www.microsoft.com Open in urlscan Pro
2600:1408:c400:781::356e  Public Scan

Submitted URL: https://go.microsoft.com/fwlink/?LinkId=518021
Effective URL: https://www.microsoft.com/en-CA/privacy/data-privacy-notice
Submission: On October 16 via api from BE — Scanned from CA

Form analysis 1 forms found in the DOM

Name: searchFormGET https://www.microsoft.com/en-ca/search/explore

<form class="c-search" autocomplete="off" id="searchForm" name="searchForm" role="search" action="https://www.microsoft.com/en-ca/search/explore" method="GET"
  data-seautosuggest="{&quot;queryParams&quot;:{&quot;market&quot;:&quot;en-ca&quot;,&quot;clientId&quot;:&quot;7F27B536-CF6B-4C65-8638-A0F8CBDFCA65&quot;,&quot;sources&quot;:&quot;Iris-Products,DCatAll-Products,Microsoft-Terms&quot;,&quot;filter&quot;:&quot;+ClientType:StoreWeb&quot;,&quot;counts&quot;:&quot;1,5,5&quot;},&quot;familyNames&quot;:{&quot;Apps&quot;:&quot;App&quot;,&quot;Books&quot;:&quot;Book&quot;,&quot;Bundles&quot;:&quot;Bundle&quot;,&quot;Devices&quot;:&quot;Device&quot;,&quot;Fees&quot;:&quot;Fee&quot;,&quot;Games&quot;:&quot;Game&quot;,&quot;MusicAlbums&quot;:&quot;Album&quot;,&quot;MusicTracks&quot;:&quot;Song&quot;,&quot;MusicVideos&quot;:&quot;Video&quot;,&quot;MusicArtists&quot;:&quot;Artist&quot;,&quot;OperatingSystem&quot;:&quot;Operating System&quot;,&quot;Software&quot;:&quot;Software&quot;,&quot;Movies&quot;:&quot;Movie&quot;,&quot;TV&quot;:&quot;TV&quot;,&quot;CSV&quot;:&quot;Gift Card&quot;,&quot;VideoActor&quot;:&quot;Actor&quot;}}"
  data-seautosuggestapi="https://www.microsoft.com/msstoreapiprod/api/autosuggest"
  data-m="{&quot;cN&quot;:&quot;GlobalNav_Search_cont&quot;,&quot;cT&quot;:&quot;Container&quot;,&quot;id&quot;:&quot;c3c1c9c2m1r1a1&quot;,&quot;sN&quot;:3,&quot;aN&quot;:&quot;c1c9c2m1r1a1&quot;}" aria-expanded="false" style="overflow-x: visible;">
  <div class="x-screen-reader" aria-live="assertive"></div>
  <input id="cli_shellHeaderSearchInput" aria-label="Search Expanded" aria-autocomplete="list" aria-expanded="false" aria-controls="universal-header-search-auto-suggest-transparent" aria-owns="universal-header-search-auto-suggest-ul" type="search"
    name="q" role="combobox" placeholder="Search Microsoft.com" data-m="{&quot;cN&quot;:&quot;SearchBox_nav&quot;,&quot;id&quot;:&quot;n1c3c1c9c2m1r1a1&quot;,&quot;sN&quot;:1,&quot;aN&quot;:&quot;c3c1c9c2m1r1a1&quot;}" data-toggle="tooltip"
    data-placement="right" title="Search Microsoft.com" style="overflow-x: visible;">
  <button id="search" aria-label="Search Microsoft.com" class="c-glyph" data-m="{&quot;cN&quot;:&quot;Search_nav&quot;,&quot;id&quot;:&quot;n2c3c1c9c2m1r1a1&quot;,&quot;sN&quot;:2,&quot;aN&quot;:&quot;c3c1c9c2m1r1a1&quot;}" data-bi-mto="true"
    aria-expanded="false" style="overflow-x: visible;">
    <span role="presentation" style="overflow-x: visible;">Search</span>
    <span role="tooltip" class="c-uhf-tooltip c-uhf-search-tooltip" style="overflow-x: visible;">Search Microsoft.com</span>
  </button>
  <div class="m-auto-suggest" id="universal-header-search-auto-suggest-transparent" role="group" style="overflow-x: visible;">
    <ul class="c-menu" id="universal-header-search-auto-suggest-ul" aria-label="Search Suggestions" aria-hidden="true" data-bi-dnt="true" data-bi-mto="true" data-js-auto-suggest-position="default" role="listbox" data-tel="jsll"
      data-m="{&quot;cN&quot;:&quot;search suggestions_cont&quot;,&quot;cT&quot;:&quot;Container&quot;,&quot;id&quot;:&quot;c3c3c1c9c2m1r1a1&quot;,&quot;sN&quot;:3,&quot;aN&quot;:&quot;c3c1c9c2m1r1a1&quot;}" style="overflow-x: visible;"></ul>
    <ul class="c-menu f-auto-suggest-no-results" aria-hidden="true" data-js-auto-suggest-postion="default" data-js-auto-suggest-position="default" role="listbox" style="overflow-x: visible;">
      <li class="c-menu-item" style="overflow-x: visible;"> <span tabindex="-1" style="overflow-x: visible;">No results</span></li>
    </ul>
  </div>
</form>

Text Content

This is the Trace Id: a8aaa9892155fc857b16be08626c4fa4


Skip to main content
Microsoft
Privacy
Privacy
Privacy
 * Home
 * Privacy dashboard
 * Privacy report
 * Privacy resources
 * Privacy Statement
 * More

 * All Microsoft
   
   
    * GLOBAL
      
      * Microsoft 365
      * Teams
      * Copilot
      * Windows
      * Surface
      * Xbox
      * Deals
      * Small Business
      * Support
    * Software Software
      * Windows Apps
      * AI
      * OneDrive
      * Outlook
      * Skype
      * OneNote
      * Microsoft Teams
    * PCs & Devices PCs & Devices
      * Computers
      * Shop Xbox
      * Accessories
      * VR & mixed reality
    * Entertainment Entertainment
      * Xbox Game Pass Ultimate
      * PC Game Pass
      * Xbox games
      * PC games
      * Windows digital games
      * Movies & TV
    * Business Business
      * Microsoft Cloud
      * Microsoft Security
      * Azure
      * Dynamics 365
      * Microsoft 365 for business
      * Microsoft Industry
      * Microsoft Power Platform
      * Windows 365
    * Developer & IT Developer & IT
      * Developer Center
      * Documentation
      * Microsoft Learn
      * Microsoft Tech Community
      * Azure Marketplace
      * AppSource
      * Visual Studio
    * Other Other
      * Microsoft Rewards
      * Free downloads & security
      * Education
      * Virtual workshops and training
      * Gift cards
      * Licensing
    * View Sitemap


Search Search Microsoft.com
 * No results

Cancel



MICROSOFT GLOBAL DATA PRIVACY NOTICE FOR EMPLOYEES, EXTERNAL STAFF, CANDIDATES
AND GUESTS

Last updated: June 2024 

What's New?


