Microsoft Reputation Services Privacy Statement

Last updated: September 2009

Microsoft is committed to protecting your privacy, while delivering software that brings you the performance, power, and convenience you desire in your personal computing. This privacy statement explains many of the data collection and use practices of Microsoft Reputation Services (“MRS”).  This is a preliminary disclosure that focuses on features that communicate with the Internet and is not intended to be an exhaustive list. It does not apply to other online or offline Microsoft sites, products, or services.

MRS is a web-service that delivers categorization information about URLs.  MRS includes the Feedback and Error Reporting site at http://www.microsoft.com/security/portal/mrs/

Collection and Use of Your Information

The information we collect from you will be used by Microsoft and its controlled subsidiaries and affiliates to enable the features you are using and provide the service(s) or carry out the transaction(s) you have requested or authorized.  It may also be used to analyze and improve Microsoft products and services.

With your consent, we may occasionally request your feedback, invite you to participate in surveys, or send you promotional mailings to inform you of other products or services available from Microsoft and its affiliates.

In order to offer you a more consistent and personalized experience in your interactions with Microsoft, information collected through one Microsoft service may be combined with information obtained through other Microsoft services. We may also supplement the information we collect with information obtained from other companies. For example, we may use services from other companies that enable us to derive a general geographic area based on your IP address in order to customize certain services to your geographic area.

Except as described in this statement, personal information you provide will not be transferred to third parties without your consent. We occasionally hire other companies to provide limited services on our behalf, such as packaging, sending and delivering purchases and other mailings, answering customer questions about products or services, processing event registration, or performing statistical analysis of our services. We will only provide those companies the personal information they need to deliver the service, and they are prohibited from using that information for any other purpose.

Microsoft may access or disclose information about you, including the content of your communications, in order to: (a) comply with the law or respond to lawful requests or legal process; (b) protect the rights or property of Microsoft or our customers, including the enforcement of our agreements or policies governing your use of the services; or (c) act on a good faith belief that such access or disclosure is necessary to protect the personal safety of Microsoft employees, customers, or the public. We may also disclose personal information as part of a corporate transaction such as a merger or sale of assets.

Information that is collected by or sent to Microsoft by MRS may be stored and processed in the United States or any other country in which Microsoft or its affiliates, subsidiaries, or service providers maintain facilities. Microsoft abides by the safe harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of data from the European Union, the European Economic Area, and Switzerland. 

Collection and Use of Information about Your Computer

When you use software with Internet-enabled features, information about your computer ("standard computer information") is sent to the Web sites you visit and online services you use. Microsoft uses standard computer information to provide you Internet-enabled services, to help improve our products and services, and for statistical analysis. Standard computer information typically includes information such as your IP address, operating system version, browser version, and regional and language settings. In some cases, standard computer information may also include hardware ID, which indicates the device manufacturer, device name, and version. If a particular feature or service sends information to Microsoft, standard computer information will be sent as well. 

The privacy details for each MRS feature, software or service listed in this privacy statement describe what additional information is collected and how it is used.

Security of your information

Microsoft is committed to helping protect the security of your information. We use a variety of security technologies and procedures to help protect your information from unauthorized access, use, or disclosure. For example, we store the information you provide on computer systems with limited access, which are located in controlled facilities.

Changes to this privacy statement

We will occasionally update this privacy statement to reflect changes in our products, services, and customer feedback. When we post changes, we will revise the "last updated" date at the top of this statement. If there are material changes to this statement or in how Microsoft will use your personal information, we will notify you either by posting a notice of such changes prior to implementing the change or by directly sending you a notification. We encourage you to periodically review this statement to be informed of how Microsoft is protecting your information.

For More Information

Microsoft welcomes your comments regarding this privacy statement. If you have questions about this statement or believe that we have not adhered to it, please contact us at secwish@microsoft.com.

 

Solutions Accelerators Team

Microsoft Corporation

One Microsoft Way

Redmond, WA 98052

USA

 

Specific features 

The remainder of this document will address the following specific features:

Feedback and Error Reporting Portal

What This Feature Does:

The Feedback and Error Reporting Portal (the “Portal”) at http://www.microsoft.com/security/portal/mrs/ allows you to send your feedback to Microsoft.  Feedback includes suggested categories for a given URL and comments about the report that may be helpful for Microsoft to better understand your concerns or errors that you may have encountered.

Information Collected, Processed, or Transmitted:

The Portal will ask you for the full URL being escalated, any suggested categories you would like to send to Microsoft, and any additional comments you may have (“Feedback Reports”).  In addition, in the case that you are the registered site owner, your name and email address will also be collected.

 

We may collect information about your visit to the Portal. For example, we may use Web site analytics tools to retrieve information from your browser, including the site you came from, the search engine(s) and the keywords you used to find our Portal, the pages you view within the Portal, your browser add-ons, and your browser's width and height.

