Professional Documents
Culture Documents
July 2014
Microsoft Confidential For Internal Use Only
Table of Contents
PART I: INTRODUCTION .................................................. 2
Purpose ....................................................................... 2
Overview of the OST ................................................... 2
PART II: ANNOTATED DOCUMENT ................................. 5
INTRODUCTION .......................................................... 5
Prior Versions ........................................................ 5
Clarifications and Summary of Changes.............. 5
GENERAL TERMS......................................................... 6
Definitions ............................................................. 6
Online Service Term Updates .............................. 8
Regulatory Changes & International Availability 8
Data Retention ...................................................... 9
Use of Software with the Online Service ............ 9
Non-Microsoft Products ..................................... 11
Acceptable Use Policy ......................................... 11
Technical Limitations .......................................... 12
Compliance with Laws ........................................ 12
Acquired Rights ................................................... 13
Electronic Notices ............................................... 13
License Reassignment ......................................... 13
Font Components ................................................ 14
Multiplexing ......................................................... 14
PRIVACY AND SECURITY TERMS .............................. 14
General Privacy and Security Terms .................. 14
Scope ................................................................ 14
Use of Customer Data ...................................... 14
Disclosure of Customer Data ............................ 15
Educational Institutions ................................... 15
Security ............................................................. 16
Security Incident Notification ........................... 16
Location of Data Processing ............................. 16
Preview Releases .............................................. 16
Use of Subcontractors ...................................... 16
How to Contact Microsoft ................................ 17
Data Processing Terms ....................................... 18
This annotation is provided to help you talk with Customers about their licensing obligations and Microsofts
privacy and security commitments with regard to Online Services. This explanation is not intended to provide
negotiating positions or fallbacks, as the terms of this OST are generally not negotiable. Privacy and security
language in particular has been specifically reviewed and approved by Regulatory Affairs and each of the
Product Groups and is closely tailored to reflect (a) the technical capabilities of the Online Services and
(b) ongoing discussions with and approvals by regulatory authorities.
Page 1 of 56
Microsoft Confidential For Internal Use Only
Updates to service terms. For each subscription, the terms in the OST now are locked for the length of
the Customers subscription period (i.e., up to 3 years in case of a subscription purchased under an EA).
AUP. We updated the Acceptable Use Policy to include/clarify high risk use and the conditions for
Microsoft suspending a service.
Privacy & Security Terms. A new Privacy & Security section has been added that includes two
sections: (1) General Privacy & Security terms, which cover all enterprise Online Services and replace the
long list of links that were in the OLSUR, and (2) For Azure, CRM Online, Intune and Office 365, Data
Processing Terms (including the EU Model Clauses), which are essentially the same as the Data
Processing Agreement formerly offered only by amendment.
Page 2 of 56
Microsoft Confidential For Internal Use Only
Confirm whether any briefings (regarding privacy, security, and similar matters) have been or will be
conducted for the customer. We recommend that online services sellers conduct an online services principles
and security discussion with the negotiation team.
2.
Familiarize yourself with the enterprise cloud services by reviewing the latest service descriptions for changes
since your last review. The material in each Trust Center is a key tool in addressing customer concerns with
language in the Data Processing Terms of the OST.
3.
Review the scope of services under consideration by the customer. The Data Processing Terms do not cover
certain services, such as Microsoft Social Listening, Microsoft Dynamics Marketing, Yammer or Office 365 Pro
Plus subscription. These services are not subject to the same Microsoft controls and have their own approach
to security and compliance documentation. In some case, separate resources are available to explain the
approach taken by services and features not covered by the Data Processing Terms.
4.
Review this annotation. This guide has an annotated section that explains the underlying technical, legal and
contractual issues that the OST tackles. Competence and credibility in explaining both the contracts (including
the OST) and the underlying technology will help close the deal. This guide is intended to help you get to that
level in preparation.
