deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-18 16:27:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/privacy/data-processor-service-for-windows-public-preview-terms.md

21 KiB
Raw Blame History

title, description, keywords, ms.localizationpriority, ROBOTS, ms.prod, ms.topic, f1.keywords, ms.author, author, manager, audience, ms.collection
title description keywords ms.localizationpriority ROBOTS ms.prod ms.topic f1.keywords ms.author author manager audience ms.collection
Data processor service for Windows public preview terms Use this article to understand Windows public preview terms of service. privacy, GDPR high NOINDEX, NOFOLLOW w10 article
NOCSH
daniha DaniHalfin dansimp itpro
GDPR
M365-security-compliance

Data processor service for Windows public preview terms

These terms (“Terms”) must be read and accepted by a tenant admin with appropriate access rights and authority. By participating in this public preview, you: (a) agree to the following Terms, and (b) represent and warrant that you have such rights and authority.

These Terms govern your use of the preview described below (“Preview”). In order to access the Preview, you must be a current Microsoft Windows customer with an Azure Active Directory (“AAD”) subscription. The Preview consists of features and services that are in preview, beta, or other pre-release form for use with Windows and AAD.

  1. Definitions. The following terms have the following meanings:

    1. "Customer Data" means all data, including all text, sound, video, or image files that are provided to Microsoft by, or on behalf of, you through your use of Windows or AAD.

    2. "Feedback" means, collectively, suggestions, comments, feedback, ideas, or know-how, in any form, that you or your users provide to Microsoft about Microsofts business, products, or services.

    3. "Personal Data" means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

    4. "Preview Data" means all data, including all text, sound, video, or image files that are provided to Microsoft by, or on behalf of, you through use of the Services.

    5. "Subprocessor" means other processors used by Microsoft to process Personal Data.

  2. Scope of Services. The Preview is for a service that enables organizations to become controllers of Windows diagnostic data on supported versions of Windows, with Microsoft operating as processor of the data (collectively, the “Services”). You will collaborate with Microsoft in order to provide Microsoft the ability to enable the Services for you. To access the Services, you will need to configure participating Windows devices; Microsoft will assist you in such configuration via documentation or other communications.

  3. Intellectual Property.

    1. License Grant. During the term of this Preview (“Term”), Microsoft grants you and authorized users in your tenant for Windows a non-exclusive, non-transferable, non-sublicensable right and license to access and use the Services in accordance with these Terms.

    2. Use Terms. These Terms supersede any Microsoft terms and conditions or other agreement. You acknowledge that (i) the Services may not work correctly or in the manner that a commercial service may function; Microsoft may change the Services for the final, commercial version or choose not to release a commercial version; (ii) Microsoft may not provide support for the Services; (iii) the Online Services Terms (OST), including any obligations Microsoft may have regarding Customer Data, do not apply to the Services or Preview Data; (iv) Microsoft has no obligation to hold, export, or return Preview Data, except as described in these Terms; (v) Microsoft has no liability for the deletion of Preview Data, except as described in these Terms; and (vi) you may lose access to the Services and Preview Data after the Term.

    3. Acceptable Use. Neither you, nor those that access the Services through you, may: (a) use the Services: (i) in a way prohibited by law, regulation, governmental order or decree; (ii) to violate the rights of others; (iii) to try to gain unauthorized access to or disrupt any service, device, data, account or network; (iv) to spam or distribute malware; or (v) in a way that could harm the Services or impair anyone elses use of it; or (b) reverse engineer, decompile, disassemble, or work around any technical limitations in the Services, or use the Services to create a competing product. You are responsible for responding to any third-party request regarding your use of the Services or Preview Data, such as a request to take down Preview Data under the U.S. Digital Millennium Copyright Act or other applicable laws.

    4. Data Collection, Use and Location. The Microsoft Privacy Statement https://privacy.microsoft.com/privacystatement applies to the collection, use and location of Preview Data. In the event of a conflict between Privacy Statement and the terms of these Terms, the terms of these Terms will control.

  4. Confidentiality. The following confidentiality terms apply to the Preview:

    1. During the Term plus 5 years, the parties will hold in strictest confidence and not use or disclose to any third party any Confidential Information of the other party. “Confidential Information” means all non-public information a party designates in writing or orally as being confidential, or which under the circumstances of disclosure ought to be treated as confidential. Confidential Information includes information relating to:

      1. a partys released or unreleased software or hardware products;

      2. a partys source code;

      3. a partys product marketing or promotion;

      4. a partys business policies or practices;

      5. a partys customers or suppliers;

      6. information received from others that a party must treat as confidential; and

      7. information provided, obtained, or created by a party under these Terms, including:
        • information in reports;
        • the parties electronic or written correspondence, customer lists and customer information, regardless of source;
        • Personal Data; and
        • Transactional, sales, and marketing information.

    2. A party will consult with the other if it questions what comprises Confidential Information. Confidential Information excludes information (i) known to a party before the disclosing partys disclosure to the receiving party, (ii) information publicly available through no fault of the receiving party, (iii) received from a third party without breach of an obligation owed to the disclosing party, or (iv) independently developed by a party without reference to or use of the disclosing partys Confidential Information.

