|
|
|||||||||||||||||
| Microsoft .NET Passport Privacy Statement |
 |
|
| Last Updated: February 2004 |
|
|
| INTRODUCTION |
|
Microsoft® .NET Passport (".NET Passport") recognizes that your
privacy and the protection of your personal information is important to you. This
statement discloses how Microsoft helps protect your personal information while using
the .NET Passport Web Site (www.passport.net), and while using the .NET Passport Service at
participating Web sites. It does not apply to other online or offline Microsoft sites, products or services. .NET Passport is a service that allows users to create a single sign-in name and password for use across .NET Passport participating sites and services. By using the .NET Passport Web Site and the .NET Passport Service, you consent to the data practices described in this statement. The .NET Passport Kids Privacy Statement is a separate statement that describes the collection, use and disclosure by .NET Passport of personal information from or about children and the Kids Passport service for obtaining parental consent. .NET PASSPORT'S COLLECTION OF YOUR PERSONAL INFORMATION As described in greater detail below, we collect and process personal information for three primary reasons: (1) to operate an authentication service, (2) to facilitate registration at participating sites that request personal information from you for the purposes specified in their privacy statements, and (3) to improve security and provide customer support for your .NET Passport account. What Information Is Collected by .NET Passport .NET Passport collects only that information which is necessary to carry out the three purposes described above. When you use .NET Passport to sign-in to a participating site, Passport temporary logs the place where you are signing in as a part of your sign-in activity, as described below. However, Passport does not collect any other information about your online activity at the participating site, such as the web pages you visit or the purchases you make, whether you are signed in or not. When you register for a .NET Passport, you will be asked to provide certain personal information that will be stored in the .NET Passport "profile." As described below, the amount of information requested will vary depending on the registering site, but the .NET Passport profile contains, at most, the following information: (1) e-mail address, (2) first and last name, (3) country or region, (4) state or territory, (5) ZIP code or postal code, (6) language, (7) time zone, (8) gender, (9) birth date, (10) occupation, and (11) alternate e-mail address. If you access the .NET Passport service via a mobile phone, your telephone number will also be collected for use as a sign-in name. When you register for your .NET Passport, you will be asked to create a password for your account. If you are using .NET Passport from a mobile phone, you will be asked to create a PIN, which acts as your password. You may also be requested to provide secret questions and secret answers. You use your secret questions and answers to help verify your identity to .NET Passport when there are account issues, such as needing to reset your password. Finally, some participating sites may require added security. In these cases, you may be asked to create a NET Passport security key. .NET Passport associates a .NET Passport unique identifier with every .NET Passport account at registration. The unique identifier is a unique 64-bit number that .NET Passport sends (encrypted) to each .NET Passport participating site when you choose to sign in. This unique identifier makes it possible for the site to determine whether you are the same person from one sign-in session to the next. .NET Passport also temporarily logs individual sign-ins for the purpose of ensuring the efficiency and security of the .NET Passport service. The information in these logs is identified only by the account's unique ID number, and it is never linked with personal information unless a user calls the service to request assistance. The Registering Site's Determination of What Information Is Collected You can register for a .NET Passport at a .NET Passport participating site or service, or at the .NET Passport Web Site. The amount of information collected by .NET Passport at registration time is determined by the registering site. If you register for a .NET Passport at the .NET Passport Web Site, .NET Passport will collect an e-mail address and a password. This is all the information necessary to create a .NET Passport account. If you register for a .NET Passport at a .NET Passport participating site or service, that site determines the personal information it wants you to provide. Please note that you will be opening two different accounts at the same time: one with the participating site or service and one with .NET Passport. You should review the privacy statement for each .NET Passport participating site you register with to determine how each site or service will use the information it collects. All of the information you provide during registration at a participating site may be stored by that site. However, the information described above is the most that .NET Passport stores. If additional information is collected during registration, this information will be specific to the participating site or service, and will only be stored by that site. If a .NET Passport participating site uses a single registration form to collect both .NET Passport information and site-specific information, the information stored by .NET Passport will be identified on the form. Note: Some .NET Passport participating sites may require you to open an e-mail account that is automatically registered as a .NET Passport. For example, MSN Hotmail, MSN Explorer, MSN Internet access, and Charter Cable services all provide you with e-mail accounts that are also .NET Passports. .NET PASSPORT'S USE OF YOUR PERSONAL INFORMATION How .NET Passport Will Not Use Your Personal Information .NET Passport will not sell or rent your personal information to third parties. .NET Passport will not use or share your personal information in a manner that differs from what is described in this Privacy Statement without your prior consent. How .NET Passport Uses Your Personal Information .NET Passport uses your personal information for the operation and maintenance of your .NET Passport account and the .NET Passport Service. For example, .NET Passport uses your e-mail address to send you a welcome e-mail message when you first register informing you about the service, telling you how to