Our internal controls. Controls are items on a monitored and managed checklist of things that Microsoft
engineering teams must always do (or never do) in running the applicable cloud service. Controls may be
implemented in technology, by policy, or by a combination of both. Controls can apply to day-to-day
operations or can apply to future engineering work to change the cloud service.
2.
Regulations. Many terms reflect language used in the EU Data Protection Directive, since the Data
Processing Terms were drafted to allow us to accept and commit to this directive. They allow customers to be
confident that Microsoft has made a commitment to meet exactly the wording of the EU Directive. The idea is
to make the customer successful when using a cloud service subject to the EU Directive or similar regulations.
3.
Our positions. The contract provisions may be positions we have taken in offering the serviceeither to limit
our risk exposure or to provide compelling differentiation from our competitors. While we want to provide
compelling terms to customers, we also need to retain the ability to innovative and make changes to the
services. Some of the provisions in the Data Processing Terms of the OST are a balancing act between these
two conflicting goals.
Page 3 of 56
Microsoft Confidential For Internal Use Only
Page 4 of 56
Microsoft Confidential For Internal Use Only
Explanation
Prior Versions
The OST provides terms for Online Services that are currently
available. For earlier versions Customer may refer to
http://go.microsoft.com/?linkid=9840733 or contact its
reseller or Microsoft Account Manager.
Name Change
In addition to the changes above. Online Services formerly
named Windows Azure are now named Microsoft Azure.
Page 5 of 56
Microsoft Confidential For Internal Use Only
Definitions
If any of the terms below are not defined in Customers
volume licensing agreement, they have the definitions below.
Explanation
The OLSUR listed several types of subscription licenses
(SLs) (User, Device, Add-on, or Service) and left the
designation of the required SL to the Online Servicespecific Terms for each Online Service. This approach
required us to have Online Service-specific Terms for
every Online Serviceif only to tell the customer what
kind of SL was needed.
This introductory paragraph now provides a default
approach: each user of a service must have a user
subscription license (USL). If a different SL is required,
then the Online Service-specific Terms will say that.
Providing this default means that (1) we do not need to
have Online Service-specific Terms for every Online
Service, and (2) we can move away from the complex,
two-column requirements tables used in the OLSUR
(without changing the business requirements).
Since there are technical restrictions in place that require
users to have an assigned SL to use the service, this
simplified approach should be sufficient.
The OST is incorporated into every VL agreement that is
used to sell Online Services. As a result, not all terms are
defined in all agreements, so we need to provide the
definitions in this section to cover those agreements that
do not include one or more of them.
Page 6 of 56
Microsoft Confidential For Internal Use Only
Explanation
Page 7 of 56
Microsoft Confidential For Internal Use Only
Explanation
In response to Customers concerns that Microsoft could
change the terms of its service arbitrarily, this term now
describes Microsofts commitment to the terms that are
in place when a Customer starts (or renews) a
subscription. The version of the OST that is in place when
a Customer starts (or renews) a subscription will govern
those services for the full subscription term. This is an
improvement over the terms in the OLSUR, which made a
12-month commitment.
If and when new features, etc. are added to the services,
new terms may apply to Customers use of those new
features.
Q: What if the subscription is month-to-month?
A: With each new month, the then-current OST applies.
Q: Can the OST be locked for the entire 6-year term +
renewal period of an Enterprise Agreement?
A: No. The EA renewal is a new subscription term.
Q: Can we lock the OST terms for the term (or renewal
term) of the EA for all subscriptions?
A: No. Doing so would provide much less certainty
around how new features and services (including those
that are acquired by Microsoft) are offered to Customers
and what terms would apply to those features and
services.
Page 8 of 56
Microsoft Confidential For Internal Use Only
Explanation
Microsoft provides a retention period so that a Customer
can copy or relocate its data after an Online Service
subscription has expired. The retention period is a
limited function period, which means that
administrators have access to ensure all data has been
extracted, but users no longer have access to their
accounts.
