Privacy supplement for Microsoft Office Groove 2007
Note: This article has done its job, and will be retiring soon. To prevent "Page not found" woes, we're removing links we know about. If you've created links to this page, please remove them, and together we'll keep the web connected.
Last updated: December 2016
This page is a supplement to the Privacy Statement for the 2007 Microsoft Office system. In order to understand the data collection and use practices relevant for a particular Office program or service, you should read both the Privacy Statement for the 2007 Microsoft Office system and this supplement.
This privacy statement explains many of the data collection and use practices of Microsoft Office Groove 2007, including its services and servers ("Groove"). The Groove software and associated services are a product of Groove Networks, a wholly owned subsidiary of Microsoft Corporation. This is a preliminary disclosure and is not intended to be an exhaustive list. It does not apply to other online or offline Microsoft sites, products, or services. We have a separate privacy statement that governs our practices with respect to information that is gathered when you visit our Web sites. If you received the Groove software, a Groove identity, Groove software features or components (for example, custom workspaces or tools) from a party other than Microsoft, or if you utilize third party software or services developed for use with the Groove software, the use of information collected by the Groove or third party software will be subject to the third party's privacy practices.
Important Groove Concepts
Every user of the Groove software will have an account file ("user account") that contains required information, including the user's identities, secret encryption keys, a list of devices on which they run Groove, a list of known workspaces, and a list of known contacts. A user's identity may be managed or unmanaged. Managed identities are created and controlled by an administrator using either a Groove Manager server or Microsoft Office Groove Enterprise Services ("Groove Enterprise Services"). Unmanaged identities are created by users and not controlled by an administrator. A user account may include both managed and unmanaged identities.
The Groove software uses Globally Unique Identifiers ("GUIDs") to identify user accounts ("user account GUID"), as well as user identities ("identity GUID") within accounts. GUIDs are generated using random numbers, no part of which is derived from your information or your computer's context. The use of GUIDs facilitates communication among Groove software users by uniquely identifying them to one another, even when the name, IP address, or other information associated with their Groove account or identities changes. The Groove software also uses GUIDs to identify computers or devices ("device GUID") on which the software is used. GUIDs and IP addresses are required for the correct operation of Groove software and cannot be disabled.
Information In Workspaces
The Internet is a public network. Many existing means of communicating through the Internet do not provide the level of privacy and security to which we are accustomed when we communicate in our offices, homes, and other physical spaces. The Groove communications software enables small groups of people to communicate and interact in virtual "workspaces" that we have tried to make reasonably private and secure. We have designed the Groove software and our internal policies so that Microsoft server administrators do not "look into" your workspaces or access the data contained in them, except in the limited circumstances described below in the Security section. Similarly, Microsoft takes reasonable precautions to help ensure that unauthorized third parties do not gain access to your information.
Microsoft does not have access to workspace data residing on your computer or device, and because all workspace data that leaves your computer or device is encrypted, any of your data that may temporarily be stored on our relay servers (servers running Groove Relay 2007, which provides an alternate network path supporting firewall traversal and temporary storage used when recipients are offline) also is encrypted using keys kept on your computer or device, preventing us from accessing this data. However, if you choose to utilize certain optional Groove managed identity features, Microsoft will have access to your encryption keys, but it is not our practice, policy, or intent to ever utilize those keys to access your data, except as described in this statement. Microsoft does collect certain information about use of the Groove software and other activities "outside" of the workspace, as explained in this privacy statement.
Information Collection and Use
Groove collects information from you or your computer when you:
-
Use hosted servers
-
Administer a hosted domain
-
Have a managed identity on a hosted server
-
Create an account
-
Enable account password reset
-
Request an automatic password reset
-
Publish your name or contact information in the public Groove directory
-
Publish your name or contact information in the local network directory
-
Add a contact to your contact list, import your user account onto a new device
-
Accept a space invitation, send an instant message, invite someone to a space, send your exported contact as a file, are a member of a space when a new member joins
-
Search for a contact in the public Groove directory
-
Send a workspace invitation using an URL to reference the invitation file
-
Send a contact using an URL to reference the contact
-
Request help information on a particular topic
-
Connect to a network server that asks for your network user ID and password
-
Join the Customer Experience Improvement Program
-
Send error information using Microsoft Error Reporting
Use hosted servers
Groove software can be configured to use relay and manager servers owned and operated by Microsoft, your enterprise, or a third-party. If your Groove software is configured to utilize Groove Enterprise Services, those servers will collect your IP address and GUIDs associated with your computers and user accounts.