 

We may use cookies on this Portal to enable you to sign in to our services or to help personalize the Portal.  A cookie is a small text file that is placed on your hard disk by a Web server. Cookies contain information that can later be read by a Web server in the domain that issued the cookie to you. Cookies cannot be used to run programs or deliver viruses to your computer. One of the primary purposes of cookies is to provide a convenience feature to save you time. For example, if you personalize a Web page, or navigate within a site, a cookie helps the site to recall your specific information on subsequent visits. This simplifies the process of delivering relevant content, eases site navigation, and so on. When you return to the Web site, the information you previously provided can be retrieved, so you can easily use the site's features that you customized.

 

You have the ability to accept or decline cookies. Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you are using Internet Explorer, search for “Cookies” in the Help menu to find detailed instructions. If you choose to decline cookies, you may not be able to use interactive features of this or other Web sites that depend on cookies.

 

Pages on this Portal may contain electronic images known as Web beacons - sometimes called single-pixel gifs - that may be used to assist in delivering cookies, to allow us to count users who have visited those pages, and to deliver co-branded services.

 

Microsoft may also employ Web beacons from third parties in order to help us compile aggregated statistics and determine the effectiveness of our promotional campaigns or other operations of our sites. We prohibit Web beacons on our sites from being used by third parties to collect or access your personal information.   We may work with other companies that advertise on our sites to place Web beacons on their sites in order to allow us to develop statistics on how often clicking on an advertisement on a Microsoft site results in a purchase or other action on the advertiser's site.

Use of Information: 

These Feedback Reports help Microsoft researchers and third-party partner companies (“Microsoft Partners”) to discover potential inaccuracies and/or to optimize the reputation delivered to customers.

 

The Feedback Reports may also be used for testing or other statistical or analytical purposes, trending, and anti-malware definition generation including transmission to Microsoft Partners that have agreed to assist Microsoft in data analysis.  “Data analysis” may include but is not limited to, categorization of URL content and malware identification.  With your consent, Microsoft may send full URL strings collected through the Portal to Microsoft Partners to improve the service by augmenting the Microsoft and/or Microsoft Partners’ filtering database(s).

 

If you provide an e-mail address, Microsoft may use it to contact you if further information or clarification is needed to understand your request.  All other information collected may be used for statistical analysis and to improve this and other Microsoft and Microsoft partner products and services, but will not be used to identify or contact you.

Choice/Control: 

You may choose whether or not to use the Feedback and Error Reporting Portal feature, and if so, what information to send to Microsoft.

Telemetry

What This Feature Does:

Microsoft receives telemetry from each feature that uses MRS for URL categorization. This information is stored by Microsoft and analyzed to help identify patterns and improve precision and efficiency of URL categorization. In addition, Microsoft uses this analyzed information to prioritize URLs for categorization by Microsoft and Microsoft Partners. The information collected is not used to identify or contact you.

Information Collected, Processed, or Transmitted:

By enabling a feature that utilizes MRS, reports are collected from you by Microsoft which include additional data such as full URL strings, the time the URL was queried, and other aggregated statistics. 

 

Clients transfer to Microsoft the full URL string, local list of URL category overrides, and several statistical counters, as well as a machine identifier.  The machine identifier is used to identify the version and product connecting to MRS and does not include any customer or personal information. Note that HTTPS URLs are truncated, such that customers send only the hostname portion of the URL string to MRS, along with a one-way hash of the full URL string that allows us to distinguish between unique URLs without access to the full URL string. 

 

Reports may inadvertently contain personal information. To the extent that any personal information is included in a report, Microsoft does not use the information to identify you or contact you.  To help protect your privacy, reports that are sent to Microsoft over an encrypted channel. 

 

In order to help provide and continuously improve data quality, MRS may query Microsoft Partners for reputation information, or send them redacted URL strings for categorization purposes.  MRS does not send Microsoft Partners unique identifiers representing you or your end-users associated with the URLs.

Use of Information: 

These reports help Microsoft researchers and Microsoft Partners discover inaccuracies and optimize reputation delivered to customers.

 

The reports may also be used for statistical or other testing or analytical purposes, trending, and anti-malware definition generation including transmission to Microsoft Partners that have agreed to assist Microsoft in data analysis.  Microsoft may send full URL strings to Microsoft Partners but will first filter or restrict those URL strings to remove personal information. Microsoft Partners use these redacted URL strings to improve the service by augmenting the Microsoft and/or Microsoft Partners’ filtering database(s).

 

Choice/Control: 

Collection of telemetry is tied to the enabling and disabling of features that utilize MRS. See your product or service documentation to learn more about how to control its interaction with MRS.