Prior versions of the OLSUR indicated that a Customer
could contact Microsoft prior to the end of the retention
period and ask to have its data deleted. That language
has been removed because it caused customer confusion
and because several services could not offer that right.
Ultimately, we are comfortable that deletion of Customer
Data in the ordinary course of Microsofts operation of
each Online Service will meet customer needs.
This provision does not obligate Microsoft to delete the
data after the retention period ends; it is a commitment
regarding data retention, not data deletion. After the
retention period ends, Microsoft will delete the Customer
Data, but that deletion timeline is operationally different
for each Online Service. Note that for Online Services that
offer data processing terms, Microsoft does commit to
delete Customer Data within 180 days after the Online
Service ends.
Q: Can the 90-day period be extended? Even if the
customer is willing to pay for the extension period?
A: No and no. This is not possible because of the way in
which the services are operatedto change the period
would require us to change the engineering of the
services. The only way to extend the retention period is to
pay for extra months at the end of the subscription.
Page 9 of 56
Microsoft Confidential For Internal Use Only
Explanation
Page 10 of 56
Microsoft Confidential For Internal Use Only
Explanation
Microsoft isnt responsible for Non-Microsoft Products,
even if those products are made available through a
Microsoft store or gallery.
Microsofts Acceptable Use Policy reflects industrystandard requirements for use of online services. It has
not been altered from the version included in the OLSUR,
except to describe in further detail the prohibition on
high risk use that was previously explained via a
defined term.
An important addition to this term is Microsofts
commitment to suspend Online Services only to the
extent reasonable necessary and to provide reasonable
notice prior to suspension when possible. These terms
should provide assurances to the Customer that the
suspension right tied to the AUP is intended only to
prevent harm or damage to Microsoft, the Customer, and
third parties.
Page 11 of 56
Microsoft Confidential For Internal Use Only
Explanation
Technical limitations are imposed for numerous reasons
including to ensure compliance with laws and to prevent
unauthorized use of the services.
Page 12 of 56
Microsoft Confidential For Internal Use Only
Electronic Notices
Microsoft may provide Customer with information and
notices about Online Services electronically, including via
email, through the portal for the Online Service, or through a
web site that Microsoft identifies. Notice is given as of the
date it is made available by Microsoft.
License Reassignment
Most, but not all, SLs may be reassigned. Except as permitted
in this paragraph or in the Online Service-specific Terms,
Customer may not reassign an SL on a short-term basis (i.e.,
within 90 days of the last assignment). Customer may reassign
an SL on a short-term basis to cover a users absence or the
unavailability of a device that is out of service. Reassignment
of an SL for any other purpose must be permanent. When
Customer reassigns an SL from one device or user to another,
Customer must block access and remove any related software
from the former device or from the former users device.
Explanation
This section is here to address European employment
laws that protect employees in the event of transfer of
business interests, such as a transfer made in a merger or
acquisition event. This term asks that both parties
commit to be responsible for the costs of any claims
brought by their respective employees under such laws.
Page 13 of 56
Microsoft Confidential For Internal Use Only
Multiplexing
Hardware or software that Customer uses to pool
connections; reroute information; reduce the number of
devices or users that directly access or use the Online Service
(or related software); or reduce the number of OSEs, devices
or users the Online Service directly manages (sometimes
referred to as multiplexing or pooling) does not reduce
the number of licenses of any type (including SLs) that
Customer needs.
Explanation
In order to offer a range of fonts in its productivity tools
at no additional cost to Customer, Microsoft needs to
include these rules against distribution of the fonts.
General Privacy and Security Terms, which apply to all Online Services; and
Data Processing Terms, which are additional commitments for certain Online Services.
Page 14 of 56
Microsoft Confidential For Internal Use Only
Educational Institutions
If Customer is an educational agency or institution to which
regulations under the Family Educational Rights and Privacy
Act, 20 U.S.C. 1232g (FERPA) apply, Microsoft acknowledges
that for the purposes of the OST, Microsoft is a school official
with legitimate educational interests in the Customer Data,
as those terms have been defined under FERPA and its
implementing regulations, and Microsoft agrees to abide by
the limitations and requirements imposed by 34 CFR 99.33(a)
on school officials.
