoft: "This email was sent on behalf of Microsoft Corporation through [name of supplier], a marketing research firm commissioned by Microsoft to conduct this study. For information about [name of supplier] relationship with Microsoft, please see [insert Microsoft URL or provide Microsoft email address so recipient can contact Microsoft to verify the survey is legitimate]."
      • A link to the survey privacy statement:
        "Microsoft is committed to protecting your privacy. Please click on the following link to review the [name of survey] privacy statement: [insert link to privacy statement]."
      • Unsubscribe language (ask your Microsoft client for further guidance).
      • A valid postal address for Microsoft located in the footer of the email message.
    • Draft a privacy statement using the appropriate survey privacy statement template in this Supplier Privacy Toolkit.
    • Follow the additional guidance for supplier-hosted websites in this Supplier Privacy Toolkit.

    Note: If conducting a blind survey, Microsoft customer or partner data may not be used and the above requirements are not applicable. Whenever Microsoft data is used, it must be disclosed that the survey is being conducted on behalf of Microsoft. Please discuss details with the privacy manager supporting your Microsoft client.

  • These campaigns must be reviewed by a Microsoft Privacy contact.
  • Many times the data collected through a sweepstakes, contest or giveaway cannot be used for further contact because the right privacy notices and consents were not obtained. Be prepared in advanced for what those requirements are so tight turnarounds don’t restrict further data uses.

    Direct your Microsoft client to review the LCA website for guidelines on promotions and giveaways: http://lcaweb/AdLaw/Promotions/Pages/Default.aspx

  • When collecting data offline such as through event evaluations, business reply cards, and contest entries, a condensed privacy statement may be used. The privacy statement must accurately disclose the data collection and use practices of the activity. You may use the following template and customize the bolded and italicized text as necessary. Please consult with your Microsoft client if changes are required.

    “If you give us your name and contact information, then you agree that Microsoft may use your name and/or contact information for [insert purpose—e.g., to contact you about Microsoft’s products, services, upgrades, events, and other promotions].  Microsoft will give you the chance to opt out of future promotional communications.  For example, when Microsoft contacts you for a promotional purpose, you may be presented with a link to an unsubscribe mechanism or with other instructions on how you may unsubscribe.  For more information about how Microsoft collects and processes your information, please go to and click on our privacy statement.”