Before you can use any Microsoft manager or relay server, Groove will send provisioning requests, which will return the manager and relay servers to be used by your account. The provisioning requests contain your user account GUID, your computer's time zone, your computer's regional and language settings, the type of your Office license, and some cryptographic information used to ensure the authenticity of your user account GUID. After the appropriate hosted servers have been identified, Groove will send your product ID and user account GUID to the Groove Manager server. All of this information is required for correct operation of the Groove software and cannot be disabled.
Administer a hosted domain
If you administer a domain hosted with Groove Enterprise Services, we will ask you to sign in with your Windows Live ID credentials (an e-mail address and password) to authenticate you and anyone you add as domain administrators. After you create these credentials, you can use them to sign in to other sites that are part of Windows Live ID. To learn more about Windows Live ID, and learn how your credential information may be used and shared if you sign in to other sites using Windows Live ID, read the Microsoft privacy statement.
The e-mail address of each domain administrator will be stored on a Groove Enterprise Services server, together with a user name and domain identification information, such as the domain's name. We may use these e-mail addresses to send you customer account or service notifications.
If included in your support contract, when you request Microsoft Support assistance with delivery of Groove Enterprise Services features, one or more Microsoft technicians may temporally log into your domain as a domain administrator ("support administrator"). A support administrator may assist you in performing domain administration functions, including removing other administrators from the domain or checking for proper relay server provisioning. While providing assistance, the support administrators may have access to personal information, in the same form and manner as other domain administrators.
Have a managed identity on a hosted server
If your identity is managed on servers hosted by Microsoft or a third party ("managed identity"), those servers contain your contact information, policy settings for your identity and devices, a backup copy of your account, and statistics on your Groove usage. If authorized through role-based access control settings, your domain administrator(s) will have access to this information. Examples of the types of statistical information that Groove collects include the following:
-
Number of invitation acceptances and rejections
-
Number of chat and Instant Groove messages sent
-
Number of permanent or temporary workspaces created or deleted
-
Number of members in workspaces
-
Number of tools created and deleted
-
Amount of time spent in workspaces, using a particular Groove tool or feature, and using the Groove software alone and with others
-
Edition and version of the Groove software you use
-
Use made of our automated help features.
Microsoft collects aggregate usage information from hosted servers, but does not use your domain information in a manner that personally identifies you, except to provide automated Groove services to you (such as relay services) and with your consent for purposes of providing you support. For domains hosted by a third party, see Third Party Practices below.
Domain administrators can set policies that affect the confidentiality, scope, and privacy of information accessible through your account. These policies control (among other things):
-
Data recovery and password reset. When enabled, domain administrators are able to access workspaces, messages, and all other information in your account. If misused, administrators can potentially impersonate you as well.
-
Restriction or permission for you to publish your contact information to public directories.
-
Whether your account (and its workspace data) can be on an unmanaged computer, not part of the account's domain.
Furthermore, domain administrators can delete your account, preventing access to workspaces in which you formerly had been a member.
Create an account
When you create an account, Groove collects your full name and your e-mail address. This required information, along with other information (for example, phone numbers, mailing address) entered by you or your administrator, is stored on your local computer. It will be added to your contact and visible anywhere your contact is available (for example, to other members of your workspaces).
Enable account password reset (unmanaged identities)
When you enable automatic account password reset (that is, enable future password resets with no administrator involvement), your e-mail address(es) will be sent to a Groove Manager server operated by Microsoft, along with your identity URL, user account GUID, and some cryptographic data necessary to ensure a future request to reset your account password will match your account. This information is required for the correct operation of the feature. Although the password reset protocol involves cooperation with Groove's servers, Microsoft does not have all the information necessary to cryptographically access your data. Only your device stores the secret keys needed to fully access your (space and account) data. Use of automatic account password reset is optional and disabled by default. It can only be enabled when the account is created.
Enable account password reset (managed identities)
For managed identities, a policy set by your domain administrator controls whether the automatic password reset feature is enabled. In other words, you cannot control your password reset setting if you have a managed identity. Your administrator may choose to enable this feature which could allow your administrator (and also Microsoft when using services hosted by Microsoft) to access your personal Groove data (including your account, spaces, messages, and identities).
Request an automatic password reset (unmanaged identities)
When you request an automatic password reset (by selecting "Forgot your password?" in the account logon dialog), your e-mail address(es) and display name will be sent to a Groove Manager server, along with your identity URL, user account GUID, and encrypted public and private encryption keys for your account. This information will only be sent to Microsoft if you are using a Groove Manager server operated by Microsoft. In response to this request, you will receive an e-mail message that contains a temporary password. Use of the automatic password reset feature is optional.