Customer understands that Microsoft may possess limited or
no contact information for Customers students and students
parents. Consequently, Customer will be responsible for
obtaining any parental consent for any end users use of the
Online Service that may be required by applicable law and to
convey notification on behalf of Microsoft to students (or, with
respect to a student under 18 years of age and not in
attendance at a postsecondary institution, to the students
parent) of any judicial order or lawfully-issued subpoena
requiring the disclosure of Customer Data in Microsofts
possession as may be required under applicable law.
Page 15 of 56
Microsoft Confidential For Internal Use Only
Preview Releases
Microsoft may offer preview, beta or other pre-release
features and services ("Previews") for optional evaluation.
Previews may employ lesser or different privacy and security
measures than those typically present in the Online Services.
Unless otherwise provided, Previews are not included in the
SLA for the corresponding Online Service.
Use of Subcontractors
Page 16 of 56
Microsoft Confidential For Internal Use Only
Page 17 of 56
Microsoft Confidential For Internal Use Only
Page 18 of 56
Microsoft Confidential For Internal Use Only
The definitions in the following table match those used in the Data Processing Amendment. Note that except for Windows
Intune, only the key workloads from each Online Service below is included:
Online Service
Dynamics CRM
Online Services
Page 19 of 56
Microsoft Confidential For Internal Use Only
Windows Intune
Online Services
Page 20 of 56
Microsoft Confidential For Internal Use Only
Privacy
Page 21 of 56
Microsoft Confidential For Internal Use Only
Page 22 of 56
Microsoft Confidential For Internal Use Only
Page 23 of 56
Microsoft Confidential For Internal Use Only
Page 24 of 56
Microsoft Confidential For Internal Use Only
Domain
Practices
Organization of
Information
Security
Asset
Management
Page 25 of 56
Microsoft Confidential For Internal Use Only
Physical and
Environmental
Security
Page 26 of 56
Microsoft Confidential For Internal Use Only
Page 27 of 56
Microsoft Confidential For Internal Use Only
Page 28 of 56
Microsoft Confidential For Internal Use Only
Page 29 of 56
Microsoft Confidential For Internal Use Only
Business
Continuity
Management
Page 30 of 56
Microsoft Confidential For Internal Use Only
Page 31 of 56
Microsoft Confidential For Internal Use Only
Page 32 of 56
Microsoft Confidential For Internal Use Only
Limitations
Customer may not resell or redistribute the Microsoft Azure
Services, or allow multiple users to directly or indirectly access
any Microsoft Azure Service feature that is made available on
a per user basis (e.g., Active Directory Premium). Specific
reassignment terms applicable to a Microsoft Azure Service
feature may be provided in supplemental documentation for
that feature.
Retirement of Services or Features
Microsoft will provide Customer with 12 months notice
before removing any material feature or functionality or
discontinuing a service, unless security, legal or system
performance considerations require an expedited removal.
This does not apply to Previews.
Data Retention after Expiration or Termination
The expiration or termination of Customers Online Service
subscription will not change Customers obligation to pay for
hosting of Customer Data during any Extended Term.
Hosting Exception
Customer may create and maintain a Customer Solution and,
despite anything to the contrary in Customers volume
licensing agreement, combine Microsoft Azure Services with
Customer Data owned or licensed by Customer or a third
party, to create a Customer Solution using the Microsoft
Azure Service and the Customer Data together. Customer may
permit third parties to access and use the Microsoft Azure
Services in connection with the use of that Customer Solution.