 * Overview
 * Personal Data that We Process
 * Why We Process Personal Data
 * Change of Purpose
 * How and Why We Share Personal Data
 * Your Rights to Your Personal Data
 * Use of Cookies and Web Beacons
 * Workplace Security and Monitoring
 * Security of Your Personal Data
 * Where We Store and Process Personal Data
 * Our Retention of Personal Data
 * Changes to this Privacy Notice
 * How to Contact Us
 * Microsoft’s Employee Privacy Principles
 * California Addendum
 * Canada Addendum
 * China Notice
 * European Union, United Kingdom, and Switzerland
 * Learning and Skills Data Addendum
 * Microsoft Data Programme (MDP) Addendum
 * Türkiye Addendum




OVERVIEW



Your privacy is important to Microsoft (“we”, “us”, “our” or “Microsoft”). We
respect the privacy rights of all individuals and we are committed to handling
personal data responsibly and in accordance with applicable laws and Employee
Privacy Principles. This privacy notice, together with the Addenda and other
notices provided at the time of data collection, explain what personal data
Microsoft collects about you, how we use this personal data, and your rights to
this personal data.

Please note that this privacy notice applies to the handling of your personal
data as an employee, former employee, candidate, guest, or as external staff.
(“External staff” are workers who are not employed by Microsoft and who have
access to Microsoft’s facilities and/or Microsoft’s corporate network. This
could include agency temporary workers, outsourced staff, contractors, and
business guests.) Microsoft has additional governance and privacy requirements
concerning the collection and uses of personal data.

This notice does not cover your use of Microsoft consumer products as a
consumer, or outside of your employment or assignment with Microsoft. Microsoft
consumer products may include services, websites, apps, software, servers, and
devices. To learn more about Microsoft’s data collection practises that cover
your use of Microsoft products as a consumer, please read our Microsoft Privacy
Statement.

This notice is not intended and shall not be read to create any express or
implied promise or contract for employment, for any benefit, or for specific
treatment in specific situations. Nothing in this notice should be construed to
interfere with Microsoft’s ability to process employee data for purposes of
complying with our legal obligations, or for investigating alleged misconduct or
violations of company policy or law, subject to compliance with local legal
requirements.

Microsoft's processing of personal data is in all cases subject to the
requirements of applicable local law, internal policy, and where applicable or
appropriate, any consultation requirements with worker representatives. To the
extent this notice conflicts with local law in your jurisdictions, local law
controls.

Back to top

PERSONAL DATA THAT WE PROCESS (THIS MAY INCLUDE DATA THAT YOU PROVIDE TO US,
THAT WE COLLECT ABOUT YOU, OR THAT WE ASSIGN TO YOU.)

We collect, use, and store (collectively “process”) different types of personal
data about you in the operation of our business. If you are an employee, we
process personal data about you (and your dependents, beneficiaries and other
individuals associated with your employment) primarily for managing our
employment relationship with you and managing your interactions with workplace
facilities/information systems. If you are a former employee, we process
personal data about you primarily for legal compliance. If you are external
staff or guest, the type of personal data we process is limited to what we need
to manage your engagement with Microsoft and access to Microsoft facilities and
information systems. If you are a candidate, the type of personal data we
process is generally limited to what we need to engage with you about Microsoft
career opportunities, consideration of your application for employment to
specific roles at Microsoft, including candidate screening, interview scheduling
and management, lawful background screening, and to on-board you at Microsoft if
you receive and accept an offer of employment with us.

The personal data we process can include, but is not limited to, the following:

Name and contact data. Your first name and surname, employee identification
number, email address, postal address, phone number, photo, beneficiary and
emergency contact details, and other similar contact data. Additionally, you may
opt to provide Microsoft with additional contact information such as personal
email address(es) and/or cell phone number(s).

Demographic data. Your date of birth and gender as well as more sensitive
personal data (also known as special category data) including information
relating to racial and ethnic origin, religious, political or philosophical
beliefs, trade union membership or information about your health, disabilities,
sexual orientation, gender identity, and transgender status. We may also ask
about your parental status and military status.

We process this personal data for a variety of reasons, and this will vary in
our different jurisdictions. Our reasons for processing this data include:

 1. Where it is necessary to comply with local requirements and applicable law.
    For example, we may use this information to comply with anti-discrimination
    laws and government reporting obligations;
 2. To monitor and ensure diversity and equal treatment and opportunity;
 3. To provide work related accommodations or adjustments, to provide health and
    insurance benefits to you and to your dependents, and to manage absences
    from work.

Where the processing of this personal data is not required by law, we will seek
your consent to process your data and, in the consent mechanism, we will explain
the purposes for which we will use your data. This will be voluntary, and you
may decide whether or not to give consent.

National identifiers. Your national ID/passport, citizenship status, residency
and work permit status, social security number, or other taxpayer/government
identification number.

Employment details. Your job title/position, office location and/or remote
working location, employment contract, offer letter, hiring date, termination
date, performance history and disciplinary records, training records, leave of
absence, sick leave and holiday records.

Spouse’s/partner’s and dependents’ information. Your spouse and dependents’
first names and surnames, dates of birth and contact details.

Background information. Your academic and professional qualifications,
education, CV/Resume, credit history and criminal records data (used for
background checks and vetting purposes where permissible and in accordance with
applicable law and consultation requirements).

Video, voice and image. We may collect and use your video, voice and image data,
subject to the requirements of local law, internal policy, and any consultation
requirements with worker representatives (where appropriate).

Financial information. Your bank account details, tax information, salary,
retirement account information, company allowances and other information
necessary to administer payroll, taxes, benefits, and equity and incentive
compensation.

Learning and Skills Data. As described in the Learning and Skills Data Addendum.

Feedback and sentiment data. Your responses to employee listening surveys such
as Employee Signals and Daily Pulse and feedback collected about managers and
co-workers via tools like Manager Feedback and Perspectives.

Workplace, Device, Usage, and Content data. Application data (such as data from
Office 365, Teams, Outlook, or internal business processes) including emails
sent and received, calendar entries, to-do items, instant messages, technical
data and information (containing only limited identifiers, if any personal data
at all) in the context of using (online) applications, building and information
system access, Microsoft devices, system and application usage (including
telemetry) when accessing and using Microsoft corporate buildings and assets.
Please note that more information about the specific types of data Microsoft may
use for product improvement purposes can be found in several resources,
including the Microsoft Data Programme (MDP) addendum to this DPN. We may also
collect personal data about you from third parties or public sources as needed
to support the employment relationship or to engage with you concerning job
opportunities at Microsoft. For example, before and during your employment or
assignment with Microsoft, we may collect information from public professional
networking sources, such as your LinkedIn profile, for recruitment purposes. We
also may conduct lawful background screenings, to the extent permitted by law,
through a third-party vendor for information about your past education,
employment, credit and/or criminal history. In the event of a natural disaster
or other life/safety emergency, we may rely on public social media posts or
other public sources to account for employees if otherwise unable to contact
them. Additionally, if there is an investigation of an incident involving
employees, we may obtain information relevant to the incident from external
sources including private parties, law enforcement or news sources and public
social media posts.

Back to top

WHY WE PROCESS PERSONAL DATA



We collect your personal data for the purposes set out below. Failure to provide
your personal data when requested may prevent us from being able to carry out
these tasks and/or comply with our legal obligations.

