Microsoft Online Privacy Statement

Related Links

• Security at Home
• Trustworthy Computing
• FTC Privacy Initiatives

(last updated: January 2006)

Collection of Your Personal Information

In order to access some Microsoft services, you will be asked to sign in with an e-mail address and password, which we refer to as your credentials. In most cases, these credentials will be part of the Microsoft Passport Network, which means you can use the same credentials to sign in to many different Microsoft sites and services, as well as those of select Microsoft partners. By signing in on one Microsoft site or service, you may be automatically signed into other Microsoft sites and services. If you access our services via a mobile phone, you may also use your telephone number and a PIN as an alternative credential to your username and password. As part of creating your credentials, you may also be requested to provide questions and secret answers, which we use to help verify your identity and assist in resetting your password, as well as an alternate email address. Some services may require added security, and in these cases, you may be asked to create an additional security key. Finally, a unique ID number will be assigned to your credentials which will be used to identify your credentials and associated information.

At some Microsoft sites, we ask you to provide personal information, such as your e-mail address, name, home or work address or telephone number. We may also collect demographic information, such as your ZIP code, age, gender, preferences, interests and favorites. If you choose to make a purchase or sign up for a paid subscription service, we will ask for additional information, such as your credit card number and billing address, that is used to create a Microsoft billing account.

We may collect information about your visit, including the pages you view, the links you click and other actions taken in connection with Microsoft sites and services. We also collect certain standard information that your browser sends to every website you visit, such as your IP address, browser type and language, access times and referring Web site addresses.

When you receive newsletters or promotional e-mail from Microsoft, we may use web beacons (described below), customized links or similar technologies to determine whether the e-mail has been opened and which links you click in order to provide you more focused e-mail communications or other information.

In order to offer you a more consistent and personalized experience in your interactions with Microsoft, information collected through one Microsoft service may be combined with information obtained through other Microsoft services. We may also supplement the information we collect with information obtained from other companies. For example, we may use services from other companies that enable us to derive a general geographic area based on your IP address in order to customize certain services to your geographic area.

Use of Your Personal Information

Microsoft collects and uses your personal information to operate and improve its sites and deliver the services or carry out the transactions you have requested. These uses may include providing you with more effective customer service; making the sites or services easier to use by eliminating the need for you to repeatedly enter the same information; performing research and analysis aimed at improving our products, services and technologies; and displaying content and advertising that are customized to your interests and preferences.

We also use your personal information to communicate with you. We may send certain mandatory service communications such as welcome letters, billing reminders, information on technical service issues, and security announcements. Some Microsoft services, such as MSN Hotmail, may send periodic member letters that are considered part of the service. We may also occasionally send you product surveys or promotional mailings to inform you of other products or services available from Microsoft and its affiliates.

Personal information collected on Microsoft sites and services may be stored and processed in the United States or any other country in which Microsoft or its affiliates, subsidiaries or agents maintain facilities, and by using a Microsoft site or service, you consent to any such transfer of information outside of your country. Microsoft abides by the safe harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of data from the European Union.

Sharing of Your Personal Information

Except as described in this statement, we will not disclose your personal information outside of Microsoft and its controlled subsidiaries and affiliates without your consent. Some Microsoft sites allow you to choose to share your personal information with select Microsoft partners so that they can contact you about their products, services or offers. Other sites, such as MSN, do not share your contact information with third parties for marketing purposes, but instead may give you a choice as to whether you wish to receive communications from Microsoft on behalf of external business partners about a partner's particular offering (without transferring your personal information to the third party). See the Communication Preferences section below for more information.

Some Microsoft services may be co-branded and offered in conjunction with another company. If you register for or use such services, both Microsoft and the other company may receive information collected in conjunction with the co-branded services.

We occasionally hire other companies to provide limited services on our behalf, such as handling the processing and delivery of mailings, providing customer support, hosting websites, processing transactions, or performing statistical analysis of our services. Those companies will be permitted to obtain only the personal information they need to deliver the service. They are required to maintain the confidentiality of the information and are prohibited from using it for any other purpose.