Customer is responsible for that use and for ensuring that
Page 33 of 56
Microsoft Confidential For Internal Use Only
Sharing
The Microsoft Azure Services may provide the ability to share
a Customer Solution and/or Customer Data with other Azure
users and communities, or other third parties. If Customer
chooses to engage in such sharing, Customer agrees that it is
giving a license to all authorized users, including the rights to
use, modify, and repost its Customer Solution and/or the
Customer Data, and Customer is allowing Microsoft to make
them available to such users in a manner and location of its
choosing.
Import/Export Services
Customers use of the Import/Export Service is conditioned
upon its compliance with all instructions provided by
Microsoft with respect to the preparation, treatment and
shipment of the physical media containing its data (storage
media), which will be provided via email or at
www.go.microsoft.com/fwlink/?linkid=301900&CLCID=0X409
. Customer is solely responsible for ensuring the storage
media and data are provided in compliance with all laws and
regulations. All incoming storage media will be shipped DAP
Microsoft DCS Data Center (INCOTERMS 2010). Exported
storage media will be shipped DAP Customer Dock
Page 34 of 56
Microsoft Confidential For Internal Use Only
Notices
The Bing Maps and Customer Support Notices in Attachment
1 apply.
External Users
External Users of all editions of Microsoft Dynamics Online do
not need the required SLs to access the Online Service unless
using Microsoft Dynamics CRM clients.
Instance Add-On SLS
Instance Add-on SLs are required for all editions of Microsoft
Dynamics Online for the following:
Storage Add-On SL
Storage Add-on SLs are required for all editions of Microsoft
Dynamics Online for each gigabyte of storage in excess of the
storage provided with the Online Service. For the Professional
and Enterprise editions, Storage Add-on SLs are required for
Page 35 of 56
Microsoft Confidential For Internal Use Only
Page 36 of 56
Microsoft Confidential For Internal Use Only
Exchange Online
Data Loss Prevention
Exchange Online Archiving for Exchange Online
Exchange Online Archiving for Exchange Server
Exchange Online Kiosk
Exchange Online Plan 1
Exchange Online Plan 2
Page 37 of 56
Microsoft Confidential For Internal Use Only
Page 38 of 56
Microsoft Confidential For Internal Use Only
Lync Online
Lync Online Plan 1
Lync Online Plan 2
Notices
The Recording and the H.264/MPEG-4 AVC and/or VC-1
Notices in Attachment 1 apply.
Core Features for Office 365 Services
Lync Online or its successor service will have the following
Core Features capabilities:
Instant Messaging
An end user will be able to transfer a text message to another
end user in real time over an Internet Protocol network.
Presence
An end user will be able to set and display the end users
availability and view another end users availability.
Online Meetings
An end user will be able to conduct an Internet-based
meeting that has audio and video conferencing functionality
with other end users.
Page 39 of 56
Microsoft Confidential For Internal Use Only
Page 40 of 56
Microsoft Confidential For Internal Use Only
Office Online
Core Features for Office 365 Services
Office Online or its successor service will have the following
Core Features capabilities:
An end user will be able to create, view, and edit documents
in Microsoft Word, Excel, PowerPoint, and OneNote file
types that are supported by Office Online or its successor
service.
External Users
External Users invited to site collections via Share-by-Mail
functionality do not need User SLs with Office Online.
External Users
External Users invited to site collections via Share-by-Mail
functionality do not need User SLs with OneDrive for Business.
Project Online
Project Lite
Project Online
SharePoint Online
Duet Enterprise Online for Microsoft SharePoint and SAP
SharePoint Online Kiosk
SharePoint Online Plan 1
SharePoint Online Plan 2
Page 41 of 56
Microsoft Confidential For Internal Use Only
Windows Intune
Windows Intune (per user)
Windows Intune with Windows Desktop Operating System (per user)
Windows Intune Add-on for System Center Configuration
Manager and System Center Endpoint Protection (per user)
(Windows Intune Add-On)
Notices
The Bing Maps Notices in Attachment 1 apply.
Manage Devices
Each user to whom Customer assigns a User SL may access
and use the Online Service and related software (including
System Center software) to manage up to five devices at a
time.