manage your .NET Passport account. You will receive a separate e-mail to which you must respond in order to validate that you are the owner of the e-mail address associated with the .NET Passport account. Failure to respond to the e-mail and verify the address within four days will cause the .NET Passport account to become inactive. This process is designed to verify the validity of the e-mail address and to help prevent e-mail addresses from being used without permission in the creation of .NET Passport accounts. .NET Passport may also send you e-mail about periodic service or recommended security updates. These periodic e-mails are considered essential to the provision of the service you have requested. You cannot unsubscribe from these mailings. If you need to reset your password and cannot access your primary e-mail account, .NET Passport may send password reset e-mail to your alternate e-mail address. .NET PASSPORT'S GENERAL DISCLOSURE OF PERSONAL INFORMATION .NET Passport occasionally hires other companies to provide limited services on our behalf, such as answering customer support inquiries or performing statistical analyses of our services. .NET Passport will only provide these companies with those pieces of your personal information needed to deliver the services, and the companies and their employees are prohibited from using that personal information for any other purpose. .NET Passport may disclose personal information if required to do so by law or in the good-faith belief that such action is necessary to: (a) conform to legal requirements or comply with legal process served on Microsoft; (b) protect and defend the rights or property of Microsoft, .NET Passport, or .NET Passport participating sites or services; or (c) act under exigent circumstances to protect the personal safety of users of the .NET Passport Service, or the public. .NET PASSPORT'S DISCLOSURE OF PERSONAL INFORMATION TO PARTICIPATING SITES AND SERVICES The information stored by .NET Passport is not shared with a .NET Passport participating site or service unless you explicitly choose to provide it by clicking on a .NET Passport sign-in link for that site, or unless your .NET Passport is in a "sponsored domain" as explained below. A list of .NET Passport participating sites and services is available. It is important for you to read the privacy statement for each .NET Passport participating site or service you visit before you sign in, so that you understand how the site may use your .NET Passport information. The specific details of what information is shared with a participating site or service when you choose to sign into that site or service are described below. Your .NET Passport Profile Information You can choose the type of information in your .NET Passport profile to share with the .NET Passport participating sites that you sign in to. You can use the check boxes on the 'Edit Your .NET Passport Profile' page to choose whether to share your e-mail address, your name, and/or the non-identifiable profile information, such as country. There are three specific cases, however, in which a .NET Passport participating site will receive your profile information regardless of your check-box settings:
Operational Information Some sites need additional .NET Passport information to operate your account properly and provide the services you have requested. This "operational" information does not include the personal information that you provide as part of your .NET Passport profile. Operational information will be shared with sites regardless of whether you choose to share your profile information with the site when you sign in using your .NET Passport. The unique identifier described above is always shared with the .NET Passport participating site or service when you sign-in. Additional operational information shared at sign in may include:
If you registered for your .NET Passport with a participating site or service that also provided you with an e-mail account (for example, your ISP or employer), your .NET Passport may belong to a "sponsored domain." In a sponsored domain, the sponsoring company has a unique role with respect to .NET Passports created in that domain.
Use of Shared Information by .NET Passport Participating Sites and Services .NET Passport participating sites and services with whom you choose to share the information can use it for a variety of purposes. These can include personalizing your experience at their sites and reducing registration time by using information in your .NET Passport account to pre-fill their registration forms. .NET Passport participating sites and services may share your personal information and/or unique identifier with third parties in order to fulfill a service or transaction you may have requested. In addition, participating sites may share your personal information, but not your Unique ID, with third parties as permitted by their privacy policy. To become a .NET Passport participating site or service, the operator must contractually agree to have a posted privacy statement and to use commercially reasonable efforts to comply with industry-standard privacy guidelines and practices. All U.S.-based sites are also encouraged (but not required) to be registered with an independent, industry-recognized, privacy assurance organization such as TRUSTe or BBBOnLine. Nevertheless, we do not control or monitor the privacy practices of .NET Passport participating sites, and the privacy practices of those sites will vary. You should carefully review the privacy statement for each .NET Passport participating site you sign in to in order to determine how each site or service will use the information it collects. If .NET Passport becomes aware of ongoing, site-specific privacy issues with a .NET Passport participating site or service, we will work to address those issues with the site or service. If at any time you believe that a .NET Passport participating site has not adhered to these principles, please notify .NET Passport by e-mail. MANAGING YOUR PERSONAL INFORMATION Access to Your Personal Information You can always add, update, or make other changes to the information in your .NET Passport profile. Closing Your .NET Passport Account You may close your .NET Passport account by going to .NET Passport Member Services and clicking Close my .NET Passport account, or by contacting .NET Passport customer support If your .NET Passport is in a "sponsored domain" as described above, there may be a special process for closing your account. Additional details and further instructions are available in Closing Your .NET