Publish your name or contact information in the public Groove directory
If you choose to list your name or all contact information in the public Groove directory, your contact will be stored on Microsoft servers. The public Groove directory, accessible through the Groove software, is available to everyone on the Internet. Anyone with access to the public Groove directory will be able to find and use your contact, giving them access to business and personal data within your contact and giving them the ability to use Groove to perform operations such as monitor your presence status, send you instant messages, and invite you to workspaces. Publishing your name or contact information in the public Groove directory is optional. You can retract publication of your contact information by changing each of your identity's "Public Groove Directory" listing preference to "No Listing," but you cannot retract your contact from anyone who already has it. That is, once a recipient has your contact, they will continue to receive updates when your contact changes and be able to use it to send you messages.
Publish your name or contact information in the local network directory
If you choose to list your name or all contact information in the local network directory, your contact will be stored on other computers that are running Groove that are within the same network segment and able to receive Groove's network broadcast messages. If your computer is directly connected to the Internet, the computers that could have your contact depend on the network configuration of your Internet Service Provider. Similarly, if you share a connection to the Internet, for example through a wireless network access point in an Internet "hotspot", other computers using the same connection and running Groove will receive your contact. Anyone who searches the local network directory will be able to find and use your contact, giving them access to business and personal data within your contact and giving them the ability to use Groove to perform operations such as monitor your presence status, send you instant messages, and invite you to workspaces. Publishing your name or contact information in the local network directory is optional. You can retract publication of your contact information by changing each of your identity's "local network directory" listing preference to "No Listing," but you cannot retract your contact from anyone who already has it. That is, once a recipient has your contact, they will continue to receive updates when your contact changes and be able to use it to send you messages.
Add a contact to your contact list, import your user account onto a new device
If you choose to add a contact for someone to your personal contact list, your "identity contact" will be sent to that person. Your identity contact contains your name, public keys that cryptographically identify you, and a list of client and relay devices you use. When you import your user account onto a new device, identity contacts for every identity within your account will be sent to and stored on the computers used by everyone identified in your account. This includes all users contained in your personal contact list and all members of all spaces in which you are a member. Recipients of your identity contact will receive updates whenever information in your identity contact changes. They will also receive contact information for all identities in your account.
Accept a space invitation, send an instant message, invite someone to a space, send your exported contact as a file, are a member of a space when a new member joins
When you choose to accept a space invitation, send an instant message, invite someone to a space, or send your exported contact file to someone, the recipient will receive full contact information for your identity. That information will include all vCard fields for your identity (such as your name, address, and phone numbers), as well as all identity contact information.
Search for a contact in the public Groove directory
When you search for the contact information for a Groove user (for example, to add the user to your contact list or to invite the user to a workspace), the input search text is sent to a Groove server hosted by Microsoft. Searching for a contact in the public Groove directory is an optional feature.
Send a workspace invitation using an URL to reference the invitation file
When you send a workspace invitation using another product, such as e-mail, that contains an URL referencing the invitation file, the invitation is stored on a Groove server hosted by Microsoft. Anyone who obtains the URL can use it to download your invitation. Your invitation includes your contact, which contains the business and personal information in your contact. Anyone may try to accept the invitation, but they cannot do so without your confirmation if you checked the "require acceptance confirmation" option when you created the invitation. Also, invitations may be revoked after they are sent and before they are accepted.
Send a contact using an URL to reference the contact
When you use Groove to send any contact using an e-mail message that contains an URL referencing the contact, the contact is stored on a Groove server hosted by Microsoft. Anyone who obtains the URL can use it to download the contact, which contains the business and personal information in the contact.
Connect to a network server that asks for your network user ID and password
If your network configuration includes a proxy or management server ("network server") that requires a user ID and password, when Groove connects through those devices, Groove will prompt you for this information. If the network server specifies the "basic" authentication realm, your network user ID and password is transmitted as cleartext, without encryption. If the network server specifies the "NTLM" authentication realm, then your network user ID and password are encrypted. If you choose to check the "save password" check box, Groove saves your network user ID and password in an encrypted file on your computer to use again, automatically, the next time the network server requires it.
Third Party Practices
If you obtained the Groove software, a Groove identity, or a custom workspace or tool, from a third party (for example, your employer or a company with which you do business), or if you participate in a workspace with others whose use of the Groove software is administered by a third party, please read the third party's privacy statement or otherwise learn about the third party's privacy practices. This is important because these parties may have access to usage information or workspace contents, and this information may be linked to personal information about users.
