I've used Visual Studio Online Team Services as a code repository and want to know if it is possible for Microsoft Employees to see the code you upload if they wanted to.
The privacy policy doesn't address this specifically that I can see but it does say that Microsoft can use your data for advertising purposes and they can share it with third parties. If "data" means my proprietary code that would be good to know.
Customer Data will be used only to provide customer the Online Services including purposes compatible with providing those services. For example, we may use Customer Data to provide a personalized experience, improve service reliability, combat spam or other malware, or improve features and functionality of the Online Services. Microsoft will not use Customer Data or derive information from it for any advertising or similar commercial purposes. “Customer Data” means all data, including all text, sound, video, or image files, and software, that are provided to Microsoft by, or on behalf of, you or your end users through use of the Online Service. Customer Data is not Administrator Data, Payment Data, or Support Data. For more information about the features and functionality that enable you to control Customer Data, please review documentation specific to the Online Service.
No, not merely if they "want to". Microsoft does provide a clause that allows them access if it's required for security or site operation:
From time to time, Microsoft employees need to obtain access to customer data stored within Team Services. As a precaution, all employees who have or may ever have access to customer data must pass a background check, which verifies previous employment and criminal convictions. In addition, we permit access to the production systems only when there’s a live site incident or other approved maintenance activity, which is logged and monitored.
(From the Visual Studio Team Services Data Protection Overview document.
That being said, this is the most liberal interpretation of this access. I worked as a senior software engineer on the VSO version control team and there's no possibility for me to get access to customer data. If you complain about a bug in our git repository handling, I'm going to ask you if you can give me a copy that I can use to reproduce - I can't just go get it. And if you decline, then I will not be able to get your data.
So while yes, we Microsoft engineers do have the theoretical ability to get to your files, there are significant policy and security safeguards against access and abuse.
Related
I am using the Google Client Library for Java SDK in my Android app to interface with Google Drive.
Do Google act as a Data Controller or Data Processor by using this SDK? I need to know if I need to store any data to show the user has consented to my app interfacing with Google Drive in line with GDPR.
I know I need to ask permission for personalised or non-personalised ads but the Google Drive SDK and GDPR stuff is driving me crazy.
Thanks
Disclaimer I am not a legal type person this is my opinion from the guidelines that we have been given. You should also seek independent legal advice relating to your status and obligations under the GDPR, as only a lawyer can provide you with legal advice specifcally tailored to your situation.
For refrence I am going to quote from the following documents which as of my writing are the only thing Google has released with regard to GDPR that i am aware of ath this time
Google Cloud & the General Data Protection Regulation
GOOGLE CLOUD & THE GDPR WHITEPAPER
Google Cloud & the General Data Protection Regulation (GDPR)
G Suite1
and Google Cloud Platform customers will typically act as
the data controller for any personal data they provide to Google in
connection with their use of Google’s services. The data controller
determines the purposes and means of processing personal data,
while the data processor processes data on behalf of the data
controller. Google is a data processor and processes personal data
on behalf of the data controller when the controller is using G Suite
or Google Cloud Platform.
Data controllers are responsible for implementing appropriate
technical and organisational measures to ensure and demonstrate
that any data processing is performed in compliance with the GDPR.
Controllers’ obligations relate to principles such as lawfulness,
fairness and transparency, purpose limitation, data minimisation,
and accuracy, as well as fulfilling data subjects’ rights with respect
to their data.
If you are a data controller, you may find guidance related to your
responsibilities under GDPR by regularly checking the website of
your national or lead data protection authority under the GDPR (as
applicable)2, as well as by reviewing publications by data privacy
associations such as the International Association of Privacy
Professionals (IAPP).
You should also seek independent legal advice relating to your status
and obligations under the GDPR, as only a lawyer can provide you with
legal advice specifcally tailored to your situation. Please bear in mind
that nothing on this website is intended to provide you with, or should
be used as a substitute for legal advice.
Gsuite is Googles sweet of tools that being Drive, Calendar ... they are the data controller for the data behind the Google tools.
Controller vs. Processor
(7) ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
(8) ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
IMO
If you are accessing a users data on Google Drive and changing it or doing anything with it then yes you are going to need to tell them what you are using their data for and log their consent. If you are saving their data anywhere then you are also going to have to give them the ability to delete that data.
There are some things you cant do for example if they want to delete all their files on drive thats not your responsibility that's Googles. You are only responsible for the data thats on your system and what you have done with it.
