IT Services
- IT Services
- Tools, software and services
- Software
- Microsoft 365
- Policies and guidelines
- Terms, privacy and data protection
Microsoft 365 terms, privacy and data protection
General information provided by Microsoft
- Microsoft product terms and licensing
- Microsoft services agreement
- Microsoft privacy statement
- Administrative access controls in Microsoft 365
- About our practices and your data
Microsoft's privacy settings
Your University account is integrated with Microsoft 365, giving you convenient access to apps and documents. Microsoft uses your University account data to enable secure authorisation and continued access to its services (eg OneDrive and apps such as Word).
To learn more, read Microsoft’s privacy statement.
Where is the information I save in Microsoft 365 stored?
Information you save in Microsoft 365 is stored, by Microsoft, on Microsoft servers.
University data is either stored in the UK or the EU. Data for some critical authentication services is also replicated to the US. Learn more about Microsoft 365 data locations.
Who owns data stored in Microsoft 365?
You retain all rights over any intellectual property you store in Microsoft 365. Equally, Microsoft retains all intellectual property rights it holds in its provision and delivery of the service.
For more information see data management at Microsoft.
Who is legally responsible for the content of the data stored in Microsoft 365?
As stated in our contract with Microsoft and in reference to the Data Protection Act, the University is the Data Controller and Microsoft is the Data Processor.
Who has access to data stored in Microsoft 365?
As a managed service, Microsoft, our Microsoft Support partner Phoenix Software and IT Services have access to the contents of University managed accounts. However, access is strictly limited, controlled and audited.
Microsoft will not link the data from your University account to other Microsoft accounts you may have. However, it will link data within your University account across the services offered.
We advise that you only use your University Microsoft account for University related activities (eg documents relating to your job or course), and that you maintain a separate account for personal use. This will ensure that, in the event of authorised staff being required to access your account under the terms of our investigations policy, they will not see any personal information (eg private emails).
For further information, see Microsoft 365 data & security.
Does the University share personal data with Microsoft? If so, what?
IT Services shares personal data with Microsoft required to provide you with the Microsoft 365 service. Microsoft provides further details about what personal information may be recorded and how it is used in their Data protection and privacy policy.
For further information, see the University’s Microsoft terms, privacy and data protection guidance.
Will data stored on Microsoft's servers be shared with the US Government?
Personal data might be shared if required by law, for example in relation to national security considerations. An analogous situation occurs in England and Wales with similar requests from UK law enforcement agencies which can be answered within the terms of the Data Protection Act.
Before storing your data in Microsoft 365, you should fully consider your data privacy requirements and whether it’s appropriate to use Microsoft 365.
How is data stored in Microsoft 365 protected?
Microsoft explains how they protect data and privacy.
The University has a GDPR compliant contract in place with Microsoft to ensure data is handled in accordance with data protection legislation. Where data is transferred internationally, EU Model Clauses are used.
We're happy to discuss specifics of the contract with members of the University – please contact IT Services.
Advertising
There is no advertising to staff or students within Microsoft 365.