365Labs Privacy Statement
365Labs Privacy Statement
Cookies
Most 365Labs sites use cookies, small text files placed on your device which web servers in the domain that placed the cookie can retrieve later. We use cookies to store your preferences and settings, help with sign-in, provide targeted ads, and analyze site operations. For more information, see the Cookies and similar technologies section of this privacy statement.
EU-U.S. and Swiss-U.S. Privacy Shield
365Labs adheres to the principles of the EU-U.S. and Swiss-U.S. Privacy Shield frameworks. To learn more, visit the U.S. Department of Commerce’s Privacy Shield website.
Contact us
If you have a privacy concern, complaint, or question for the 365Labs Chief Privacy Officer or EU Data Protection Officer, please contact us by using our web form. For more information about contacting 365Labs, see the How to contact us section of this privacy statement.
Personal data we collect
If you represent an organization, such as a business or school, that utilizes Enterprise and Developer Products from 365Labs, please see the Enterprise and developer products section of this privacy statement to learn how we process your data. If you are an end user of a 365Labs product or a 365Labs account provided by your organization, please see the Products provided by your organization and the 365Labs account sections for more information.
You have choices when it comes to the technology you use and the data you share. When we ask you to provide personal data, you can decline. Many of our products require some personal data to provide you with a service. If you choose not to provide data required to provide you with a product or feature, you cannot use that product or feature. Likewise, where we need to collect personal data by law or to enter into or carry out a contract with you, and you do not provide the data, we will not be able to enter into the contract; or if this relates to an existing product you’re using, we may have to suspend or cancel it. We will notify you if this is the case at the time. Where providing the data is optional, and you choose not to share personal data, features like personalization that use such data will not work for you.
How we use personal data
- Provide our products, which includes updating, securing, and troubleshooting, as well as providing support. It also includes sharing data, when it is required to provide the service or carry out the transactions you request.
- Improve and develop our products.
- Personalize our products and make recommendations.
- Advertise and market to you, which includes sending promotional communications, targeting advertising, and presenting you with relevant offers.
- We collect data about how users interact with our product. This includes data such as access dates and times, app features or pages viewed, app crashes and other app activity, and third-party sites or services used before interacting with our services. In some cases, we collect this data through cookies, pixels, tags, and similar tracking technologies that create and maintain unique identifiers.
- We may collect data about the devices used to access our services, including the hardware models, device IP address, operating systems and versions, software, preferred languages, unique device identifiers, advertising identifiers, serial numbers, device motion data, and mobile network data.
- Audio recordings: In certain jurisdictions, and were permitted by law, users can give voice command and record the audio to interact with the application. Recordings are encrypted and stored on user’s devices within the app.
- Location’s data: 365Labs collects this data when the app is running in the foreground (app open and on-screen) or background (app open but not on-screen) of their mobile device. We collect precise or approximate location data from app user’s mobile device if they enable us to do so. 365Labs collects this data from the time, the app is running in the foreground of their mobile device. We use this data to enhance your use of our apps. This enables us to offer services to the user like customer support.
We also use the data to operate our business, which includes analyzing our performance, meeting our legal obligations, developing our workforce, and doing research.
In carrying out these purposes, we combine data we collect from different contexts (for example, from your use of two 365Labs products) or obtain from third parties to give you a more seamless, consistent, and personalized experience, to make informed business decisions, and for other legitimate purposes.
Our processing of personal data for these purposes includes both automated and manual (human) methods of processing. Our automated methods often are related to and supported by our manual methods. For example, our automated methods include artificial intelligence (AI), which we think of as a set of technologies that enable computers to perceive, learn, reason, and assist in decision-making to solve problems in ways that are similar to what people do. To build, train, and improve the accuracy of our automated methods of processing (including AI), we manually review some of the predictions and inferences produced by the automated methods against the underlying data from which the predictions and inferences were made. For example, we manually review short snippets of a small sampling of voice data we have taken steps to de-identify to improve our speech services, such as recognition and translation.