We may access and/or disclose your personal information if we believe such action is necessary to: (a) comply with the law or legal process served on Microsoft; (b) protect and defend the rights or property of Microsoft (including the enforcement of our agreements); or (c) act in urgent circumstances to protect the personal safety of users of Microsoft services or members of the public.

Accessing Your Personal Information

You may have the ability to view or edit your personal information online. In order to help prevent your personal information from being viewed by others, you will be required to sign in with your credentials (e-mail address and password). The appropriate method(s) for accessing your personal information will depend on which sites or services you have used.

Some Microsoft sites or services may collect personal information that is not accessible via the links above. However, in such cases, you may be able to access that information through alternative means of access described by the service. Or you can write us by using our Web form , and we will contact you within 30 days regarding your request.

Communication Preferences

You can stop the delivery of future promotional e-mail from Microsoft sites and services by following the specific instructions in the e-mail you receive.

You may also have the option of proactively making choices about the communications you receive from particular Microsoft sites or services by visiting and signing into the following pages:

These communication choices do not apply to mandatory service communications that are considered part of certain Microsoft services, which you may receive periodically unless you cancel the service.

Security of Your Personal Information

Microsoft is committed to protecting the security of your personal information. We use a variety of security technologies and procedures to help protect your personal information from unauthorized access, use, or disclosure. For example, we store the personal information you provide on computer systems with limited access, which are located in controlled facilities. When we transmit highly confidential information (such as a credit card number or password) over the Internet, we protect it through the use of encryption, such as the Secure Socket Layer (SSL) protocol.

If a password is used to help protect your accounts and personal information, it is your responsibility to keep your password confidential. Do not share this information with anyone. If you are sharing a computer with anyone you should always choose to log out before leaving a site or service to protect access to your information from subsequent users.

Collection and Use of Children's Personal Information

Many Microsoft sites and services are intended for general audiences and do not knowingly collect any personal information from children. When a Microsoft site does collect age information, and users identify themselves as under 13, the site will either block such users from providing personal information, or will seek to obtain consent from parents for the collection, use and sharing of their children's personal information. We will not knowingly ask children under the age of 13 to provide more information than is reasonably necessary to provide our services.

Please note that if you grant consent for your child to use Microsoft services, this will include such general audience communication services as e-mail, instant messaging, and online groups, and your child will be able to communicate with, and disclose personal information to, other users of all ages. Parents can change or revoke the consent choices previously made, and review, edit or request the deletion of their children's personal information.  For example, on MSN and Windows Live, parents can visit Account Services, and click on “Permission for kids.”  If we change this privacy statement in a way that expands the collection, use or disclosure of children's personal information to which a parent has previously consented, the parent will be notified and we will be required to obtain the parent's additional consent.

If you have an MSN Premium, MSN Plus, or MSN 9 Dial-Up account, you can choose to set up MSN Parental Controls for the other users of that account. Please read the supplemental information for MSN Premium for further information. We also offer an area that is specifically designed for children at http://kids.msn.com/ which has a special privacy statement that informs children and parents about the MSN Kids area, describes the additional privacy protections provided in this area, and provides children with tips on how to protect themselves online.

We encourage you to talk with your children about communicating with strangers and disclosing personal information online. You and your child can visit our online safety resources for additional information about using the Internet safely.

Use of Cookies

Microsoft Web sites use "cookies" to enable you to sign in to our services and to help personalize your online experience. A cookie is a small text file that is placed on your hard disk by a Web page server. Cookies contain information that can later be read by a web server in the domain that issued the cookie to you. Cookies cannot be used to run programs or deliver viruses to your computer.

Microsoft Web sites use cookies to store your preferences and other information on your computer in order to save you time by eliminating the need to repeatedly enter the same information and to display your personalized content and appropriate advertising on your later visits to these sites.

