In Microsoft Azure, Office 365, Microsoft Dynamics 365, and Microsoft Power Platform online services operated by 21Vianet, the Customer Data you host on the services belongs to you, so you know where your Customer Data is located, who can access it and under what circumstances, and how it is responsibly protected, transferred, and deleted.
- You know where your Customer Data is located
- You control access to your Customer Data
- You control your Customer Data if you leave the service
- You have options to control the security of your Customer Data
Knowing the location of Customer Data is important for customers operating in regulated industries with data protection regulations.
To that end, 21Vianet operates Microsoft Azure, Office 365, Microsoft Dynamics 365and Microsoft Power Platform online services datacenters located exclusively in mainland China. As a customer for Microsoft Azure, Office
365, Microsoft Dynamics 365, Power Platform online services operated by 21Vianet, you will know the location where your Customer Data is stored.
Access by 21Vianet personnel. 21Vianet operations and customer support teams ensure that only authorized personnel are available 24 hours a day, 365 days a year. 21Vianet engineers do not have access to your Customer Data. Instead, they are granted access only when necessary under management oversight. 21Vianet personnel will use Customer Data only for purposes compatible with providing you the services, which can include customer support and troubleshooting the service.
Access by subcontractors. 21Vianet may use subcontractors to provide limited services, such as customer support, on its behalf. We disclose only Customer Data that subcontractors require to deliver the services we have retained them to provide. Subcontractors are prohibited from using Customer Data for any other purpose, and are required to maintain the confidentiality of our customers' information.
Limits to access. The operational processes and controls that govern access to and use of Customer Data in Microsoft Azure, Office 365, Microsoft Dynamics 365, and Microsoft Power Platform online services operated by 21Vianet are regularly verified by accredited audit firms. These firms and 21Vianet regularly perform sample audits to attest that access is only for legitimate business purposes. Strong controls and authentication, including the use of multi-factor authentication, help limit access to Customer Data to authorized personnel only. When access is granted, whether to Microsoft personnel or our subcontractors, it is carefully controlled and logged, and revoked as soon as it is no longer needed.
Law enforcement or third party requests. 21Vianet believes that its customers should control their own information whether stored on their premises or in a cloud service. Accordingly, we impose carefully defined requirements around law enforcement or third party requests for Customer Data. We will not disclose Customer Data to a third party (excluding our suppliers and subcontractors) except as you direct or as required by applicable law and regulations. If compelled to disclose Customer Data to a third party, we will use commercially reasonable efforts to promptly notify you and provide a copy of the demand, unless legally prohibited.Learn more
If you ever choose to delete Customer Data or leave the service, 21Vianet follows strict standards and specific processes for removing Customer Data from all systems under our control, overwriting storage resources before reuse, and purging or destroying decommissioned hardware.
As part of our agreements for cloud services such as Azure Storage, Azure VMs, and Azure Active Directory, we contractually commit to specific processes for the deletion of Customer Data and the destruction of storage hardware when a customer requests it or leaves the service.
Customer Data portability
You can retrieve a copy of all your Customer Data at any time and for any reason without any assistance or notification required from 21Vianet.
Customer Data deletion
You may extract and/or delete Customer Data at any time. In the Microsoft Azure, Office 365, Microsoft Dynamics 365, and Microsoft Power Platform online services operated by 21Vianet, data deletion techniques vary depending on the type of data being destroyed—whether subscriptions, storage, virtual machines, or databases.
- In Azure Storage, all disk writes are sequential. Deleted data remains on disk until the sequential writes reach the end of the disk and the system has to start writing over deleted data. This applies to virtual machines as well, although the virtualization mechanism is designed to ensure that those spots on the disk cannot be read by another customer until data is written again, thus avoiding the threat of data loss.
- The Azure SQL database implementation is designed to help protect user data from leakage by disallowing all access to the underlying storage except through the SQL database application programming interface (API), which allows a user to read, write, and delete data.
Customer Data retention
In our 21Vianet Online Services Standard Agreement for Mircosoft Azure and 21Vianet Online Services Standard Agreement for Office 365 21Vianet contractually commits to specific processes when a customer leaves the service or the subscription expires. This includes deleting Customer Data from all systems under our control.
- If you, the customer, terminate your subscription or it expires (except for free trials), 21Vianet will store your Customer Data in a limited-function account for 90 days (the retention period) to give you time to export your Customer Data or renew your subscription, except for Limited Offerings, where we may delete Customer Data immediately without any retention period. During this period, 21Vianet provides multiple notices, so you will be amply forewarned of the upcoming deletion of your Customer Data.
- After this 90-day retention period, 21Vianet will disable the account and delete all Customer Data, including any cached or backup copies. You agree that we have no additional obligation to continue to hold, export or return Customer Data and that we have no liability whatsoever for deletion of Customer Data pursuant to the trial terms.
In the multitenant environments of Microsoft Azure, Office 365, Microsoft Dynamics 365, and Microsoft Power Platform online services operated by 21Vianet, we take careful measures to logically separate Customer Data to help prevent one customer’s data from leaking into the data of another customer.
Destruction of physical storage devices
- When a disk drive used for storage suffers a hardware failure, it is securely erased or destroyed before 21Vianet returns it to the manufacturer for replacement or repair. All of the data on the drive is completely overwritten to ensure that the data cannot be recovered by any means.
- When such devices are decommissioned, they are purged or destroyed based on standard procedure.
Microsoft Azure, Office 365, Microsoft Dynamics 365 and Microsoft Power Platform online services operated by 21Vianet use encryption to safeguard Customer Data and help you maintain control over it.
- When Customer Microsoft Dynamics 365, Power Platform online services, Data moves over a network, Microsoft Azure, Office 365, P Microsoft Dynamics 365, Power Platform online services operated by 21Vianet use industry-standard transport protocols between user devices and datacenters, as well as within the datacenters themselves.
- For Customer Data at rest, Microsoft Azure, Office 365, Microsoft Dynamics 365and Microsoft Power Platform online services operated by 21Vianet uses industry-standard encryption along with encryption security capabilities built into the services, giving you the flexibility to choose the solution that best meets your needs.