1. To administer your employment contract, offer letter or other commitments we
have made to you.

We collect and use your personal data primarily for the purposes of managing our
employment or working relationship with you, and to fulfil our obligations under
your employment contract, or applicable Microsoft policies, including
on-boarding, payroll, benefits and equity compensation administration, pension
and retirement administration, managing holiday and other types of leave, tax
reporting and the like. A few examples include: your employment contract, your
offer letter (e.g., so we can on-board you), promotion history and performance
reviews (e.g., so we can manage our employment relationship with you), and your
bank account and salary details (e.g., so we can pay you or provide HR
benefits).

2. Other overriding and legitimate business purposes

We also may collect and use your personal data when it is necessary for other
legitimate purposes, such as general HR administration, maintaining our global
directory of employees and external staff, general business management and
operations, disclosures for auditing and reporting purposes, measuring employee
sentiment, internal investigations, management of network and information
systems security, administration of business applications and systems, business
operations, workplace analytics, corporate workplace policy compliance,
security, life safety, building management, space planning and allocation,
provision and improvement of employee services and facilities, physical security
and cybersecurity, data protection, for global diversity and inclusion
initiatives, to protect the life and safety of employees and others and in
connection with the sale, assignment or other transfer of all or part of our
business. We also use business data and other workplace usage, device and
content data for organisational and individual analytics and data insight
purposes to improve Microsoft business operations, manager capability and the
employee experience. We may also use special applications and systems that
record employee performance metrics, such as sales related or code databases for
business operations purposes as well as for the purposes of reviewing, rewarding
and coaching employees on their performance and for administration and
assessment of training. We may also process your personal data to investigate
potential violations of law or violations of our internal policies.

Additionally, we may process your personal data to conduct scientific research,
without your additional consent, when viewed as in the public interest and/or
where there is a clear attempt for contributions to generalizable knowledge. In
these cases, we will ensure appropriate technical and organisational controls
are in place to protect your personal data, such as anonymising and aggregating
data to help protect your identity, ensuring use of your personal data is
subject to our privacy standards and conducting ethics and compliance reviews
prior to using your personal data.

As Microsoft enables AI supported experiences in its products, your data may
also be processed by AI to facilitate certain features and experiences deployed
on the Microsoft tenant – including AI co-pilot features such as chatbot
features, summarisation features and similar. Microsoft’s processing of your
data will comply with its commitment to responsible AI.

3. Legally required purposes

We may also use your personal data when necessary to comply with laws and
regulations, including collecting and disclosing personal data as required by
law (e.g. for minimum wage, working time, tax, health and safety,
anti-discrimination laws, global migration, whistleblowing procedures and data
subject rights), under judicial authorisation, or to exercise or defend
Microsoft’s legal rights.

4. Other uses of your data (where permissible and in accordance with applicable
laws and consultation requirements)

We also may collect your internal usage data of Microsoft products, services and
internal applications and tools, including business data created by employees
and external staff, to measure and improve these products and for product
research including human and machine review of data to train AI models and
improve machine learning for Microsoft products and services. Additionally, your
internal usage data may be combined with other business data, including
workplace, device, usage, and content data, for product improvement purposes or
to conduct aggregate analyses to improve internal tools and processes, business
operations, manager capability, and employee experience. Where required by law,
we will seek your consent for such usage; and where your consent is sought, we
will ensure your consent is informed, voluntary, and that you suffer no adverse
consequence from any decision to withhold or revoke your consent.

For eligible employees (i.e., part or full-time employees, interns, apprentices,
or visiting researchers) who enrol in Microsoft Give, with your consent, we
collect and use your personal data to enable voluntary personal donations of
money, Microsoft products, volunteer hours to eligible organisations (i.e.,
certain non-profits or non-governmental organisations), and to inform you of the
benefits and opportunities available through Give. Give is a voluntary benefit
programme from which participants can opt-out and revoke their consent at any
time; however, opt-outs and revocations do not affect previous processing of
personal data. Further information on Microsoft Give is available here.

Back to top

CHANGE OF PURPOSE



We will use your personal data only for the purposes for which it was collected,
unless we reasonably need it for another compatible purpose and there is a legal
basis for further processing. For example, relying upon our legitimate interest
in recruiting candidates for roles at Microsoft, we may process the personal
data you provided while researching job openings. However, once you apply for
and are successful in obtaining a role, we may process your personal data for
the purpose of entering into an employment relationship with you.

Back to top

HOW AND WHY WE SHARE PERSONAL DATA



Microsoft will only share your personal data with those who have a legitimate
business need for it. Whenever we permit a third party to access your personal
data, we will ensure the personal data is used in a manner consistent with this
privacy notice (and any applicable internal data handling guidelines consistent
with the sensitivity and classification of the personal data). Your personal
data may be shared with our subsidiaries and affiliates and other third parties,
including service providers, for the following legitimate purposes:

 1. To carry out the purposes of our personal data processing as described above
    (see section titled: “Why We Process Personal Data”);

 2. To enable third parties to provide services on behalf of Microsoft. Third
    party data recipients include financial investment service providers,
    insurance providers, pension administrators and other benefits providers,
    childcare providers, payroll support services, relocation, tax and travel
    management services, health and safety experts, facility management, legal
    service providers, and security services;

 3. To comply with our legal obligations, regulations, government clearances, or
    contracts, or to respond to data subject rights, a court order,
    administrative or judicial process, such as a subpoena, government audit or
    search warrant. Categories of recipients would include counterparties to
    contracts, judicial and governmental bodies;

 4. In response to lawful requests by public authorities (such as regulatory
    bodies, law enforcement authorities and national security organisations);

 5. To seek legal advice from external lawyers and advice from other external
    professionals such as accountants, management consultants, etc.;

 6. As necessary to establish, exercise or defend against potential, threatened
    or actual litigation;

 7. Where necessary to protect Microsoft, your vital interests, such as safety
    and security, or the vital interests of other persons;

 8. In connection with the sale, assignment or other transfer of all or part of
    our business (such as a potential purchaser and its legal/professional
    advisers); or

 9. Otherwise in accordance with your consent.

Please note that where legal requirements limit the sharing of your personal
data, Microsoft will respect such requirements.

Back to top

YOUR RIGHTS TO YOUR PERSONAL DATA



In some regions, you may have certain rights under applicable data protection
laws (such as the European Union and United Kingdom General Data Protection
Regulation and the Swiss Federal Act on Data Protection). Please see
the Addendum to this notice for additional information by region/country.

Back to top

USE OF COOKIES AND WEB BEACONS



Site pages may use cookies (small text files placed on your device). Cookies and
similar technologies allow us to store and honour your preferences and settings;
enable you to sign-in; combat fraud; and analyse how our websites and online
services are performing.

We also use “web beacons” to help deliver cookies and gather usage and
performance data. Our websites may include web beacons, and cookies, or similar
technologies from third-party service providers.

You have a variety of tools to control the data collected by cookies, web
beacons and similar technologies. For example, you can use controls in your
internet browser to limit how the websites you visit are able to use cookies and
to withdraw your consent by clearing or blocking cookies.

