We care about your privacy
We will give you additional privacy information that is specific to a product or service in Supplements to this Policy and other notices you may see while using our products or services. If there is a difference between such notices and this Policy, the notices should be considered first. Further, you may find information on the Windows Phone operating system here. Please note that not all features are available on all devices (for example, some features are not available on phones with limited memory, or phones without mobile voice services or mobile data), all networks or in all regions.
Software on your device may access your information. Our products or services may contain links to other companies’websites and services that have privacy policies of their own. Microsoft is not responsible for the privacy practices of others and we recommend you read their privacy notices.
If you do not agree with this Policy, do not use our products and services or provide Microsoft with your personal data.
What Information Do We Collect?
We collect your personal data and other information when you make a purchase, use or register into our products and services, take part in campaigns or research or otherwise interact with us. This includes following categories:
- Product and service activations Microsoft products and services may require electronic activation, where your device and application type, as well as unique device, application, network and subscription identifiers are sent to Microsoft. Depending on your device model and settings, device location at the time of the first power up may also be collected.
Our applications may contact our servers periodically, for example to check for updates or to send us information relating to service usage. Additionally, we may invite you to join voluntary product and service improvement or research programs where detailed information is collected. See Supplements to this Policy for more details.
- Information you provide us with When you create an account, make a purchase, request services, participate in research or campaigns or otherwise interact with us, we may ask for information such as your name, email address, phone number, street address, user names and passwords, feedback, information relating to your devices, age, gender, and language, bank account number, credit card details and other such financial information.
We also maintain records of your consents, preferences and settings relating to, for example, location data, marketing and sharing of personal data.
- Your transactions with us We maintain records of your purchases, downloads, the content you have provided us with, your requests, agreements between you and Microsoft, the products and services provided to you, payment and delivery details, your contacts and communications and other interactions with us. We may, in accordance with applicable law, record your communication with our customer care or with other such contact points.
- Positioning and Location data Location-based services establish location through the use of satellite, mobile, Wi-Fi or other network based positioning methods. These technologies may involve exchanging your location data and unique device and mobile, Wi-Fi or other network related identifiers with Microsoft. Our products may operate on multiple device platforms, applications and services which may also collect your location data. We do not use this information to identify you personally without your consent.
When you use our location based services and features, for example location based search, navigation and routing, or request for map data, your location data is sent to Microsoft to serve you with the right content, which may also include location based advertising.
Why Do We Process Personal Data?
Microsoft may process your personal data for the following purposes. One or more purposes may apply simultaneously.
- Providing products and services We may use your personal data to provide you with our products and services, to process your requests or as otherwise may be necessary to perform the contract between you and Microsoft, to ensure the functionality and security of our products and services, to identify you as well as to prevent and investigate fraud and other misuses.
- Accounts Some services may require an account to help you manage your content and preferences.
- Developing and managing products and services We may use your personal data to develop and manage our products, services, customer care, sales and marketing. We may combine personal data collected in connection with your use of a particular Microsoft product and/or service with personal data collected by other Microsoft products and services, unless such personal data was collected for a different purpose.
- Communicating with you We may use your personal data to communicate with you, for example to inform you that our services have changed or to send you critical alerts and other such notices relating to our products and/or services and to contact you for customer care related purposes.
- Marketing, advertising and making recommendations We may contact you to inform you of new products, services or promotions we may offer and to conduct market research when we have your consent or it is otherwise allowed. We may use your personal data to personalise our offering and to provide you with more relevant services, for example, to make recommendations and to display customised content and advertising in our services. This may include displaying Microsoft and third party content.
Do We Share Personal Data?
We do not sell, lease, rent or otherwise disclose your personal data to third parties unless otherwise stated below.
- Your consent and social sharing services We may share your personal data if we have your consent to do so. Some services may allow you to share your personal data with other users of the service or with other services and their users. Please consider carefully before disclosing any personal data or other information that might be accessible to other users.
- Microsoft companies and authorized third parties We may share your personal data with other Microsoft companies or authorized third parties who process personal data on behalf of Microsoft for the purposes described in this Policy. This may include for example billing through your network service provider or otherwise, delivery of your purchases, providing services including customer service, managing and analysing consumer data, credit checks, conducting research and managing marketing and other such campaigns. When you purchase a Microsoft product from us with a network service provider plan, we may need to exchange information with your network service provider to provide you with such service.