Storage Add-on SL
A Storage Add-on SL is required for each gigabyte of storage
in excess of the storage provided with the base subscription.
Page 42 of 56
Microsoft Confidential For Internal Use Only
Page 43 of 56
Microsoft Confidential For Internal Use Only
Page 44 of 56
Microsoft Confidential For Internal Use Only
10.
Page 45 of 56
Microsoft Confidential For Internal Use Only
Perpetual Licenses
Upon Microsofts acceptance of Customers buy-out order
and receipt of payment in full, Customer will have perpetual
Licenses for the Windows Enterprise Software for the number
of Licenses specified in the buy-out order. Perpetual Licenses
received under the buy-out option remain subject to the
terms of Customers volume licensing agreement (including
these Online Services Terms, as further specified below, and
all license limitations), and supersede and replace Customers
underlying perpetual Licenses for a qualifying Microsoft
desktop operating system. The terms governing Customers
ongoing use of the Windows Enterprise Software survive
expiration or termination of Customers volume licensing
agreement.
Page 46 of 56
Microsoft Confidential For Internal Use Only
Service SLs
A Service SL is required to provide access to the services. Each
Service SL must be purchased with at least one of the
following qualifying Add-On SLs:
a Website usage Add-On SL, which is required for
unauthenticated users to access Bing Maps Enterprise
Platform and Bing Maps Mobile Asset Management
Platform through Customers programs based on the
number of billable transactions per month,
Page 47 of 56
Microsoft Confidential For Internal Use Only
Page 48 of 56
Microsoft Confidential For Internal Use Only
Page 49 of 56
Microsoft Confidential For Internal Use Only
Translator API
Customer may use Translator API in accordance with the
Translator API Terms of Use, including successor Terms,
located at http://aka.ms/translatortou and the Translator
Privacy Statement located at http://aka.ms/translatorprivacy.
Yammer Enterprise
External Users
External Users invited to Yammer via external network
functionality do not need User SLs.
Microsofts use of Customer Data
Despite anything to the contrary in Customers volume
licensing agreement or the OST, Microsofts use of Customer
Data in the Yammer Enterprise online service, both before
and after Customers Online Service subscription terminates,
will be governed by the Yammer Privacy Statement at
www.yammer.com/about/privacy.
Children
Yammer Enterprise is not intended for or designed to attract
users under the age of 13. Customer must not set up a
Yammer account for any person under the age of 13.
Page 50 of 56
Microsoft Confidential For Internal Use Only
Customer Support
If Customers volume licensing agreement incorporates a Master Business Agreement dated
before September 1, 2007 (and Customer has not signed any other master-level Microsoft
Professional Services agreement) or if Customer licenses under the Microsoft Online
Subscription Agreement or other Microsoft agreement that cover Online Services only,
Customer Support is provided subject to these additional terms.
Definitions
Terms used in this Customer Support Notice but not defined will have the definition provided
in Customers volume licensing agreement.
Customer Support means all support or advice provided to Customer under Customers
volume licensing agreement.
Fixes means Product fixes, modifications or enhancements, or their derivatives, that
Microsoft either releases generally (such as service packs), or that Microsoft provides to
Customer when performing Customer Support to address a specific issue.
Fixes
If Microsoft provides Fixes to Customer in the course of performing Customer Support, those
Fixes are licensed according to the license terms applicable to the Product to which those
Fixes relate unless the Fixes include separate terms, in which case those terms will govern. If
Fixes are provided for Microsoft Azure Services, Microsoft Dynamics CRM Online, Microsoft
Dynamics Marketing or Microsoft Social Listening, any other use terms Microsoft provides
with the Fixes will apply, and if no use terms are provided, Customer shall have a nonexclusive, temporary, fully paid-up license to use and reproduce the Fixes solely for
Customers internal use. Customer may not modify, change the file name of, or combine any
Fixes with any non-Microsoft computer code.