    3. Each party will employ security procedures to prevent disclosure of the other partys Confidential Information to unauthorized third parties. The receiving partys security procedures must include risk assessment and controls for:

      1. system access;

      2. system and application development and maintenance;

      3. change management;

      4. asset classification and control;

      5. incident response, physical and environmental security;

      6. disaster recovery/business continuity; and

      7. employee training.

  5. Data Protection.

    Generally. To the extent Microsoft is a processor of Personal Data, the General Data Protection Regulation (GDPR) Terms in Appendix 1 govern that processing and the parties also agree to the following terms:

    1. Processing Details: The parties agree that:

      • The subject-matter of the processing is limited to Personal Data within the scope of the GDPR;
      • The duration of the processing shall be for the duration of your right to use the Services and until all Personal Data is deleted or returned in accordance with your instructions or these Terms;
      • The nature and purpose of the processing shall be to provide the Services pursuant to these Terms;
      • The types of Personal Data processed by the Services include those expressly identified in Article 4 of the GDPR to the extent included by Preview Data; and
      • The categories of data subjects are your representatives and end users, such as employees, contractors, collaborators, and customers.

    2. Data Transfers:

      • Preview Data and Personal Data that Microsoft processes on your behalf may be transferred to, and stored and processed in, the United States or any other country in which Microsoft or its Subprocessors operate. You appoint Microsoft to perform any such transfer of Preview Data and Personal Data to any such country and to store and process Preview Data and Personal Data to provide the Services.
      • Microsoft will abide by the requirements of European Economic Area and Swiss data protection law regarding the collection, use, transfer, retention, and other processing of Personal Data from the European Economic Area and Switzerland. All transfers of Personal Data to a third country or an international organization will be subject to appropriate safeguards as described in Article 46 of the GDPR and such transfers and safeguards will be documented according to Article 30(2) of the GDPR.
      • In addition, Microsoft is certified to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks and the commitments they entail. Microsoft agrees to notify you in the event that it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Privacy Shield principles.

  6. No Support or Incident Response. Microsoft will have no obligation under these Terms to correct any bugs, defects or errors in the Services or AAD, provide any updates, upgrades or new releases, or otherwise provide any technical support or maintenance for any Services or AAD. You will make reasonable efforts to promptly report to Microsoft any defects you find in the Services, as an aid to creating improved revisions of the Services. Microsoft will have no obligation under these Terms to provide you with incident response as part of the Services.

  7. Term and Termination. The term of the Preview begins when you accept these Terms and continues until: (a) either party terminates this Preview by providing the other party: (i) 2 days notice for any reason (or no reason), or (ii) notice of such partys breach of these Terms and such party fails to cure within 15 days, or (b) upon the general availability of the Services. When the Term ends, you will no longer have access to the Services, and Microsoft will no longer have the rights to access Customer Data granted herein. Each party will, on request, return or destroy the others Confidential Information provided under the Preview.

  8. Feedback. Providing Feedback is voluntary. Microsoft is under no obligation to post or use any Feedback. By providing Feedback to Microsoft, you (and anyone providing Feedback through your use of the Preview) irrevocably and perpetually grant to Microsoft and its affiliates, under all of its (and their) owned or controlled intellectual property rights, a worldwide, non-exclusive, fully paid-up, royalty-free, transferable, sub-licensable right and license to make, use, reproduce, prepare derivative works based upon, distribute, publicly perform, publicly display, transmit, and otherwise commercialize the Feedback (including by combining or interfacing products, services or technologies that depend on or incorporate Feedback with other products, services or technologies of Microsoft or others), without attribution in any way and for any purpose. You warrant that (a) you will not provide Feedback that is subject to a license requiring Microsoft to license anything to third parties because Microsoft exercises any of the above rights in your Feedback; and (b) you own or otherwise control all of the rights to such Feedback and that no such Feedback is subject to any third-party rights (including any personality or publicity rights).

  9. Representations and Warranties; Limitation of Liability.

    1. By the Parties. Each party represents and warrants to the other party that (a) it has all necessary rights, title, and authority to enter into and perform under these Terms; (b) its performance under these Terms will not breach any agreement with a third party; and (c) it will comply with any and all laws, rules, and regulations that are applicable to its performance under these Terms.

    2. Disclaimer. EXCEPT AS OTHERWISE PROVIDED IN THESE TERMS AND TO THE EXTENT APPLICABLE LAW PERMITS, MICROSOFT (a) PROVIDES THE SERVICES AS-IS; (b) PROVIDES NO WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE; AND (c) DOES NOT GUARANTEE THAT THE SERVICES WILL BE AVAILABLE, UNINTERRUPTED, OR ERROR-FREE, OR THAT LOSS OF PREVIEW DATA WILL NOT OCCUR.