Back to top

WORKPLACE SECURITY AND MONITORING



Microsoft monitors its IT and communications systems through automated tools
such as network authentication and wireless connectivity hardware and software,
anti-malware software, website filtering and spam filtering software, security
software for cloud-based applications, access and transaction logging, mobile
device management solutions, and internal and external audits. The primary
purpose of this monitoring is Microsoft’s legitimate interests in protecting its
employees, customers, and business partners. For example:

 1. For systems, applications, and network security, including in particular the
    security of Microsoft’s IT systems and assets, and the safety and security
    of its employees, external staff and other third parties;
 2. For network and device management and support;
 3. For proof of business transactions and recordkeeping;
 4. For the protection of confidential information and company assets;
 5. For investigating wrongful acts or potential violations of company policy;
    and
 6. For other legitimate business purposes as permitted under applicable law.

We also monitor our offices, and other workplace facilities, through video
monitoring such as closed-circuit television (“CCTV”) and badge scans for
security, life safety, campus utilisation trends and workplace analytics,
corporate workplace policy compliance, and building management purposes. CCTV is
primarily used at office entrance and exit points, elevator lobbies, rooms where
there may be valuable equipment, such as server rooms, and in other select areas
with a high risk for theft or with highly sensitive assets. CCTV is not used in
private spaces such as restrooms, new mothers’ rooms or locker rooms. Nor is it
used to monitor employee workstations for performance reasons.

You should be aware that any message, files, data, document, facsimile,
audio/video, social media post or instant message communications, or any other
types of information transmitted to, through or from, received or printed from,
or created, stored or recorded on our IT and communications systems and assets
(included via the use of personal devices accessing corporate IT systems), are
presumed to be business-related and may be monitored or accessed by us in
accordance with applicable law and workplace agreements (such as works council
agreements), and subject to Microsoft’s own policies on access to and uses of
such data.

Back to top

SECURITY OF YOUR PERSONAL DATA



Microsoft is committed to protecting the security of your personal data. We use
a variety of security technologies and procedures to help protect your personal
data from unauthorised access, use or disclosure. For example, we store the
personal data you provide on limited access computer servers that are located in
controlled facilities, and we protect certain highly confidential or sensitive
personal data through encryption in transfer and at rest.

Back to top

WHERE WE STORE AND PROCESS PERSONAL DATA



Microsoft operates globally and therefore personal data may need to be
transferred to countries outside of where the personal data was originally
collected. For example, because we are headquartered in the United States,
personal data collected in other countries is routinely transferred to the
United States for processing. We transfer personal data from the European
Economic Area, the United Kingdom, and Switzerland to other countries, some of
which have not yet been determined by the European Commission and/or the Swiss
Federal Council to have an adequate level of data protection. For example, their
laws may not guarantee you the same rights, or there may not be a privacy
supervisory authority there that is capable of addressing your complaints. When
we engage in such transfers, we use a variety of legal mechanisms, including
contracts such as the standard contractual clauses published by the European
Commission under Commission Implementing Decision 2021/914, to help protect your
rights and enable these protections to travel with your data. To learn more
about the European Commission’s decisions on the adequacy of the protection of
personal data in the countries where Microsoft processes personal data, see this
article on the European Commission website. We may also transfer personal data
when (i) you have consented to disclosure abroad; (ii) it is necessary for the
conclusion or performance of a contract; (iii) it is necessary to safeguard an
overriding public interest or to establish, exercise, or enforce legal rights;
(iv) it is necessary to protect the life or the physical integrity of you or
another person, and it is not possible to obtain your consent within a
reasonable time; (v) you have made the data generally accessible and have not
explicitly prohibited processing; or (vi) the data originates from a statutory
register to which we have legitimate access.

Microsoft Corporation complies with the EU-U.S. Data Privacy Framework (EU-U.S.
DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy
Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.
Microsoft Corporation has certified to the U.S. Department of Commerce that it
adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF
Principles) with regard to the processing of personal data received from the
European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and
Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Microsoft
Corporation has certified to the U.S. Department of Commerce that it adheres to
the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles)
with regard to the processing of personal data received from Switzerland in
reliance on the Swiss-U.S. DPF. In the context of an onward transfer, Microsoft
Corporation has responsibility for the processing of personal data it receives
under the DPF and subsequently transfers to a third party acting as an agent on
our behalf. Microsoft Corporation remains liable under the DPF if our agent
processes such personal information in a manner inconsistent with the DPF,
unless Microsoft Corporation can prove that we are not responsible for the event
giving rise to the damage. If there is any conflict between the terms in this
privacy statement and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF
Principles, the Principles shall govern. To learn more about the Data Privacy
Framework (DPF) programme, and to view our certification, please visit the US
Department of Commerce’s Data Privacy Framework website. The controlled U.S.
subsidiaries of Microsoft Corporation, as identified in our self-certification
submission, also adhere to the DPF Principles—for more info, see the list
of Microsoft U.S. entities or subsidiaries adhering to the DPF Principles.

If you have a question or complaint related to participation by Microsoft in the
DPF Frameworks, we encourage you to contact us via our web form. For any
complaints related to the DPF Frameworks that Microsoft cannot resolve directly,
we have chosen to co-operate with the relevant EU Data Protection Authority, or
a panel established by the European data protection authorities, for resolving
disputes with EU individuals, the UK Information Commissioner (for UK
individuals) and the Swiss Federal Data Protection and Information Commissioner
(FDPIC) for resolving disputes with Swiss individuals. Please contact us if
you’d like us to direct you to your data protection authority contacts. As
further explained in the DPF Principles, binding arbitration is available to
address residual complaints not resolved by other means. Microsoft is subject to
the investigatory and enforcement powers of the U.S. Federal Trade Commission
(FTC).

Individuals whose personal data is protected by Japan's Act on the Protection of
Personal Information should refer to the article on the Japanese Personal
Information Protection Commission’s website (only published in Japanese) for
more information on the commission’s review of certain countries’ personal data
protection systems.

Back to top

OUR RETENTION OF PERSONAL DATA



We will store personal data in accordance with applicable laws or regulatory
requirements and retain data for as long as necessary to fulfil the purposes for
which the personal data was collected, as documented in our corporate data
retention schedule.

Back to top

CHANGES TO THIS PRIVACY NOTICE



We may occasionally update this privacy notice. When we do, we will revise the
"last updated" date at the top of the privacy notice. If there are material
changes to this privacy notice or in how Microsoft will use your personal data,
we will use reasonable efforts to notify you either by prominently posting a
notice of such changes before they take effect on our websites or by directly
sending you a notification. We encourage you to periodically review this privacy
notice to learn how Microsoft protects your personal data.

Back to top

HOW TO CONTACT US



For copies of additional privacy documents mentioned in this privacy notice, or
if you have a privacy concern or question related to this privacy notice, please
contact AskHR@microsoft.com.

Our address is:

HR Privacy

Microsoft Corporation

One Microsoft Way

Redmond, Washington 98052 USA

Telephone: (+1) 425-882-8080.

Back to top

MICROSOFT’S EMPLOYEE PRIVACY PRINCIPLES



Last updated: June 2024

Microsoft believes that privacy is a fundamental human right. It is core to our
business that consumers and enterprises alike trust us with their data. With
trust, we can empower every individual and organisation on the planet to achieve
more.

