Microsoft 365 Student Privacy Information
Microsoft 365 (M365) provides students with access to twenty-first century learning tools to support their education. This web page provides information on the data collected during students’ activation and use of M365 and Microsoft’s commitment to be managing that data.
What data is collected?
During the activation and password resets student’s personal information (name. email address, phone number and CIT number) are replicated to a highly secure Microsoft service call ‘AD connect’. The replication of this data takes place in an Active Directory (AD) instance hosted in Azure’s Australian nodes.
Students control the information that is transferred to, and stored by, Microsoft 365. This may include text, images, photographs, sound and multimedia.
In addition, while using the M365 service and to deliver the service, the Microsoft system will generate some information such as, logs about user access to the M365 services.
How is the data used?
Microsoft does not use this collected information to track users’ online activities or build profiles for behaviour analysis or other commercial purposes.
Microsoft does not use, access or collect this data for any other reason than to provide the Microsoft 365 services to students – in particular, Microsoft will not use or disclose user data for advertising purposes.
CIT has ensured through its contract with Microsoft governing the delivery of M365, that there are several express commitments relating to user data. These include:
- Ownership of user data always stored by the student rests with user while studying at CIT and not with Microsoft.
- Ownership of the user data for activation and password resets remains with CIT, and not with Microsoft.
- Microsoft will meet stringent international standards that are generally acknowledged as the benchmark for providers of Online Services.
Is the data secure?
Physical data centre access is restricted to authorised personnel and multiple layers of physical security are implemented. Microsoft personnel are only able to access user data in extremely limited circumstances and subject to rigorous approval and oversight.
Microsoft use subcontractors to perform a variety of support services for M365. Examples of these include physical hardware maintenance, technical support and facilities services (for example, security guards at data centre locations).
Microsoft will only disclose data at the direction of CIT or, if compelled to do so by law.
The M365 service incorporates many privacy controls. Privacy controls are enabled by default for all customer of M365.
When is the data deleted?
Six months after a final grade has been entered CIT initiates the removal of all user and associated data from CIT Microsoft Domain and Microsoft.
Where is the data?
CIT M365 service, user data is stored predominantly in data centres situated in Australia.
Microsoft 365 Privacy Information
Microsoft’s privacy statement https://privacy.microsoft.com/en-us and https://privacy.microsoft.com/en-gb/privacystatement
For more information contact firstname.lastname@example.org.