Reasons we share personal data
How to access and control your personal data
- Control the use of your data for interest-based advertising from 365Labs by visiting our opt-out page.
- Choose whether you wish to receive promotional emails, SMS messages, telephone calls, and postal mail from 365Labs.
- Access and clear some of your data through the 365Labs privacy dashboard.
Not all personal data processed by 365Labs can be accessed or controlled via the tools above. If you want to access or control personal data processed by 365Labs that is not available via the tools above or directly through the 365Labs products you use, you can always contact 365Labs at the address in the How to contact us section or by using our web form.
We provide aggregate metrics about user requests to exercise their data protection rights via the 365Labs Privacy Report.
Cookies and similar technologies
Cookies are small text files placed on your device to store data that can be recalled by a web server in the domain that placed the cookie. We use cookies and similar technologies for storing and honoring your preferences and settings, enabling you to sign in, providing interest-based advertising, combating fraud, analyzing how our products perform, and fulfilling other legitimate purposes. 365Labs apps use additional identifiers, such as the advertising ID in Windows described in the Advertising ID section of this privacy statement, for similar purposes.
We also use “web beacons” to help deliver cookies and gather usage and performance data. Our websites may include web beacons, cookies, or similar technologies from third-party service providers.
You have a variety of tools to control the data collected by cookies, web beacons, and similar technologies. For example, you can use controls in your internet browser to limit how the websites you visit are able to use cookies and to withdraw your consent by clearing or blocking cookies.
Products provided by your organization—notice to end users
If you use a 365Labs product provided by an organization you are affiliated with, such as an employer or school, and you use your work or school account to access that 365Labs product, that organization can:
- Control and administer your 365Labs product and product account, including controlling privacy-related settings of the product or product account.
- Access and process your data, including the interaction data, diagnostic data, and the contents of your communications and files associated with your 365Labs product and product accounts.
If you lose access to your work or school account (in event of change of employment, for example), you may lose access to products and the content associated with those products, including those you acquired on your own behalf, if you used your work or school account to sign in to such products.
Many 365Labs products are intended for use by organizations, such as schools and businesses. Please see the Enterprise and developer products section of this privacy statement. If your organization provides you with access to 365Labs products, your use of the 365Labs products is subject to your organization’s policies, if any. You should direct your privacy inquiries, including any requests to exercise your data protection rights, to your organization’s administrator. When you use social features in 365Labs products, other users in your network may see some of your activity. To learn more about the social features and other functionality, please review documentation or help content specific to the 365Labs product. 365Labs is not responsible for the privacy or security practices of our customers, which may differ from those set forth in this privacy statement.
When you use a 365Labs product provided by your organization, 365Labs’s processing of your personal data in connection with that product is governed by a contract between 365Labs and your organization. 365Labs processes your personal data to provide the product to your organization and you, and for 365Labs’s legitimate business operations related to providing the product as described in the Enterprise and developer products section. As mentioned above, if you have questions about 365Labs’s processing of your personal data in connection with providing products to your organization, please contact your organization. If you have questions about 365Labs’s legitimate business operations in connection with providing products to your organization, please contact 365Labs as described in the How to contact us section. For more information on our legitimate business operations, please see the Enterprise and developer products section.
For 365Labs products provided by your organization, 365Labs will:
- not collect or use student personal data beyond that needed for authorized educational or school purposes;
- not sell or rent student personal data;
- not use or share student personal data for advertising or similar commercial purposes, such as behavioral targeting of advertisements to students;
- not build a personal profile of a student, other than for supporting authorized educational or school purposes or as authorized by the parent, guardian, or student of appropriate age; and
- require that our vendors with whom student personal data is shared to deliver the educational service, if any, are obligated to implement these same commitments for student personal data.
Other important privacy information
Below you will find additional privacy information, such as how we secure your data, where we process your data, and how long we retain your data. You can find more information on 365Labs and our commitment to protecting your privacy at 365Labs Privacy.
