Privacy Policy

Trusted Cloud Principles Website Privacy Notice 

Last updated: September 2021

Your privacy is important to us. This privacy notice explains  the collection, use, and disclosure of personal data in connection with the Trusted Cloud Principles website. The site is operated by Microsoft Corporation on behalf of the Trusted Cloud Principles and its participating companies. This notice does not apply to any other services of the participating companies.

PERSONAL DATA WE COLLECT 

The personal data we collect depends on how you interact with us.

Information you provide directly. We collect personal data you provide to us. For example, if you choose to send us an email inquiry, we will collection contact information, such as your name and email address, as well as the content of your communications 

Information we collect automatically. When you visit the website, we collect some information automatically. For example:

  • Identifiers and device information. When you visit the website, our web servers automatically log your Internet Protocol (IP) address and information about your device, including device identifiers (such as MAC address); device type; and your device’s operating system, browser, and other software including type, version, language, settings, and configuration. As further described in the Cookies and Similar Technologies section below, our website stores and retrieves cookie identifiers and other data.
  • Geolocation data. Depending on your device settings, we collect geolocation data when you use the website. 
  • Usage data. We automatically log your activity on the website, including the URL of the website from which you came to our site, pages you viewed, how long you spent on a page, access times, and other details about your use of and actions on our website.

When you are asked to provide personal data, you may decline. And you may use web browser or operating system controls to prevent certain types of automatic data collection. But if you choose not to provide or allow information that is necessary for certain services, those features may not be available. For example, if you don’t provide an email address, we will be unable to respond to any inquiries you may have

COOKIES AND SIMILAR TECHNOLOGIES 

We use cookies, web beacons, and similar technologies to operate the website and to help collect data, including usage data, identifiers, and device information. 

What are cookies and similar technologies? 

Cookies are small text files placed by a website and stored by your browser on your device. A cookie can later be read when your browser connects to a web server in the same domain that placed the cookie. The text in a cookie contains a string of numbers and letters that may uniquely identify your device and can contain other information as well. This allows the web server to recognize your browser over time, each time it connects to that web server.

Web beacons are electronic images (also called single-pixel or clear GIFs) that are contained within a website or email. When your browser opens a webpage or email that contains a web beacon, it automatically connects to the web server that hosts the image (typically operated by a third party). This allows that web server to log information about your device and to set and read its own cookies. In the same way, third-party content on our websites (such as embedded videos, plug-ins, or ads) results in your browser connecting to the third-party web server that hosts that content. 

How do we and our partners use cookies and similar technologies?

We, and our analytics partners, use these technologies in our website to collect personal data (such as the pages you visit, the links you click on, and similar usage information, identifiers, and device information) when you use our services. This information is used to analyze how our websites and apps perform, track your interaction with the site or app, and fulfill other legitimate purposes.  Please see the Sharing section below for details on the third-party analytics providers we use on the website. 

What controls are available? 

  • Browser cookie controls. Most web browsers are set to accept cookies by default. If you prefer, you can go to your browser settings to learn how to delete or reject cookies. If you choose to delete or reject cookies, this could affect certain features or services of our website. If you choose to delete cookies, settings and preferences controlled by those cookies, including advertising preferences, may be deleted and may need to be recreated. 
  • Do Not Track. Some browsers have incorporated “Do Not Track” (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked. Because there is not a common understanding of how to interpret the DNT signal, our websites do not currently respond to browser DNT signals. Instead, you can use the range of other tools to control data collection and use, including the cookie controls and advertising controls described above.

OUR USE OF PERSONAL DATA

We use each of the categories or personal data we collect for purposes described in this privacy notice or otherwise disclosed to you. For example, we use personal data for the following purposes:

  • Service delivery. To provide the website, including troubleshooting, securing, and improving the website.
  • Communications and support. To respond to your questions and provide customer support.

OUR SHARING OF PERSONAL DATA 

We share personal data with your consent or as necessary to operate the website or respond to your inquiries. In addition, we share each of the categories of personal data described above, with the types of third parties described below, for the following business purposes:

  • Service providers. We share personal data with vendors or agents working on our behalf for the purposes described in this notice. For example, companies we’ve hired to host the website, process incoming email, or assist in protecting and securing the website and our systems may need access to personal data to provide those functions.  We also website analytics services, as described in the Cookies section of this notice, from New Relic. 
  • Legal and law enforcement. We will access, disclose, and preserve personal data when we believe that doing so is necessary to comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies. 
  • Security, safety, and protecting rights. We will disclose personal data if we believe it is necessary to:
    • protect our customers and others, for example to prevent spam or attempts to commit fraud, or to help prevent the loss of life or serious injury of anyone; 
    • operate and maintain the security of our services, including to prevent or stop an attack on our computer systems or networks; or 
    • protect the rights or property or ourselves or others, including enforcing our agreements, terms, and policies.

Finally, we may share de-identified information in accordance with applicable law.