Using googles client library IMO doesn't have much to do with GDPR its what you are doing with the data that they return that matters. I did contact google a few months ago hoping to get some official guidelines with regard to GDPR and the client libraries. I have not heard anything as of yet.
I want to create several VM's from this Image automatically.
When I'm getting redirected to the Portals Website I can choose the option "Want to deploy programmatically? Get started-->". Yes, I want to, but in this Windows it seems like my Subscription isn't enabled for this option.
(Picture) So it's just a button to enable my Subscription, isn't it? Otherwise the status was "Enabled" or "Disable" to disable my Subscription. If I click the "Enable"-Button, nothing happens.
Does anyone of you have an idea how to enable my Subscription? Well, perhaps my thinking is wrong?
Thank you in advance!
Well, This Enable option is Accepting the Terms of use as blow in advance:
By enabling programmatic purchases for the subscriptions selected
below, I (a) agree to the legal terms and privacy statement(s)
associated with each offering above, (b) for Azure subscriptions
purchased from Microsoft, authorize Microsoft to charge or bill my
current payment method for the fees associated with my use of the
offering(s), including applicable taxes, with the same billing
frequency as my Azure subscription, until I discontinue use of the
offering(s), and (c) agree that Microsoft may share my contact
information, and transaction details associated with my purchase of
the above offering(s), with any third-party vendors, if listed above.
Microsoft does not provide rights for third-party products or
services. See the Azure Marketplace Terms for additional terms.
When you use Azure portal to create Data Science Virtual Machine - Windows 2016:
In the last step, you will agree the Terms of user by clicking "Create":
But When you use Powershell or API to create Data Science Virtual Machine - Windows 2016:
It will aslo need to agree this Terms of user by UI, but if you want to approach automation without UI, you need to agree the Terms of user in Advance for your Subscription.
So, you can see the difference between the Enabled and NOT Enabled subscritpion Status of this Marketplace image:
Enabled:
NOT Enabled
Hope this helps!
I "solve" the Problem: There wasn't any. You can only enable/disable Subscriptions if you have more than one.
After Submission to Windows Store I am Getting the Following Issues :-
App Policies: 10.1 Inaccurate Functionality
Your app and its associated metadata must accurately and clearly reflect the source, functionality, and features of your app.
All aspects of your app should accurately describe the functions, features and any important limitations of your app, including required or supported input devices. Your app may not use a name or icon similar to that of other apps, and may not claim to be from a company, government body, or other entity if you do not have permission to make that representation.
Your app must be fully functional and must provide appropriate functionality for each targeted device family.
Keywords may not exceed seven unique terms and should be relevant to your app.
Your app must have distinct and informative metadata and must provide a valuable and quality user experience.
Tested OSes: Windows 10 Mobile
Tested Devices: Acer Iconia W700, Lumia 650
Notes To Developer
The app contains placeholder content that impairs access to core functions of the app.
App Policies: 10.5.1 Privacy Policy
The following requirements apply to apps that access personal information. Personal information includes all information or data that identifies or could be used to identify a person, or that is associated with such information or data. Examples of personal information include: name and address, phone number, biometric identifiers, location, contacts, photos, audio & video recordings, documents, SMS, email, or other text communication, screen shots, and in some cases, combined browsing history.
If your app accesses, collects or transmits personal information, or if otherwise required by law, you must maintain a privacy policy. You must provide users with access to your privacy policy by entering the privacy policy URL in Dev Center when you submit your app. In addition, you may also include or link to your privacy policy in the app. The privacy policy can be hosted within or directly linked from the app. Your privacy policy must inform users of the personal information accessed, collected or transmitted by your app, how that information is used, stored and secured, and indicate the types of parties to whom it is disclosed. It must describe the controls that users have over the use and sharing of their information and how they may access their information, and it must comply with applicable laws and regulations. Your privacy policy must be kept up-to-date as you add new features and functionality to your app.
Additionally, apps that receive device location must provide settings that allow the user to enable and disable the app's access to and use of location from the Location Service API. For Windows Phone 8 and Windows Phone 8.1 apps, these settings must be provided in-app. For Windows Mobile 10 apps, these settings are provided automatically by Windows within the Settings App (on the Settings->Privacy->Location page).