For example, if a third party such as your employer or a company with which you do business has provided you with the Groove software, the third party may have created a Groove identity for your use and linked its identity GUID to personal information, such as your name and e-mail address. If the third party operates a Groove Manager server or utilizes our Groove Enterprise Services, any personal information it linked to that identity's GUID may be associated with statistical information about how that identity uses Groove software. See the "Have a managed identity on a hosted server" for more information about usage statistics.
In addition, Groove workspaces often contain a browser tool or a Forms tool that uses a browser. We are not responsible for the privacy or security practices of Web sites that you visit using the browser tool within a workspace, for any effects by software provided to you by others that may have on the security or privacy of our software, or for the actions of other Groove software users that may compromise your security or privacy.
For information about additional circumstances when data may be visible to third parties, see the next section about Security.
Security
Microsoft is committed to protecting the security of your information. We use a variety of security technologies and procedures to help protect your information from unauthorized access, use, or disclosure. For example, we store the information you provide on computer servers with limited access that are located in controlled facilities. Additionally, when we transmit sensitive personal information through any network, we protect it through the use of encryption. In most scenarios we encrypt all transmitted information, with exception of device presence information, web services SOAP messages, and identity messages sent to versions of Groove before 3.0. However, there are circumstances beyond Microsoft's control—indeed, mostly in a user's control—where third parties may still gain access to workspace data or determine that certain users are working with one another in a workspace.
Privacy and Security within Workspaces
Your workspace data and account information are encrypted on your computer. Other users of your computer will not be able to view your data unless they know your account's password, the data is stored in a File Sharing workspace, or unless you save workspace data to your computer's hard drive in unencrypted form using the data export feature in the Groove software or choose to use features within the Groove software that transfer data to third-party programs.
If you choose to upload them, your workspace data and account information are encrypted before they leave your computer, and thus we do not have the ability to "see" information that resides on our servers.
Any workspace data that is transmitted to others with Groove software also is encrypted before it leaves your computer, and your workspace data remains encrypted (using keys unknown to Groove servers) as it moves through Microsoft-hosted or third-party relay servers. Although the changes you make to content of a workspace may be temporarily stored on a Microsoft relay server while being disseminated to other users of that workspace (once again, encrypted using keys unknown to Groove servers), we do not backup or archive that encrypted information (except to make temporary, redundant copies to improve the quality and dependability of the relay service). Shortly after a change has been delivered from the relay server to all of the other users of a workspace, the data is deleted from the relay server that you utilize.
Additionally, please be aware of the following circumstances in which third parties have access to some or all of the data in your workspaces, and act accordingly:
-
If your use of the Groove software or a Groove identity is administered by a third party that operates a Groove Manager server (with or without utilizing its Audit Service capabilities) or utilizes our Groove Enterprise Services, the third party may have the ability to access the contents of Groove instant messages, the contents of workspaces in which you participate, and your identities, if password reset is enabled. If you participate in a workspace with others whose use of the Groove software is administered by a third party, the third party can access the contents of that workspace directly by way of the administered user's computer (or remotely, if the third party utilizes the Audit Service capabilities of the Groove Manager server). You can tell that your own or another person's use of the Groove software is administered by a third party by the backward slash and domain name following the user's name in the workspace member list (for example, John Doe/Microsoft). (Note: The domain name cannot be trusted unless validated with Groove's secure authentication features (for example, the different colors used to indicate trust levels for contacts or the different trust levels shown using the View Contacts by Authentication option).
-
Other members of a workspace, including some automated agents running on a Groove Data Bridge server, can access data in the workspace and remove that data from the workspace (if allowed by workspace access control rules). Automated agents will be listed in the member list within a workspace.
Privacy and Security outside of Workspaces
There are certain limited circumstances outside of the context of workspaces in which your data may be transported in an unencrypted form, and thus may be visible to us or to third parties administering or otherwise monitoring networks or servers that may transport the information to its recipients. These include, under certain circumstances, when you use the "Invite," "Launch," or "Open" functions or when data is transferred between the Groove software and another software system, whether using the Groove Enterprise Data Bridge technology or otherwise. Note that unlike other workspaces, all information stored in File Sharing workspaces is stored unencrypted in the Windows file system.
Control of Your Personal Information and Deactivating Accounts
You can review and edit your personal information by clicking Preferences on the Options menu, and then clicking Edit on the Identity tab. You can change your preferences or delete your account by selecting Preferences from the Options menu and selecting the Account tab. For example, you can choose whom to show your online presence, or change your account password.
You may terminate the collection of information due to the installation of Groove software applications at any time by removing all Groove software applications from your computer. All information collected up to the date on which you remove all Groove software applications from your computer will be treated in accordance with this Privacy Statement and your indicated preferences.
No comments:
Post a Comment