CHOICE AND CONTROL OF PERSONAL DATA*

Access, correction, and deletion. If you wish to access, correct, or delete personal data about you that we hold, you may contact us as described at the bottom of this privacy notice. However, to the extent permitted by applicable law, we reserve the right to decline requests that are unreasonable or excessive, where providing the data would be prohibited by law or could adversely affect the privacy or other rights of another person, where deleting data would interfere with a legal or business obligation that requires retention of the data, or where we are unable to authenticate you as the person to whom the data relates.  

Choices for Cookies and Similar Technologies. See the Cookies section for choices about cookies and similar controls.

*CalOPPA, Cal. Bus. & Prof. Code §22575(b)(2) “If the operator maintains a process for an individual consumer who uses or visits its commercial Website or online service to review and request changes to any of his or her personally identifiable information that is collected through the Web site or online service, provide a description of that process.”

EUROPEAN DATA PROTECTION RIGHTS

If the processing of personal data about you is subject to European Union data protection law, you have certain rights with respect to that data: 

  • You can request access to, and rectification or erasure of, personal data; 
  • If any automated processing of personal data is based on your consent or a contract with you, you have a right to transfer or receive a copy of the personal data in a usable and portable format;
  • If the processing of personal data is based on your consent, you can withdraw consent at any time for future processing; 
  • You can to object to, or obtain a restriction of, the processing of personal data under certain circumstances; and
  • For residents of France, you can send us specific instructions regarding the use of your data after your death.

To make such requests please use the contact information at the bottom of this notice.  You also have the right to lodge a complaint with a supervisory authority, but we encourage you to first contact us with any questions or concerns.

We rely on different lawful bases for collecting and processing personal data about you, for example, with your consent and/or as necessary to provide the services you use, operate our business, meet our contractual and legal obligations, protect the security of our systems and our customers, or fulfill other legitimate interests.

CALIFORNIA PRIVACY RIGHTS

If you are a California resident and the processing of personal information about you is subject to the California Consumer Privacy Act (“CCPA”), you have certain rights with respect to that information.  

Right to Know. You have a right to request that we disclose to you the personal information we have collected about you.  You also have a right to request additional information about our collection, use, disclosure, or sale of such personal information.  Note that we have provided much of this information in this privacy notice. You may make such a “request to know” by contacting us at the email address at the bottom of this notice.  

Right to Request Deletion. You also have a right to request that we delete personal information under certain circumstances, subject to a number of exceptions. To make a request to delete, please contact us as indicated at the bottom of this notice. 

Right to Opt-Out. You have a right to opt-out from future “sales” of personal information. Note that we do not “sell” personal information as defined by the CCPA and have not done so in the past 12 months.  

You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights under the CCPA. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized it to act on your behalf, and we may need you to verify your identity directly with us. Further, to provide or delete specific pieces of personal information we will need to verify your identity to the degree of certainty required by law. For example, if you seek information about a message you sent to use, we will verify your request by asking you to send it from the same email address you previously used to contact us. 

Finally, you have a right to receive notice of our practices at or before collection of personal information, and you have a right to not be discriminated against for exercising these rights set out in the CCPA.

Additionally, under California Civil Code section 1798.83, also known as the “Shine the Light” law, California residents who have provided personal information to a business with which the individual has established a business relationship for personal, family, or household purposes (“California Customers”) may request information about whether the business has disclosed personal information to any third parties for the third parties’ direct marketing purposes.  Please be aware that we do not disclose personal information to any third parties for their direct marketing purposes as defined by this law. California Customers may request further information about our compliance with this law by e-mailing at the address at the bottom of this notice. Please note that businesses are required to respond to one request per California Customer each year and may not be required to respond to requests made by means other than through the designated e-mail address.

RETENTION OF PERSONAL DATA

We retain personal data for as long as necessary to provide the services and fulfill the transactions you have requested, comply with our legal obligations, resolve disputes, enforce our agreements, and other legitimate and lawful business purposes. Because these needs can vary for different data types in the context of different services, actual retention periods can vary. 

LOCATION OF PERSONAL DATA

The personal data we collect may be stored and processed in your country or region, or in any other country where we or our affiliates, subsidiaries, or service providers maintain facilities. Currently, we primarily use data centers in United States. We take steps designed to ensure that the data we collect under this notice is processed and protected according to the provisions of this notice and applicable law wherever the data is located.

Location of Processing European Personal Data. If we transfer personal data from the European Economic Area (EEA), UK, and Switzerland to countries that have not been determined by the European Commission to have an adequate level of data protection, we will use legal mechanisms, including contracts, to help ensure your rights and protections. To learn more about the European Commission’s decisions on the adequacy of personal data protections, please visit: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.

SECURITY OF PERSONAL DATA

We take reasonable and appropriate steps to help protect personal data from unauthorized access, use, disclosure, alteration, and destruction. 

CHANGES TO THIS PRIVACY NOTICE

We will update this privacy notice when necessary to reflect changes in our services, how we use personal data, or the applicable law. When we post changes to the notice, we will revise the “Last Updated” date at the top of the notice.  If we make material changes to the notice, we will provide notice or obtain consent regarding such changes as may be required by law. 

HOW TO CONTACT US

If you have a privacy concern, complaint, or a question for us, please contact us at [email protected].  

Our address is One Microsoft Way, Redmond WA, USA, 98052