Similarly, respecting these principles in the workplace empowers our employees
to do their best work. Our employees power our mission each and every day. Their
trust is essential if we are to achieve that mission. We firmly believe that
employees do not fundamentally give up their privacy rights by virtue of their
employment at Microsoft. We respect the privacy laws and requirements of every
country where we operate. In many cases, Microsoft goes beyond what is required
to ensure that our employees can truly trust that Microsoft will act responsibly
with the data we gather about them and remain our Company’s greatest champions
and advocates.

In short, Microsoft takes a thoughtful, considered, and deliberate approach to
employee privacy that both acknowledges the uniqueness of the employment
relationship while also balancing the Company’s interests in running a secure,
inclusive, efficient, and innovative operation. Our approach is bolstered by a
privacy programme that cares deeply about these issues, as reflected in
Microsoft’s investment in its Employee Data Governance Board (EDGB), which
oversees the requirements of the Microsoft Privacy Standards concerning employee
data, and in partners across Microsoft’s established privacy programme to ensure
that teams treat employee privacy with extraordinary care.

The employment relationship is different from a consumer or customer
relationship, and will at times mean that Microsoft has contractual, legal or
other requirements to use employee data, including to provide required
government reporting (such as reports required of Microsoft as a federal
contractor, or pay-gap reporting in some countries), or take appropriate action
to defend or prosecute legal claims made against or by the Company.

Informed by both our desire to maintain trust and balance the different nature
of the employment relationship, Microsoft has adopted six core employee privacy
principles:

I. Microsoft provides notice about how employee data is used.

Microsoft first and foremost believes employees should have clear and
appropriate notice about how employee data may be used. That notice starts with
Microsoft’ Data Privacy Notice for Employees, External Staff, Candidates and
Guests (DPN). The DPN and its addenda set out the framework for all of
Microsoft’s processing of employee data. If you have not yet taken the
opportunity to review the DPN, we encourage you to do so. The DPN and its
addenda are updated annually, and employees are reminded of the DPN on an annual
basis through required privacy training.

In addition to the DPN, Microsoft will provide more specific privacy notice when
it is required. For example, our Elite dogfooding programme frequently provides
additional notice about the kinds of data being gathered when dogfooding new
products. Additionally, your local employment contract or employee agreement may
also contain provisions related to data processing.

II. When appropriate, Microsoft offers choice on how employee data is used.

While Microsoft does not rely on consent for processing most employee data
(unless legally required), we do believe in offering employees choice as to how
that data is processed, where appropriate. That choice can take many forms. In
some cases, it’s offering employees the ability to opt-out of certain kinds of
product features, or certain truly optional data uses. The Microsoft Data
Programme (MDP) is a good example of this kind of choice. You can read more
about that programme in the MDP Addendum to the DPN. That programme leverages
approved Microsoft business data for product development and improvement,
subject to a number of controls and limitations. Employees in countries where
the programme is active are offered the ability to choose not to participate in
the programme entirely, or to take steps to limit the kinds of data processed by
that programme.

The unique nature of the employment relationship means that choice may be more
limited or not available for certain kinds of data processing (payroll
processing for example or, where permissible, aggregated data analytics).
Similarly, where Microsoft has legal or contractual rights or obligations to
process or disclose data, we cannot allow for choice in how that data is used.

III. Microsoft thoughtfully balances employee and company interests when using
data.

Where processing of employee data is not wholly supported by legal, contractual
or other specific requirements, Microsoft carefully considers its interests in
using the data, and balances that interest against an individual employee’s
privacy interests in the data. In particular, when it comes to using business
data for certain kinds of optional or “secondary” uses, like product
development, workplace analytics, or business insights, Microsoft deeply
considers the impact such use may have on employee privacy, and what controls it
can and should establish to protect employee privacy before proceeding.
Microsoft might, for instance, provide opportunities to opt-out of particular
data uses, ensure data is de-identified, pseudonymized or anonymized before use,
use data aggregation in reporting and analysis, or implement other kinds of
security measures and controls to ensure appropriate use of the data.

A good example of this is in our design and implementation of Viva Insights,
which leverages data to surface insights directly to you to help you make
decisions about how you are investing your time at work. These insights are not
shared with your manager at an individual level, quite deliberately, to keep the
insights at an appropriate team or group level as part of our commitment to
employee privacy.

IV. Use of employee data is appropriately limited and controlled.

When Microsoft does make use of data it takes reasonable steps to ensure that we
only use the data needed to fulfil a particular use. For example, we ask teams
who want to use data for product development or experimentation to tailor their
data needs to those that are strictly necessary for their work. Teams seeking to
use our data must comply with existing privacy requirements or engage in
rigorous processes that review access to, and uses of, employee data to ensure
appropriate minimisation and scope of use. Access to data that is not necessary
to support the intended scope is generally prohibited.

V. Microsoft provides access to employee data.

Microsoft routinely provides its employees access to their own data, such as
their pay, benefits, holiday time, Rewards and Connects, through self-service
portals. Microsoft also provides employees additional access to their individual
data at the employee’s request, to the extent required by local law. Giving
employees self-service access to, and the ability to make corrections and
updates to that data as appropriate, ensures employees always have access to the
data they care about most.

VI. Employee data is protected by industry leading security safeguards

In addition to privacy, the security of our employee data is paramount. Data
related to our employees is carefully controlled. We minimise access to more
sensitive data, such as that used by our HR teams, to those who truly have a
business need to work with it and require teams to respect existing privacy
requirements, or engage in a privacy review, for new uses of data to ensure that
they are appropriate. Our employee data is also considered “customer data” by
our engineering teams, requiring appropriate review, approval and controls
before Microsoft would allow that data to be used.

Back to top

CALIFORNIA ADDENDUM



Last Updated: December 2022

California: Your Rights

If you are an employee, external staff member, or candidate that resides in
California, this section applies to you and supplements the information shared
in the privacy notice.

California residents have specific rights regarding their personal information
under the California Privacy Rights Act (“CPRA”). This section describes your
rights and explains how to exercise those rights. Please note that in the
preceding twelve (12) months, we have not sold your personal information or
shared such information for cross context behavioural advertising. We may
disclose certain personal information, such as your first name and surname,
employee identification number, email address, bank account details, job
title/position, and other similar contact data, financial information, and
employment details with our subsidiaries and affiliates and other third parties,
including service providers who provide services on behalf of Microsoft.

 1. You may request notice of and access to certain information about our
    collection and use of your personal information over the past 12 months.
    Once we receive and confirm your verifiable request, we may disclose to you:
    * The categories of personal information we collected about you.
    * The categories of sources for the personal information we collected about
      you.
    * Our business or commercial purpose for collecting that personal
      information.
    * The categories of third parties with whom we disclosed that personal
      information.
    * The specific pieces of personal information we collected about you (also
      called a data portability request).
    * If we disclosed your personal information for a business purpose, a list
      of disclosures identifying the personal information categories that each
      category of recipient obtained.
 2. You may request that we correct personal information about you that is
    inaccurate.
 3. You may request that we delete your personal information that we collected
    from you and retained, subject to certain exceptions. Once we receive and
    confirm your verifiable request, we will delete or de-identify (and direct
    our service providers to delete or de-identify) your personal information
    from our records, unless an exception applies.

None of these rights are absolute and there may be circumstances in which we are
required or permitted under applicable law not to address your request.

Only you or an authorised agent that you authorise to act on your behalf may
make a verifiable request related to your personal information.

