Trust Center: Security, Privacy and Compliance Information for Office 365 and Microsoft Dynamics CRM Online

How We Use Your Data

It’s your data. You own the data you store and process with Microsoft® Office 365 and Dynamics CRM Online. We use your data only to provide the services you want.

We use your data for just what you pay us for: to maintain and provide Office 365 and Dynamics CRM Online services. We make it our policy to not use your data for other purposes. While some data may be stored or processed on systems used for both consumer and business services, our business services are designed and operated separately from Microsoft's consumer services. Microsoft does not scan emails or documents for advertising purposes.

 

Customer Data is all the data, including all text, sound, software or image files that you provide, or are provided on your behalf, to us through your use of the Services. Customer Data does not include Administrator Data, Payment Data or operational information about the Services.  See the Office 365 Privacy Statement.

Content is a subset of Customer Data.  Content is generally considered confidential information, and in normal service operation, is not sent over the Internet without encryption. Content includes, for example, Exchange Online e-mail body and attachments, SharePoint Online site content (not URL) and file body, instant messaging conversation body and voice conversation, and CRM files containing data about your end customer interactions.

How does Office 365 or Dynamics CRM Online use my data?

The following table explains how Microsoft uses your Office 365 and Dynamics CRM Online Customer Data:

Use of Office 365 & Dynamics CRM Online Customer Data

Customer Data (excluding Content)

Content

Operating and Troubleshooting the Services

Yes

Yes

Security, Spam and Malware Prevention

Yes

Yes

Services Communications

Yes

No

Improving the Purchased Services 

No

No

Advertising 

No

No

Voluntary Disclosure to Law Enforcement

No

No

Direct Marketing

No

No

 

FAQ

Question: How does Office 365 or Dynamics CRM Online use my data to maintain the service?

Answer: Customer Data will be used only to provide the service, except as you direct.

In addition to day-to-day operations, operation of the service can include using Customer Data for the following:

§  Troubleshooting aimed at preventing, detecting and repairing problems affecting the operation of services.

§  Ongoing improvement of features or continuous security maintenance requirements that involve the detection of, and protection against, emerging and evolving threats to the services or customer data (such as malware or spam).

§  Providing personalized or inference-based service features.  

Question: Does Office 365 or Dynamics CRM Online share data or systems with any advertiser-supported services? Does Office 365 or Dynamics CRM Online data-mine Customer Data for its advertisers?

Answer: No. Both Office 365 and Dynamics CRM Online use separate systems that are kept physically and logically separate from consumer advertiser-supported services and systems run by Microsoft, with no data flow between the two systems and no use of your data to build profiles for advertising, or advertise to your end-users.

Question: Can Office 365 or Dynamics CRM Online use or disclose my data without my permission?

Answer: In a limited number of circumstances, Microsoft may need to disclose Customer Data without your prior consent, including as needed to satisfy legal requirements.

Question: What is the Office 365 and Dynamics CRM Online process if law enforcement requests my data? What does Microsoft do when subpoenaed or legally mandated to produce customers' information?

Answer: Office 365 and Dynamics CRM Online believe that their customers should control their own information to the extent possible.

Accordingly, if a governmental entity approaches Microsoft directly for information hosted on behalf of our Office 365 or Dynamics CRM Online customers, Microsoft will try in the first instance to redirect the entity to the customer to afford the customer the opportunity to determine how to respond. If we are nonetheless required to respond to the demand, Microsoft will only provide information belonging to its Office 365 or Dynamics CRM Online customers when it is legally required to do so, will limit the production to only that information which it is required to disclose and will use reasonable efforts to notify the enterprise customer in advance of any production unless legally prohibited. Our notice will typically be delivered by email to one or more of the administrator(s) the customer has listed in the online services portal. It is the customer’s responsibility to ensure contact information remains up to date.

Question: What is usage data, and how does Microsoft use usage data? 

Answer:  Usage data are used to provide the service.

Usage data could refer to any number of data points related to Office 365 and Dynamics CRM Online. “Usage data” could refer to the average number of emails an end user receives each day, the number of licenses in a customer’s subscription, or the amount of electricity Microsoft needs to power Office 365 and Dynamics CRM Online.

We understand our customers are most concerned about how we treat personally identifiable information about end users’ interactions with the services.  Such data may be used for day-to-day operations and maintenance of the services (as described above) and for services communications to administrators, including emails about end users’ use or access to the services. For example, an administrator may receive a notification from Microsoft that an end user is near usage or storage limits.

Question: What are the services communications an administrator will receive?

Answer:  Administrators may receive various types of communications from Microsoft related to use of the services. The administrator may also receive the following types of communications: communications about services operations, including scheduled maintenance and new features or functionalities of the services.