Product-specific details:
Enterprise and developer products
Enterprise and Developer Products are 365Labs products and related software offered to and designed primarily for use by organizations and developers. They include:
- Cloud services, referred to as Online Services in the 365Labs Online Services Terms (OST), such as Office 365, 365Labs Azure for which an organization (our customer) contracts with 365Labs for the services (“Enterprise Online Services”).
- Other enterprise and developer cloud-based services.
- Server, developer, and hybrid cloud platform products, such as Windows Server, SQL Server, Visual Studio, System Center, Azure Stack and open source software like Bot Framework solutions (“Enterprise and Developer Software”).
- Appliances and hardware used for storage infrastructure.
- Professional services referred to in the OST that are available with Enterprise Online Services, such as onboarding services, data migration services, data science services, or services to supplement existing features in the Enterprise Online Services.
In the event of a conflict between this 365Labs privacy statement and the terms of any agreement(s) between a customer and 365Labs for Enterprise and Developer Products, the terms of those agreement(s) will control.
You can also learn more about our Enterprise and Developer Products’ features and settings, including choices that impact your privacy or your end users’ privacy, in product documentation.
If any of the terms below are not defined in this Privacy Statement or the OST, they have the definitions below.
General. When a customer tries, purchases, uses, or subscribes to Enterprise and Developer Products, or obtains support for or professional services with such products, 365Labs receives data from you and collects and generates data to provide the service (including improving, securing, and updating the service), conduct our legitimate business operations, and communicate with the customer. For example:
- When a customer engages with a 365Labs sales representative, we collect the customer’s name and contact data, along with information about the customer’s organization, to support that engagement.
- When a customer interacts with a 365Labs support professional, we collect device and usage data or error reports to diagnose and resolve problems.
- When a customer pays for products, we collect contact and payment data to process the payment.
- When 365Labs sends communications to a customer, we use data to personalize the content of the communication.
- When a customer engages with 365Labs for professional services, we collect the name and contact data of the customer’s designated point of contact and use information provided by the customer to perform the services that the customer has requested.
The Enterprise and Developer Products enable you to purchase, subscribe to, or use other products and online services from 365Labs or third parties with different privacy practices, and those other products and online services are governed by their respective privacy statements and policies.
Productivity and communications products
Productivity and communications products are applications, software, and services you can use to create, store, and share documents, as well as communicate with others.
Search, 365Labs Edge, and artificial intelligence
Search and artificial intelligence products connect you with information and intelligently sense, process, and act on information—learning and adapting over time.
365Labs California Consumer Privacy Act. Addendum
This Addendum supplements the information contained in the 365Labs Privacy Policy and applies to Website visitors, Customers, Users, Registrants, End Users, Affiliates and other individuals (incl. households) who are residents of the State of California, USA (“consumer”, “you”, “your”).
For avoidance of doubt, the term “data subject” used in the Privacy Policy shall correspond to the term “consumer” used herein and the term “personal data” in the Privacy Policy shall be equivalent to the term “personal information” used herein. All other terms which are not explicitly defined in this Addendum shall have the meaning as set forth in the Privacy Policy.
This Addendum is drafted in compliance with the California Consumer Privacy Act (“CCPA”) and other relevant California privacy laws and its purpose is to provide additional privacy disclosures and to inform you of your additional rights as a California resident.
Categories of Personal Information Collected
We collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer (“personal information”), depending on the Services used:
- Identifiers (like your name, contact information, and device and online identifiers);
- Commercial information (your billing information and purchase history, for example);
- Internet or other electronic network activity information.
- Geolocation data (such as your location based on your IP address).
- Audio, electronic, visual or similar information (such as your profile picture, if you uploaded one).
- Professional or employment-related information
- Inferences we make (such as likelihood of retention or attrition).