Any verifiable request (including those to delete data) must:

 * Provide sufficient information that allows us to reasonably verify you are
   the person about whom we collected personal information or an authorised
   representative (such as by requiring you to provide a signed written
   authorisation that the agent is authorised to make a request on your behalf).
 * Describe your request with sufficient detail that allows us to properly
   understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we
cannot verify your identity or authority to make the request and confirm the
personal information relates to you. Making a verifiable request does not
require you to create an account with us.

We will not penalise you for exercising any of your rights where prohibited by
law.

You may exercise your rights under the CPRA through one of the following means:

 * Submitting a request to AskHR@microsoft.com
 * Calling us at (+1) 425-882-8080

Back to top

CANADA ADDENDUM



Last updated: October 2023

The following additional provisions apply to employees, candidates and external
staff working in Canada.

Manner of Collection

We collect personal data that you provide directly to us (such as through the
job application process or in connection with the management of your employment
or working relationship) as well as information devices provide to us
automatically, as described above. We may also collect personal data indirectly
with consent. For example, we collect background verification information from
third-party background screening providers and we may also obtain personal data
from recruitment agencies or job references.

Transfer of Personal Data

We and our service providers (including affiliates) may access, store and
otherwise process personal data outside of your province (including, for Quebec
residents, outside of Quebec), including in other parts of Canada, the United
States, and other foreign jurisdictions where we or our service providers are
located. We, our affiliates and our service providers may disclose your personal
data if we are required or permitted by applicable law or legal process, which
may include lawful access by foreign courts, law enforcement or other government
authorities in the jurisdictions in which we or our service providers operate.

Retention

We will process and keep your personal data for as long as is necessary to meet
the purposes for which the information was collected as set out in this policy
and to meet our legal or business requirements, as documented in our corporate
data retention schedule.

Your Rights

Subject to limited exceptions under applicable law, you have the right to
access, update, rectify and correct inaccuracies in your personal data in our
custody and control and withdraw your consent to our collection, use and
disclosure of your personal data (although an employee cannot withdraw consent
to the collection of personal data necessary to administer their employment).
You may request access, updates, rectification, and corrections of inaccuracies
in your personal data in our custody or control or withdraw your consent by
emailing AskHR@microsoft.com. We may require certain personal data for the
purpose of verifying your identity or the identity of the individual making the
request.

How to Contact Us

If you have any questions or comments about this privacy notice or the manner in
which we or our service providers (including our service providers outside
Canada) treat your personal data, or to request access to or correction of your
personal data, or to withdraw your consent, please contact us by
emailing AskHR@microsoft.com.

You can also contact our Privacy Officer by using our web form.

Back to top

CHINA NOTICE



Last updated: May 2022

This China Notice is a supplement to the Microsoft Global Data Privacy
Notice (“DPN”) and provides additional information about personal data
processing as required by the China Personal Information Protection Law and its
implementing rules and regulations (“Applicable Chinese Law”). In case of any
inconsistencies between the DPN and the China Notice, this China Notice
prevails.

With respect to this China Notice, "Personal Data" means "Personal Information"
as defined under Applicable Chinese Law. Personal Data is any electronic or
otherwise recorded information related to identified or identifiable natural
persons, excluding anonymized data.

Personal Data that We Process

In addition to the types of Personal Data described under the “Personal Data
that We Process” section in the DPN, we may also process the following Personal
Data:

 * Household registration information, and if applicable, social relations of
   family members;
 * Current or former employment status;
 * Social benefits information, including information needed for social
   insurance and housing provident fund contributions;
 * Business travel information, including payment information of Microsoft’s
   corporate credit card, and other information related to business trip and
   reimbursement, etc.

Under Applicable Chinese Law, the following non-exhaustive types of Personal
Data that we collect from you, as necessary, may be considered sensitive
Personal Data under Applicable Chinese Law:

 * Demographic and biometric data, including employees’ health information; and
 * Financial information.

Why We Process Personal Data

We process your Personal Data under a lawful basis of processing as provided by
Applicable Chinese Law. Additionally, we process your Personal Data for the
purposes described under the “Why We Process Personal Data” section in the DPN
and for HR and workplace management, including investigations and disciplinary
actions.

We collect and use sensitive Personal Data for the following purposes:

 * Comply with requirements and applicable laws;
 * Administering your employment contract or other commitments we have made to
   you;
 * HR and workplace management, including investigations and disciplinary
   actions; and
 * General business management and operations.

We will adopt strict security measures when processing sensitive Personal Data.

Your Rights to Your Personal Data

We respect your rights under Applicable Chinese Law. Under lawful circumstances,
you may copy, consult, correct, complete, and delete your Personal Data. In
certain circumstances, we may be unable to respond to your request to exercise
your personal rights due to legal requirements, administrative regulations, or
other legitimate purpose of processing Personal Data. You may exercise your
rights via AskHR@microsoft.com.

Cross-Border Transfer of Personal Data

Microsoft operates globally. In order to perform general business management and
operations, carry out HR management, fulfil legal obligations and for other
lawful purposes, Microsoft may transfer Personal Data collected from you in
China to Microsoft’s affiliated entities outside of China, for example, the US,
where Microsoft is headquartered. When your Personal Data is transferred outside
of China, we will ensure that the transfer complies with Applicable Chinese Law
and will implement appropriate and necessary measures to provide an equivalent
level of data protection in accordance with Applicable Chinese Law.

Back to top

EUROPEAN UNION, UNITED KINGDOM, AND SWITZERLAND



Last updated: October 2023


European Union, United Kingdom, and Switzerland: Your Data Subject Rights

In addition to the information shared in the privacy notice, EU, UK, and
Switzerland employees, external staff and candidates (including individuals
working in the EU, UK, and Switzerland, or in some circumstances individuals who
normally reside in the EU, UK, and Switzerland who are working abroad) may have
certain rights under applicable data protection laws, including the EU and UK
General Data Protection Regulation (collectively, the “GDPR”) and local laws
implementing or supplementing the GDPR and the Swiss Federal Act on Data
Protection, including the rights to:

 1. Request access to and obtain a copy of your personal data;
 2. Request rectification (or correction) of inaccurate personal data you have
    provided;
 3. Request erasure (or deletion) of personal data that is no longer necessary
    to fulfil the purposes for which it was collected, or does not need to be
    retained by Microsoft for other legitimate purposes;
 4. Restrict or object to the processing of your personal data; and
 5. If applicable, request your personal data be ported (transferred) to another
    company.

Please note that certain conditions, exceptions apply to these rights and that
application of the above rights may vary depending on the type of personal data
involved, and Microsoft’s particular basis for processing the personal data.

To make a request to exercise one of the above rights, please
contact AskHR@microsoft.com by email or by letter to the following address:

HR Privacy

Microsoft Corporation

One Microsoft Way

Redmond, Washington 98052 USA

We will consider and act upon any requests in accordance with applicable data
protection laws. Please note that we may request certain information from you to
enable us to confirm your identity. We may, in limited circumstances, charge you
a reasonable fee for administrative costs in relation to responding to your
request; however, we will advise you of any fee in advance.

If we are relying on your consent to process your personal data, you have the
right to withdraw your consent at any time. Please note however that this will
not affect the lawfulness of the processing before withdrawal of consent.