Passport. If you attempt to register for a .NET Passport and find that someone else has already created a .NET Passport account with your e-mail address, you have the option of contacting .NET Passport customer service and requesting that the .NET Passport account using your e-mail address be forced to change so that you may use your e-mail address as your .NET Passport. Inactivation and Deletion of Account Microsoft will delete your .NET Passport account if it remains inactive for an extended period of time. Inactivity is defined as a failure to sign in to your .NET Passport account. If your .NET Passport account was created in an MSN-sponsored domain (@hotmail.com, @WebTV.net, or @msn.com), your account will be made inaccessible if it remains inactive for 120 days, and any account or profile information you have provided will be deleted. If you have a .NET Passport account that was not created in an MSN-sponsored domain, your account will be made inaccessible if it remains inactive for 365 days, and any account or profile information you have provided will be deleted. SECURITY AND STORAGE OF YOUR PERSONAL INFORMATION .NET Passport is committed to protecting the security of your personal information. We use a variety of security technologies and procedures to help protect your personal information from unauthorized access, use, or disclosure. For example, we store the personal information you provide on computer systems with limited access, that are located in controlled facilities. When you request to have your .NET Passport information sent to a .NET Passport participating site, .NET Passport uses industry-standard security technologies to encrypt it for transmission over the Internet. You must type the correct password to access your .NET Passport information. It is your responsibility to ensure the security of your .NET Passport account password and not to reveal this information to others. Personal information collected by .NET Passport may be stored and processed in the United States or any other country in which Microsoft or its affiliates, subsidiaries, or agents maintain facilities. By using the .NET Passport Service, you consent to any such transfer of information outside of your country. Microsoft abides by the Safe Harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of data from the European Union. USE OF COOKIES A cookie is a very small text file that a Web site saves to your computer's hard disk to store information that you provide about yourself or to store your preferences. .NET Passport uses cookies whenever you sign in to a .NET Passport participating site. .NET Passport stores your unique identifier, the time you signed in, and whatever .NET Passport profile information you have chosen to share with participating sites, in an encrypted cookie on your hard disk. This cookie allows you to move from page to page at the participating site without having to sign in again on each page. When you sign out of .NET Passport, these cookies are deleted from your computer. .NET Passport also uses cookies to improve the sign in experience. For example, .NET Passport may store your e-mail address in a cookie that will remain on your computer after you sign out. This cookie allows your e-mail address to be pre-populated, so that you will only need to type your password the next time you sign in. If you are using a public computer or do not otherwise want this information to be stored, you can select the appropriate checkbox on the sign-in page, and this cookie will not be used. The sites or services you visited may store their own cookies on your computer. .NET Passport recommends that you read each participating site's privacy statement to understand their policies and practices regarding the use of cookies. You have the ability to accept or decline cookies using the settings on your browser. However, if you choose to decline cookies, you will not be able to sign in using your .NET Passport. .NET PASSPORT AND CHILDREN Microsoft is especially concerned about the safety and protection of children's personal information collected and used online. Please refer to the .NET Passport Kids Privacy Statement for details on (1) the collection, use, and disclosure by .NET Passport of personal information from children, (2) how parents can access, delete, and restrict the sharing of such information, and (3) how .NET Passport and some .NET Passport participating sites use the Kids Passport service to obtain parental consent for the collection, use, and disclosure of children's personal information. TRUSTe CERTIFICATION Microsoft is a member of the TRUSTe privacy program. TRUSTe is an independent, non-profit organization whose mission is to build trust and confidence in the Internet by promoting the use of fair information practices. This Privacy Statement discloses the privacy practices for the .NET Passport Web Site and .NET Passport Service in accordance with the requirements of the TRUSTe Privacy Program. ENFORCEMENT OF THIS PRIVACY STATEMENT As a member of TRUSTe, and upholding our commitment to protecting the privacy of your personal information, .NET Passport has agreed to disclose its information practices and to have its privacy practices reviewed for compliance by TRUSTe. If you have questions regarding this statement, you should first contact .NET Passport. If you do not receive acknowledgment of your inquiry or your inquiry has not been addressed to your satisfaction, you should then contact TRUSTe. TRUSTe will serve as a liaison with .NET Passport to resolve your concerns. CHANGES TO THIS PRIVACY STATEMENT .NET Passport will occasionally update this Privacy Statement. When we do, we will also revise the "last updated" date at the top and bottom of the Privacy Statement. .NET Passport will obtain your opt-in consent for any updates to this Privacy Statement that materially expand the sharing or use of your personal information in ways not disclosed in this Privacy Statement at the time of collection. CONTACT INFORMATION If you have questions regarding this Privacy Statement, please send an e-mail message to: passpriv@microsoft.com. You can also contact .NET Passport at: .NET Passport Microsoft Corporation One Microsoft Way Redmond, Washington 98052 1-425-882-8080 .NET Passport is available in various languages. If you have contacted us in one of these languages, we will respond to you in that language. Last Updated: February 2004 |
| For Consumers | For Business | For Press | International | |
| © 1999-2003 Microsoft Corporation. All rights reserved. TRUSTe Approved Privacy Statement | Terms of Use |
|