    3. Limitation of Liability. Except as otherwise described in this Section 9, the only remedy either party has for claims relating to these Terms or participation in the Preview is to terminate these Terms or your participation in the Preview. NEITHER PARTY WILL BE LIABLE TO THE OTHER PARTY FOR ANY DAMAGES, INCLUDING DIRECT, INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, OR DAMAGES FOR LOST REVENUE, LOST PROFIT, LOST BUSINESS INFORMATION, OR BUSINESS INTERRUPTION, EVEN IF THE PARTY KNEW OR SHOULD HAVE KNOWN OF THE POSSIBILITY OF SUCH DAMAGES. The limitations in this Section 9 do not apply to claims arising from any breach of confidentiality obligations under Section 4.

  10. General.

    1. Non-Exclusivity. These Terms are nonexclusive. These Terms do not restrict either party from entering into the same or similar arrangement with any third party.

    2. Jurisdiction and Governing Law. The laws of the State of Washington, excluding conflicts of law provisions, govern these Terms. If federal jurisdiction exists, then each party consents to exclusive jurisdiction and venue in the federal courts in King County, Washington. If no federal jurisdiction exists, then each party consents to exclusive jurisdiction and venue in the Superior Court of King County, Washington.

    3. Force Majeure. A party will not be liable for failure to perform an obligation under these Terms to the extent that failure is due to a cause beyond that partys reasonable control, including natural disaster, war, civil disturbance, or governmental action.

    4. Attorneys fees. If a party employs attorneys to enforce any rights arising out of or relating to these Terms, the prevailing party will be entitled to recover its reasonable attorneys fees, costs, and other expenses.

    5. Assignment. You may not assign these Terms or delegate any of your rights or obligations under these Terms to a third party without Microsofts prior written consent.

    6. Entire Agreement. These Terms are the entire agreement between the parties regarding its subject matter and replaces all prior agreements, communications, and representations between the parties regarding its subject matter.

    7. Survival. Sections 3.b, 4, 7 (with respect to post-termination obligations), and 8-10 will survive these Terms expiration or termination.

Appendix 1: GDPR Terms

For purposes of these GDPR Terms, you and Microsoft agree that you are the controller of Personal Data and Microsoft is the processor of such data, except when you act as a processor of Personal Data, in which case Microsoft is a subprocessor. These GDPR Terms apply to the processing of Personal Data, within the scope of the GDPR, by Microsoft on your behalf. These GDPR Terms do not limit or reduce any data protection commitments Microsoft makes to you in other agreement between Microsoft and you. These GDPR Terms do not apply where Microsoft is a controller of Personal Data.

Relevant GDPR Obligations: Articles 28, 32, and 33

  1. Microsoft shall not engage another processor without prior specific or your general written authorization. In the case of general written authorization, Microsoft shall inform you of any intended changes concerning the addition or replacement of other processors, thereby giving you the opportunity to object to such changes. (Article 28(2))

  2. Processing by Microsoft shall be governed by these GDPR Terms under European Union (hereafter “Union”) or Member State law and are binding on Microsoft with regard to you. The subject-matter and duration of the processing, the nature and purpose of the processing, the type of Personal Data, the categories of data subjects and your obligations and rights are set forth in the Terms above, including these GDPR Terms. In particular, Microsoft shall:

    1. process the Personal Data only on your documented instructions, including with regard to transfers of Personal Data to a third country or an international organization, unless required to do so by Union or Member State law to which Microsoft is subject; in such a case, Microsoft shall inform you of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest;

    2. ensure that persons authorized to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;

    3. take all measures required pursuant to Article 32 of the GDPR;

    4. respect the conditions referred to in paragraphs 1 and 3 for engaging another processor;

    5. taking into account the nature of the processing, assist you by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of your obligation to respond to requests for exercising the data subject's rights laid down in Chapter III of the GDPR;

    6. assist you in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR, taking into account the nature of processing and the information available to Microsoft;

    7. at your choice, delete or return all the Personal Data to you after the end of the provision of services relating to processing, and delete existing copies unless Union or Member State law requires storage of the Personal Data;

    8. make available to you all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR and allow for and contribute to audits, including inspections, conducted by you or another auditor mandated by you.

    9. immediately inform you if, in its opinion, an instruction infringes the GDPR or other Union or Member State data protection provisions. (Article 28(3))

  3. Where Microsoft engages another processor for carrying out specific processing activities on your behalf, the same data protection obligations as set out in these GDPR Terms shall be imposed on that other processor by way of a contract or other legal act under Union or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that the processing will meet the requirements of the GDPR. Where that other processor fails to fulfil its data protection obligations, Microsoft shall remain fully liable to you for the performance of that other processor's obligations. (Article 28(4))

  4. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, you and Microsoft shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:

    1. the pseudonymisation and encryption of Personal Data;

    2. the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;

    3. the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; and

    4. a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing. (Article 32(1))

  5. In assessing the appropriate level of security, account shall be taken of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise processed. (Article 32(2))

  6. You and Microsoft shall take steps to ensure that any natural person acting under your authority or Microsofts who has access to Personal Data does not process them except on instructions from you, unless he or she is required to do so by Union or Member State law. (Article 32(4))

  7. Microsoft shall notify you without undue delay after becoming aware of a personal data breach. (Article 33(2)). Such notification will include that information a processor must provide to a controller under Article 33(3) to the extent such information is reasonably available to Microsoft.