EU, UK and Switzerland employees, external staff and candidates (including
individuals working in the EU, UK, and Switzerland, or individuals who normally
reside in the EU, UK, and Switzerland who are working abroad) may also direct
questions about how we handle personal data to our Data Protection Officer by
using our web form.

While we hope we can answer any questions that you may have, if you have
unresolved concerns, you also have the right to complain to a relevant data
protection supervisory authority in the EU, UK, and Switzerland.

For present and former employees, the controller of your personal data is the
Microsoft entity that is or was your employer. For candidates, the controller of
your personal data is the Microsoft entity to which you have applied for a role.
For external staff, the Microsoft entity to which you provide services will be
the controller of your personal data. Microsoft Corporation is also a controller
of certain personal data of the above-mentioned data subjects. Any
privacy-related queries for your data controller should be directed
to AskHR@microsoft.com or by letter to the following address:

HR Privacy

Microsoft Corporation

One Microsoft Way

Redmond, Washington 98052 USA

In addition, the contact information of the controller of your data is provided
in your contract or job application.

Back to top

LEARNING AND SKILLS DATA ADDENDUM



Last updated: June 2024

This addendum applies to Learning and Skills Data that Microsoft processes about
employees and external staff for various purposes, subject to compliance with
local laws, our own internal policies, third-party terms of use (e.g., where
skills data or training is provided by third parties), and applicable
third-party contractual requirements.

Learning and Skills Data are information about your professional development
activities, such as training and achievements, skills, and related interests.
Sources of Learning and Skills Data include information about your:

 * Interactions with Microsoft Learning websites, such as Microsoft Learn or
   LinkedIn Learning, when you authenticate with your Microsoft employee
   account.
 * Internal Microsoft trainings, courses or other offerings delivered by
   Microsoft, that you may attend to develop job, work, role or career-related
   skills. These offerings may be optional, encouraged, expected or even
   required; may be provided live, online or via audio and video recordings; and
   may be targeted broadly or scoped to your business, role or function.
   Examples include: Microsoft’s Standards of Business Conduct Training,
   offerings for Microsoft employees only on LinkedIn Learning, and trainings
   offered via company-wide, divisional or team learning portals.
 * Third-party trainings or courses offered by Microsoft, or linked to your
   Microsoft employee account, or that you choose to share with Microsoft.
   Unlike the internal trainings referenced above, these trainings are delivered
   by third parties, not Microsoft, or are offered through services such as
   LinkedIn or LinkedIn Learning. These trainings may be provided via external
   websites, off-site courses, or delivered (even internally) by third-party
   resources. Like internal trainings, these third-party trainings may be
   targeted broadly or scoped to your business, role or function and may be
   available via commercial or consumer-facing websites. Examples include:
   offerings on LinkedIn Learning, or courses offered by third parties like Dale
   Carnegie or others.
 * Certifications and achievements, such as Microsoft and third-party
   certifications you earn and choose to share. Some jobs, roles or functions
   may require specific certifications. If so, you will receive prior notice of
   such requirements. If certifications are mandatory, you may be required to
   share information about your successful completion of these certifications.
 * Skills you identify or that can otherwise be inferred from your learning or
   professional activities.
 * Participation in Microsoft events, such as Ready, Build, and hackathons.
 * Growth interests, such as the experiences or skills you indicate that you
   would like to build for your growth and development in Connects or other
   contexts, or the content or material you explore related to professional
   development, career planning, skill building, and other learning
   opportunities.
 * Role-based development, such as hands-on or experiential activities you do to
   gain competence in your role.

Microsoft may process various kinds of data from the above sources including
(but not limited to):

 * Contact Information and Demographic Data, for example, your name, contact
   information, job title, job level, profession, etc.;
 * Attendance, performance, and completion data;
 * Feedback about a particular event, course, training or offering;
 * Analytics about your interactions with a training or learning website or
   service;
 * Data about the skills you provide or are observed;
 * Photos, videos or recordings (video and audio) of the training activity or
   event.

Microsoft also collects Learning and Skills Data in various contexts. For
example, Microsoft collects Learning and Skills Data when you:

 * Provide it, for example by sharing your professional development goals with
   your manager in your Connect, joining a Microsoft internal distribution list
   or group affiliated with a certification or professional skill, or updating
   your profile by adding badges designating professional achievements;
 * Authorise a third party to provide it, such as when you direct an educational
   or professional organisation to share your professional achievements with
   Microsoft;
 * Register and participate in Microsoft learning activities, such as attending
   Ready, Build or a hackathon.
 * Use learning services available only to Microsoft employees and/or external
   staff, such as when you view professional development content or interact
   with learning modules; and
 * Use learning services authenticated with your Microsoft employee account,
   such as Microsoft Learn or LinkedIn Learning (subject to applicable terms of
   use for the hosting website and any contractual obligations Microsoft has
   undertaken to access such data).

Microsoft uses Learning and Skills Data for the varied purposes set out below,
which may involve automatic processing using machine learning and artificial
intelligence applications, such as natural language processing.

 1. To manage our employment or working relationship with you – including your
    career development opportunities
    
    We process Learning and Skills Data for the purpose of managing our
    employment or working relationship with you, including fulfilling our
    obligations and commitments to you. Failure to provide your Learning and
    Skills Data when requested may prevent us from being able to carry out these
    tasks and/or comply with our legal obligations. For example, Microsoft uses
    Learning and Skills Data to:
    
    * Verify you have completed training activities required in your role or as
      required by applicable laws;
    * Facilitate, at your direction, professional development and career
      planning;
    * Review, reward, and enhance employee performance and career development;
    * Identify career and growth opportunities for employees;
    * Determine appropriate resources for a particular customer opportunity or
      support scenario;
    * Assess employee potential for advancement;
    * Validate you have attended training paid for or reimbursed by Microsoft;
      and
    * Assist you in identifying content or materials that may be aligned with
      your interests.
    * Administer the learning activities and programmes including, for example,
      verifying prerequisites, communicating with learners or participants about
      the activity or programme, and collecting feedback about the learning
      activity or programme or other related activities.

 2. To provide and improve our products and services
    
    
    We process Learning and Skills Data to provide and improve our products and
    services. For example, when you register for Microsoft training or
    certification exams, we use your Learning and Skills Data to determine if
    you have completed the training and, if appropriate, meet certification
    benchmarks.
    
    We process Learning and Skills Data for the purpose of improving our
    products and services. For example, we may:
    
    * Analyse pseudonymised Learning and Skills Data to determine which learning
      activities are most popular among new employees or employees with certain
      titles;
    * Combine Learning and Skills Data with other business intelligence data to
      identify and evaluate, on an aggregated basis, the effectiveness of
      learning products and services. For example, we may enquire whether
      certain learning activities increase customer satisfaction levels, improve
      employee safety, reduce security incidents or have affect on career
      development opportunities or employee performance; or
    * Use feedback from learning activities to improve our products and
      services. For example, we may receive insights about ways to improve Azure
      when analysing aggregated results of Azure certification exams or
      reviewing feedback received after a training event.