Pre-Existing Work
All rights in any computer code or non-code based written materials developed or otherwise
obtained by or for the parties or their Affiliates independent of Customers volume licensing
agreement (Pre-Existing Work) shall remain the sole property of the party providing the PreExisting Work. During the performance of Customer Support, each party grants to the other
party (and Microsofts contractors as necessary) a temporary, non-exclusive license to use,
reproduce and modify any of its Pre-Existing Work provided to the other party, solely as
needed to perform its obligations in connection with the Customer Support. Except as may be
otherwise expressly agreed by the parties in writing, upon payment in full Microsoft grants
Customer a non-exclusive, perpetual, fully paid-up license to use, reproduce and modify (if
applicable) any Microsoft Pre-Existing Work provided as part of a Customer Support
deliverable, solely in the form delivered to Customer, and solely for Customers internal
business purposes. The license to Microsofts Pre-Existing Work is conditioned upon
Customers compliance with the terms of Customers volume licensing agreement. If
Page 51 of 56
Microsoft Confidential For Internal Use Only
Page 52 of 56
Microsoft Confidential For Internal Use Only
Suite SLs
Office 365
Enterprise
Online Service
K1
E1
E3
E4
Office 365
Government
Office 365
Education
G1
A2
G3
G4
A3
A4
Exchange Online
Exchange Online
Kiosk
Exchange Online
Plan 1
Exchange Online
Plan 2
SharePoint Online
SharePoint Online
Kiosk
SharePoint Online
Plan 1
SharePoint Online
Plan 2
Lync Online
Lync Online Plan 1
Lync Online Plan 2
Yammer Enterprise
Office Online
Office 365 ProPlus
Windows Intune
Microsoft Rights
Management
Azure Active
Directory Premium
Page 53 of 56
Microsoft Confidential For Internal Use Only
Office Enterprise
365
Mobility
Midsized Suite
Business
Clause 1: Definitions
(a) 'personal data', 'special categories of data', 'process/processing', 'controller', 'processor', 'data subject' and 'supervisory
authority' shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October
1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;
(b) 'the data exporter' means the controller who transfers the personal data;
(c) 'the data importer' means the processor who agrees to receive from the data exporter personal data intended for
processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not
subject to a third country's system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;
(d) 'the subprocessor' means any processor engaged by the data importer or by any other subprocessor of the data importer
who agrees to receive from the data importer or from any other subprocessor of the data importer personal data exclusively
intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his
instructions, the terms of the Clauses and the terms of the written subcontract;
(e) 'the applicable data protection law' means the legislation protecting the fundamental rights and freedoms of individuals
and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the
Member State in which the data exporter is established;
(f) 'technical and organisational security measures' means those measures aimed at protecting personal data against accidental
or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing
involves the transmission of data over a network, and against all other unlawful forms of processing.
Page 54 of 56
Microsoft Confidential For Internal Use Only
Page 55 of 56
Microsoft Confidential For Internal Use Only
Clause 6: Liability
1. The parties agree that any data subject who has suffered damage as a result of any breach of the obligations referred to in
Clause 3 or in Clause 11 by any party or subprocessor is entitled to receive compensation from the data exporter for the
damage suffered.
Page 56 of 56
Microsoft Confidential For Internal Use Only
Page 57 of 56
Microsoft Confidential For Internal Use Only
Clause 12: Obligation after the termination of personal data processing services
1. The parties agree that on the termination of the provision of data processing services, the data importer and the
subprocessor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the
data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation
imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that
case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively
process the personal data transferred anymore.
2. The data importer and the subprocessor warrant that upon request of the data exporter and/or of the supervisory authority,
it will submit its data processing facilities for an audit of the measures referred to in paragraph 1.
Page 58 of 56
Microsoft Confidential For Internal Use Only
Page 59 of 56
Microsoft Confidential For Internal Use Only
Page 60 of 56
Microsoft Confidential For Internal Use Only