In some regions, you may have certain rights under applicable data protection laws (such as the European General Data Protection Regulation). Please see the
Addendum to this notice for specific additional information by region / country.
Use of Cookies and Web BeaconsSite pages may use cookies (small text files placed on your device). Cookies allow us, among other things, to store your preferences and settings; enable you to sign-in; combat fraud; and analyze how our websites and online services are performing.
We also use web beacons to help deliver cookies and gather usage and performance data. Our websites may include web beacons and cookies from third-party service providers.
You have a variety of tools to control cookies, web beacons and similar technologies, including browser controls to block and delete cookies and controls from some third-party analytics service providers to opt out of data collection through web beacons. Your browser and other choices may impact your experiences with our websites and systems.
Workplace Security and MonitoringMicrosoft monitors its IT and communications systems through automated tools such as network authentication and wireless connectivity hardware and software, anti-malware software, website filtering and spam filtering software, security software for cloud-based applications, and mobile device management solutions. The primary purpose of this monitoring is to protect Microsoft, its employees, customers and business partners, for example:
For system, applications, and network security, including in particular the security of Microsoft's IT system and assets, and the safety and security of its employees, external staff and other third parties;
For network and device management and support;
- For proof of business transactions and recordkeeping;
- For the protection of confidential information and company assets;
- For investigating wrongful acts or potential violations of company policy; and
- For other legitimate business purposes as permitted under applicable law.
We also monitor our offices, and other workplace facilities, through video monitoring like closed-circuit television ("CCTV") and badge scans for security purposes. CCTV is primarily used at office entrance and exit points, elevator lobbies, rooms where there may be valuable equipment, such as server rooms, and in other select areas with a high risk for theft or with highly sensitive assets. CCTV is not used in private spaces such as restrooms, new mothers' rooms or locker rooms nor is it used to monitor employee workstations for performance reasons.
You should be aware that any message, files, data, document, facsimile, audio/video, social media post or instant message communications, or any other types of information transmitted to, through or from, received or printed from, or created, stored or recorded on our IT and communications systems and assets (included via the use of personal devices accessing corporate IT systems) are presumed to be business-related and may be monitored or accessed by us in accordance with applicable law and workplace agreements (such as works council agreements), and subject to Microsoft's internal policies concerning access to and uses of such data. Microsoft will not review data stored on your personal mobile device without your consent.
Other Important Privacy InformationSecurity of Your Personal DataMicrosoft is committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorized access, use, or disclosure. For example, we store the personal data you provide on computer servers with limited access that are located in controlled facilities, and, when we transmit certain highly confidential or sensitive personal information, we protect it through the use of encryption.
Where We Store and Process Personal DataMicrosoft operates at the global level and therefore personal data may need to be transferred to countries outside of where it was originally collected. For example, because we are headquartered in the United States, information collected in other countries is routinely transferred to the United States for processing. When we transfer your personal data to a different country, we will ensure that this transfer complies with applicable laws and legislation. Microsoft has Model Clauses in place for the collection, use, and retention of personal data transferred from the European Union to other countries, and also complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S Privacy Shield Framework.
Microsoft Corporation complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Microsoft Corporation has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If third-party agents process personal data on our behalf in a manner inconsistent with the principles of either Privacy Shield framework, we remain liable unless we prove we are not responsible for the event giving rise to the damage. The controlled U.S. subsidiaries of Microsoft Corporation, as identified in our self-certification submission and listed
here, also adhere to the Privacy Shield Principles.
If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit
www.privacyshield.gov.
If you have
a question or complaint related to participation by Microsoft in the EU-U.S. or
Swiss-U.S. Privacy Shield, we encourage you to contact us via our
web
form. For any complaints related to the Privacy Shield frameworks that
Microsoft cannot resolve directly, we have chosen to cooperate with the
relevant EU Data Protection Authority, or a
panel established by the European data protection authorities, for resolving disputes with
EU individuals, and with the Swiss Federal Data Protection and Information
Commissioner (FDPIC) for resolving disputes with Swiss individuals.
Please contact us if you’d like us to direct you to your data protection
authority contacts. As further explained in the Privacy Shield Principles,
binding arbitration is available to address residual complaints not resolved by
other means. Microsoft is subject to the investigatory and enforcement powers
of the U.S. Federal Trade Commission (FTC).
Our Retention of Personal Data Personal data will be stored according to applicable laws or regulatory requirements and kept as long as is necessary to fulfill the purposes for which the personal data was collected. Generally, this means that your personal data will be retained as documented in our corporate data retention schedule and applicable riders and supplements.
Changes to this Privacy NoticeWe may occasionally update this privacy notice. When we do, we will revise the "last updated" date at the top of the privacy notice. If there are material changes to this notice or in how Microsoft will use your personal data, we will use reasonable efforts to notify you either by prominently posting a notice of such changes before they take effect or by directly sending you a notification. We encourage you to periodically review this privacy statement to learn how Microsoft is protecting your personal data.
How to Contact UsFor copies of additional privacy documents mentioned in this notice, or if you have a privacy concern or question related to this notice, please contact
AskHR@microsoft.com.
Our address is:
HR Privacy
Microsoft Corporation
One Microsoft Way
Redmond, Washington 98052 USA
Telephone: (+1) 425-882-8080