When you sign in to a site using your credentials, the Microsoft Passport Network stores your unique ID number, and the time you signed in, in an encrypted cookie on your hard disk. This cookie allows you to move from page to page at the site without having to sign in again on each page. When you sign out, these cookies are deleted from your computer. The Passport Network also uses cookies to improve the sign in experience. For example, your e-mail address may be stored in a cookie that will remain on your computer after you sign out. This cookie allows your e-mail address to be pre-populated, so that you will only need to type your password the next time you sign in. If you are using a public computer or do not otherwise want this information to be stored, you can select the appropriate radio button on the sign-in page, and this cookie will not be used.

You have the ability to accept or decline cookies. Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to sign in or use other interactive features of Microsoft sites and services that depend on cookies.

Use of Web Beacons

Microsoft Web pages may contain electronic images known as Web beacons - sometimes called single-pixel gifs - that may be used to assist in delivering cookies on our sites and allow us to count users who have visited those pages and to deliver co-branded services. We may include Web beacons in promotional e-mail messages or our newsletters in order to determine whether messages have been opened and acted upon.

Microsoft may also employ Web beacons from third parties in order to help us compile aggregated statistics and determine the effectiveness of our promotional campaigns. We prohibit Web beacons on our sites from being used by third parties to collect or access your personal information.

Finally, we may work with other companies that advertise on Microsoft sites to place Web beacons on their sites in order to allow us to develop statistics on how often clicking on an advertisement on a Microsoft site results in a purchase or other action on the advertiser's site.

Use of Third Party Ad Networks

The majority of the online banner advertisements you see on Microsoft Web pages are displayed by Microsoft. However, we allow other companies, called third-party ad servers or ad networks, to display advertisements on Microsoft Web pages. Some of these ad networks may place a persistent cookie on your computer in order to recognize your computer each time they send you an online advertisement. In this way, ad networks may compile information about where you, or others who are using your computer, saw their advertisements and determine which ads are clicked on. This information allows an ad network to deliver targeted advertisements that they believe will be of most interest to you. Microsoft does not have access to the cookies that may be placed by the third-party ad servers or ad networks.

Microsoft maintains relationships with a number of the third-party ad networks currently operating such as: Avenue A; BlueStreak; DoubleClick; Mediaplex; Pointroll; RealMedia; TangoZebra; and Unicast. Those ad networks that use persistent cookies may offer you a way to opt out of ad targeting. You may find more information at the Web site of either the individual ad network or the Network Advertising Initiative.

Controlling "Spam" or Unsolicited E-mail

Microsoft is concerned about controlling unsolicited commercial e-mail, or "spam." Microsoft has a strict Anti-Spam Policy prohibiting the use of a Hotmail or other MSN e-mail account to send spam. Microsoft will not sell, lease or rent its e-mail subscriber lists to third parties. While Microsoft continues to actively review and implement new technology, such as expanded filtering features, there is no currently available technology that will totally prevent the sending and receiving of unsolicited e-mail. Using tools such as the Inbox Protector and being cautious about the sharing of your e-mail address while online will help reduce the amount of unsolicited e-mail you receive.

TRUSTe Certification

Microsoft is a member of the TRUSTe Privacy Program. TRUSTe is an independent, non-profit organization whose mission is to build trust and confidence in the Internet by promoting the use of fair information practices. Because we want to demonstrate our commitment to your privacy, we have agreed to disclose our information practices and have our privacy practices reviewed for compliance by TRUSTe. The TRUSTe program covers only information that is collected through Microsoft's Web sites, and does not cover information that may be collected through software downloaded from such sites.

Enforcement of This Privacy Statement

If you have questions regarding this statement, you should first contact us by using our Web form. If you do not receive acknowledgement of your inquiry or your inquiry has not been satisfactorily addressed, you should then contact http://www.truste.org/consumers/watchdog_complaint.php. TRUSTe will serve as a liaison with Microsoft to resolve your concerns.

Changes to This Privacy Statement

We will occasionally update this privacy statement to reflect changes in our services and customer feedback. When we post changes to this Statement, we will revise the "last updated" date at the top of this statement. If there are material changes to this statement or in how Microsoft will use your personal information, we will notify you either by prominently posting a notice of such changes prior to implementing the change or by directly sending you a notification. We encourage you to periodically review this statement to be informed of how Microsoft is protecting your information.