 3. Other lawful purposes
    
    
    We process Learning and Skills Data for other lawful purposes, such as when:
    
    * Necessary for our legitimate business purposes, such as running our
      business, conducting business intelligence, for auditing and reporting
      purposes, managing our network and information systems security, and
      providing and improving employee services.
    * We suspect or discover violations of law or violations of our internal
      policies.
    * Permissible, with your lawfully obtained consent.
    * We consider it necessary for complying with laws and regulations,
      including collecting and disclosing personal data as required by law (e.g.
      for minimum wage, working time, tax, health and safety,
      anti-discrimination laws, global migration and data subject rights), under
      judicial authorisation or to exercise or defend Microsoft’s legal rights.

Back to top

MICROSOFT DATA PROGRAMME (MDP) ADDENDUM



Last updated: June 2024

This addendum applies to the Microsoft Data Programme (MDP) and the
business-related data processed by MDP for purposes of debugging, testing,
developing and improving new and existing products and services (“MDP Data”).
MDP data may be used for scientific research purposes and to train AI and
machine learning models. MDP and the terms of this addendum apply to Microsoft
employees only, including former employees if they were employed at the time the
data is extracted. External staff, guests and candidate data are specifically
excluded from the scope of MDP. More information about the specific terms and
scope of MDP can be found at the Learn More page. Employees may opt-out to limit
their participation in the programme at any time, without adverse consequence by
clicking here http://aka.ms/MDPOptOut.

MDP is aimed primarily at the processing of data or information that is
transmitted, created, exchanged or stored by Microsoft employees using Microsoft
internal systems, software, services, and assets within the scope of their
employment. Microsoft will make reasonable efforts to implement controls to
exclude nonbusiness-related data from the scope of MDP, where possible. While
those controls are intended to limit the scope of MDP to processing Microsoft
business-related data (as described further at the Learn More page), MDP may
incidentally process certain personal content for employees that is created,
stored or transmitted in Microsoft owned or provided systems and resources. When
that occurs, Microsoft will continue to make reasonable efforts to refine its
controls to better exclude such data in the future. At all times, MDP’s
processing of data will comply with the stated requirements for MDP, as well
Microsoft’s internal policies (including the Responsible Use of Technology
Policy), as well as local law.

Sources of MDP data include, but are not limited to, emails and calendar
information in Exchange, files stored in OneDrive for Business, content of
meeting recordings, voice collected on work devices, messages in Viva Engage
(formerly known as Yammer) and Teams, content on SharePoint sites, diagnostic
data from work devices, search data, product and services feedback data, and
internal line of business applications such as those applications developed to
support sales processes (e.g., MSX). These are representative and non-exhaustive
examples of the types of Microsoft business-related data from which MDP may
process data. Up-to-date information concerning MDP can be found at the Learn
More page.

In addition to content-related data from the above sources, Microsoft may also
process various additional kinds of data from the above sources in support of
MDP including (but not limited to):

 * Basic Demographic Data, including, for example, your name and alias, etc.;

 * Meta-data associated with the applicable content, such as time and date
   information, signals related to authorship and modification of data, document
   and meeting titles, etc.; and

 * Telemetry data, such as data related to product and feature usage, associated
   with the above content types and services, or machine-related data such as
   software version history, machine type, operating system version, etc.

Microsoft’s use of MDP data is premised on Microsoft’s legitimate interest in
using its own business data for business-related purposes, as that use strongly
exceeds our employee’s individual interest in the privacy of such
business-related data. Microsoft may process certain MDP data based on employee
consent, to the extent: (1) an individual’s privacy interest would exceed
Microsoft’s interest in the processing; and (2) local law requires Microsoft to
obtain consent prior to such processing. Where consent constitutes the primary
basis for processing data under MDP, Microsoft will in all cases ensure consent
is voluntary and informed and will also ensure employees suffer no adverse
consequence for refusing to give or later revoking such consent, and gain no
specific benefit from choosing to participate or contribute data to MDP.

Back to top

TÜRKIYE ADDENDUM



Last updated: June 2021

Employees in Türkiye: Privacy Notice

With respect to the data processing activities concerning employees, candidates
and external staff in Türkiye, Microsoft Bilgisayar Yazılım Hizmetleri Limited
Şirketi acts as the data controller, within the purposes of the Law on the
Protection of Personal Data numbered 6698 (the “Law”).

With respect to the data processing activities concerning employees, candidates
and external staff of the Liaison Office (MEA HQ) in Türkiye, Microsoft Ireland
Research ULC acts as the data controller, within the purposes of the Law.

In addition to the information shared above, we process personal data relating
to you for the purposes of conducting contract management, audit, and ethics
processes.

Such data may be obtained by means of email, telephone, web services,
courier/post, physical and online forms, as well as photographs and video
recordings during events and organisations, in both physical and electronic
environments.

Personal data are processed on the following legal grounds: being envisaged
under the laws; compliance with legal obligations; being necessary for the
establishment, exercise and protection of a right, conclusion and performance of
an agreement; legitimate interests of the data controller; and if provided, your
explicit consent, as specified within the scope of the Law.

As data subjects, you are entitled to the rights, set forth under Article 11 of
the Law. In accordance with the Communiqué on Principles and Procedures for
Applications to Data Controllers, and to be concluded within 30 days, you may
convey your requests concerning your rights under Article 11 of the Law, by the
following means:

 * Registered email address (KEP): microsoft@hs02.kep.tr
 * Email address: AskHR@microsoft.com (if your email address is registered
   within our systems, you may directly convey your request. However, if your
   email address is not registered within the data controller’s systems, you
   must sign your application with a secure electronic signature or mobile
   signature,)
 * Address for Written Applications: Levent Mah. Aydın Sok. No: 7 Nisbetiye,
   34340 Beşiktaş/İstanbul, Türkiye.

Back to top

Back To Top
What's new
 * Surface Pro
 * Surface Laptop
 * Surface Laptop Studio 2
 * Surface Laptop Go 3
 * Microsoft Copilot
 * AI in Windows
 * Explore Microsoft products
 * Windows 11 apps

Microsoft Store
 * Account profile
 * Download Center
 * Microsoft Store Support
 * Returns
 * Order tracking
 * Virtual workshops and training
 * Microsoft Store Promise

Education
 * Microsoft in education
 * Devices for education
 * Microsoft Teams for Education
 * Microsoft 365 Education
 * Office Education
 * Educator training and development
 * Deals for students and parents
 * Azure for students

Business
 * Microsoft Cloud
 * Microsoft Security
 * Azure
 * Dynamics 365
 * Microsoft 365
 * Microsoft Advertising
 * Microsoft 365 Copilot
 * Microsoft Teams

Developer & IT
 * Developer Center
 * Documentation
 * Microsoft Learn
 * Microsoft Tech Community
 * Azure Marketplace
 * AppSource
 * Microsoft Power Platform
 * Visual Studio

Company
 * Careers
 * About Microsoft
 * Company news
 * Privacy at Microsoft
 * Investors
 * Diversity and inclusion
 * Accessibility
 * Sustainability

Your Privacy Choices Opt-Out Icon Your Privacy Choices Your Privacy Choices
Opt-Out Icon Your Privacy Choices Consumer Health Privacy
 * Contact Microsoft
 * Privacy
 * Manage cookies
 * Terms of use
 * Trademarks
 * About our ads
 * © Microsoft 2024