You may publish the personal information of customers of your app to an outside service or third party through your app or its metadata only after obtaining opt-in consent from those customers. Opt-in consent means the customer gives their express permission in the app user interface for the requested activity, after you have:
described to the customer how the information will be accessed, used or shared, indicating the types of parties to whom it is disclosed, and
provided the customer a mechanism in the app user interface through which they can later rescind this permission and opt-out.
If you publish a person’s personal information to an outside service or third party through your app or its metadata, but the person whose information is being shared is not a customer of your app, you must obtain express written consent to publish that personal information, and you must permit the person whose information is shared to withdraw that consent at any time. If your app provides a customer with access to another person’s personal information, this requirement would also apply.
If your app collects, stores or transmits personal information, it must do so securely, by using modern cryptography methods.
Your app must not collect, store or transmit highly sensitive personal information, such as health or financial data, unless that information is related to the primary purpose of the app.
Your app must not collect, store or transmit personal information unrelated to its primary purpose, without first obtaining express user consent.
Tested OSes: Windows 10 Mobile
Tested Devices: Acer Iconia W700, Lumia 650
Notes To Developer
The privacy policy provided for this app fails to inform users of the personal information transmitted by your app and how that information is used, stored, secured, and disclosed. See policy 10.5.1 for details about the requirements for a privacy policy.
I have already stated the privacy policy indicating the use of names ,private data etc. What needs to be done for this type of issue? Any help. Thank you.
What needs to be done for this type of issue?
Without seeing your app, it's really hard to make detailed advice at forum. Regarding this type of question, it will be more appropriate to create a support ticket through your developer account so that support can give you specific suggestion after reviewing your submission.
You may rewrite your privacy policy following How To Add a Privacy Policy to Windows Phone Apps, which is old but you can still find some useful info within it.
I'm registering a new 2013 on-line and I notice that there are two license types:
1. Microsoft Dynamics CRM Online
2. Microsoft Dynamics CRM Online Professional
What's the difference between them (in short)? I've read the description and I get the impression like "this one is yellow and the other is a car", so I simply can't compare.
According to this article, there are three (not two) different models and only one allows customizing the system (so it's only that one that there's any point showing to the customers).
What's up with that?!
In short, the headlines are:
All three licences allow access to CRM from all available clients eg browser, outlook, tablet, phone. (This is a big difference from the 2011 ESS CAL).
All three licences allow read access to all data, including custom entities. (subject to Security Roles of course).
Essential allows read/write access to activities, activity feeds and custom entities.
Basic allows everything in Essential, plus read/write to Accounts, Contacts, Cases, Leads. Also access to reports, and to create personal charts and dashboards.
Pro allows everything. Most notably Sales and Marketing (Opportunity, Quote etc, Campaign, Marketing List), plus service management (facility/equipment and all that).
Pro is needed to build customisations, but not to use them, which is where I think some confusion has arisen.
If you are talking about user licences there appears to be three distinct types.
It was a bit confusing however my general belief is:
1) Professional
This would be the Administration users who need to customize the system, build processes, templates, administer CRM, and run marketing campaigns.
2) Basic
Would be suitable for general users (ie:- ones that just need to work with entities but don't need to do much else). They can't do marketing campaigns which might restrict people who are given this licence. However your day to day staff should be fine with this as they have general access to entities as well as Reports and Dashboards etc.
3) Essential
Has very little access to core entities (even Account and Contact) so unless you have a client who wants to work with only custom entities then this seems like a pointless licence.
We are working on new requirement where we need to enable features based on contract with the client. It`s a Saas based software and support multi tenancy. The software by default have basic features enabled.
Basic features
Customer management
Basic billing/invoicing
Notification via email
Payments
Advance feature
Notification over SMS
Workflow
Etc
All the client serviced by same software (Obviously same deployment ) but data will be stored on different database schema.
How to handle basic, advanced, add on, and pro feature in this case?
We are using spring and hibernate.
AFAIK, you should be handling these internally in your application so that the features like notification, workflow are marked as application features and for each tenant, there will be a mapping between the tenant id and the feature so that the tenant has access only to the features that he is subscribed to.
So, when a tenant or his user logs in to the system, we identify the features and the contents that he can access and then show them to the user. This is called as a tenant licensing system.
Also, whenever a feature is consumed, your code should be recording the tenant that consumed that feature and by how much and when and there can be cost associated with units of usage measurements.
For more detailed discussion, please refer here
Though these are all explained in C#, there should be no hinderance in the conceptual understanding.