Apart from you, being the main source of information we collect about you, we may also collect personal information from publicly accessible sources and/or third parties, such as our affiliates, trusted partners, including but not limited to marketing, advertising, security service providers, etc. You can find more information about what we collect and sources of that information in the Personal data we collect section of the Privacy Policy.
We collect personal information for the business and commercial purposes described in the How We Use Personal Data section of the Privacy Policy.
We may disclose and share personal information to categories of third parties as set forth in the Reasons we share personal data section of the Privacy Policy.
Sharing Information
We may share information about you in limited circumstances, and with appropriate safeguards on your privacy.
- Third-party vendors: We may share information about you with third-party vendors who need the information in order to provide their services to us. This includes vendors that help us provide our Services to you (like vendors who process your credit and debit card information to make transaction, payment providers, cloud storage services, customer chat and email support services that help us communicate with you, registrars, registries); those that assist us with our marketing efforts (e.g., by providing tools for identifying a specific marketing target group or improving our marketing campaigns, and by placing ads to market our services); those that help us understand and enhance our Services (like analytics providers); who may need information about you in order to, for example, provide technical or other support services to you. We require vendors to agree to privacy commitments in order to share information with them.
- Legal and regulatory requirements: We may disclose information about you in response to a subpoena, court order, or other governmental request.
- Business transfers: In connection with any merger, sale of company assets, or acquisition of all or a portion of our business by another company, user information would likely be one of the assets that is transferred or acquired by a third party. If any of these events were to happen, this Privacy Policy would continue to apply to your information and the party receiving your information may continue to use your information, but only consistent with this Privacy Policy.
- With your consent: We may share and disclose information with your consent or at your direction. For example, we may share your information with third parties when you authorize us to do so.
- Aggregated or de-identified information: We may share information that has been aggregated or de-identified, so that it can no longer reasonably be used to identify you. For instance, we may publish aggregate statistics about the use of our Services or share a hashed version of your email address to facilitate customized ad campaigns on other platforms.
- Published support requests: If you send us a request for assistance (for example, via a support email or one of our other feedback mechanisms), we reserve the right to publish that request in order to clarify or respond to your request, or to help us support other users.
Selling information
365Labs does not sell our users’ data. We aren’t a data broker, we don’t sell your personal information to data brokers, and we don’t sell your information to other companies.
Consumer rights under the CCPA
If you are a California resident, you have additional rights under the CCPA, subject to any exemptions provided by the law, including the right to:
- Request to know the categories of personal information we collect, the categories of business or commercial purpose for collecting and using it, the categories of sources from which the information came, the categories of third parties we share it with, and the specific pieces of information we collect about you.
- Request deletion of personal information we collect or maintain.
- Opting out of any sale of personal information; and
- Not receive discriminatory treatment for exercising your rights under the CCPA.
Contacting Us About These Rights
As per the CCPA 365Labs shall take into consideration the following requirements when answering a consumer’s request:
- The consumer shall place a verifiable consumer request. 365Labs is not obliged to provide information to the consumer if it cannot verify that the consumer making the request is the consumer about whom 365Labs has collected information or is a person authorized by the consumer to act on consumer’s behalf;
- 365Labs is obliged to provide the required information no more than twice in 12 (twelve) months;
- The provision of information by 365Labs is generally free of charge;
- 365Labs shall provide the required information within 45 (forty-five) days of receiving the consumer’s request. The time period to provide the required information may be extended once by an additional 45 (forty-five) days when reasonably necessary, and upon notification to the consumer. The disclosure shall cover the 12-month period preceding the receipt of the verifiable consumer request and shall be made in writing and delivered through the consumer’s Client Area, if the consumer maintains an account with us, or by mail or electronically at the consumer’s option if the consumer does not maintain an account with us, in a readily useable format that allows the consumer to transmit this information from one entity to another without hindrance. 365Labs may require authentication of the consumer that is reasonable in light of the nature of the personal information requested, but shall not require the consumer to create an account in order to make a verifiable consumer request. If the consumer maintains an account with 365Labs, we may require the consumer to submit the request through its Client Area.