We may conduct joint marketing and other communications with our partners, for example your mobile operator. To avoid duplicate or unnecessary communications and to tailor the message to you we may need to match information that Microsoft has collected with information that the partner has collected where this is permitted by law.
These authorised third parties are not permitted to use your personal data for any other purposes. We require them to act consistently with this Policy and to use appropriate security measures to protect your personal data.
Mandatory Disclosures we may access, disclose and preserve your personal information, including your private content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to:
(1) comply with applicable law or respond to valid legal process from competent authorities, including from law enforcement or other government agencies;
(2) protect our customers, for example to prevent spam or attempts to defraud users of the services, or to help prevent the loss of life or serious injury of anyone;
(3) operate and maintain the security of our services, including to prevent or stop an attack on our computer systems or networks; or
(4) protect the rights or property of Microsoft, including enforcing the terms governing the use of the services – however, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property of Microsoft, we will not inspect a customer’s private content ourselves, but we may refer the matter to law enforcement.
Mergers and Acquisitions If we decide to sell, buy, merge or otherwise reorganise our businesses in certain countries, this may involve us disclosing personal data to prospective or actual purchasers and their advisers, or receiving personal data from sellers and their advisers.
How Do We Address The Privacy of Children?
Microsoft products and services are typically intended for general audiences. Microsoft does not knowingly collect information of children without the consent of their parents or guardians. Microsoft publishes safety guidelines for using internet services in our websites.
How Do We Address Data Quality?
We take reasonable steps to keep the personal data we possess accurate and to delete incorrect or unnecessary personal data.
We encourage you to access your personal data through your account from time to time to ensure that it is up to date.
What Steps Are Taken To Safeguard Personal Data?
Privacy and security are key considerations in the creation and delivery of our products and services. We have assigned specific responsibilities to address privacy and security related matters. We enforce our internal policies and guidelines through an appropriate selection of activities, including proactive and reactive risk management, security and privacy engineering, training and assessments. We take appropriate steps to address online security, physical security, risk of data loss and other such risks taking into consideration the risk represented by the processing and the nature of the data being protected. Also, we limit access to our data bases containing personal data to authorised persons having a justified need to access such information.
What Are Your Rights?
You have a right to know what personal data we hold about you. You have a right to have incomplete, incorrect, unnecessary or outdated personal data deleted or updated. You have a right to unsubscribe from direct marketing messages and to request that we stop processing your personal data for direct marketing purposes or on other compelling legal grounds. However, if you opt-out from marketing and other communications from Microsoft, critical alerts may still be sent to you.
You may exercise your rights by contacting us or by managing your account and choices through available profile management tools on your device and our services. In some cases, especially if you wish us to delete or stop processing your personal data, this may also mean that we may not be able to continue to provide the services to you.
Who Is The Controller of Your Personal Data?
Microsoft Mobile Oy of Keilalahdentie 4, 02150 Espoo, Finland is the controller of your personal data collected under this Policy. In addition, the Microsoft affiliate providing the product or service may be a controller of your personal data. You may find the identity of the controller and its contact details by reviewing the terms and conditions of such a product or service or by using contact information provided in the applicable Microsoft websites.
In matters pertaining to Microsoft Mobile’s privacy practices you may also contact us at:
Microsoft Mobile Oy.
International transfer of personal data and U.S. Safe Harbor Privacy Framework
- Personal information collected on Microsoft sites and services may be stored and processed in the United States or any other country where Microsoft or its affiliates, subsidiaries or service providers maintain facilities. Therefore your personal data may be transferred across international borders outside the country where you use our services, including to countries outside the European Economic Area (EEA) that do not have laws providing specific protection for personal data or that have different legal rules on data protection. In such cases we ensure that there is a legal basis for such a transfer and that adequate protection for your personal data is provided as required by applicable law, for example, by using standard agreements approved by relevant authorities (where necessary) and by requiring the use of other appropriate technical and organisational information security measures.
- Microsoft abides by the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of data from the European Economic Area, and Switzerland. To learn more about the Safe Harbor program, and to view our certification, please visit http://www.export.gov/safeharbor/.
We will occasionally update this Policy to reflect changes in our products and services, and to clarify our practices based on experience and customer feedback. When we make changes, we will revise the "last updated" date at the top of this statement. If there are material changes to this statement or in how Microsoft will use your information, we will notify you either by prominently posting a notice of such changes prior to implementing the change or by directly sending you a notification. We recommend that you re-visit this Policy from time to time to learn of any such changes to this Policy.