SQL Server 2008 R2 Privacy Statement

Last updated: January 2010

At Microsoft, we're working hard to protect your privacy, while delivering products that bring you the performance, power, and convenience you desire in your personal computing. This privacy statement explains many of the data collection and use practices of Microsoft SQL Server 2008 R2 (“SQL Server”). This privacy statement focuses on features that communicate with the Internet. It does not apply to other online or offline Microsoft sites, products, or services.

Collection and Use of Your Personal Information

The information we collect from you will be used by Microsoft and its controlled subsidiaries and affiliates to enable the features you are using and provide the service(s) or carry out the transaction(s) you have requested or authorized. It may also be used to analyze and improve Microsoft products and services.

Except as described in this statement, personal information you provide will not be transferred to third parties without your consent. We occasionally hire other companies to provide limited services on our behalf, such as packaging, sending and delivering purchases and other mailings, answering customer questions about products or services, processing event registration, or performing statistical analysis of our services. We will only provide those companies the personal information they need to deliver the service, and they are prohibited from using that information for any other purpose.

Microsoft may access or disclose information about you, including the content of your communications, in order to: (a) comply with the law or respond to lawful requests or legal process; (b) protect the rights or property of Microsoft or our customers, including the enforcement of our agreements or policies governing your use of the services; or (c) act on a good faith belief that such access or disclosure is necessary to protect the personal safety of Microsoft employees, customers or the public.

Information that is collected by or sent to Microsoft by SQL Server may be stored and processed in the United States or any other country in which Microsoft or its affiliates, subsidiaries or service providers maintain facilities, and by using a Microsoft site or service, you consented to any such transfer of information outside of your country. Microsoft abides by the safe harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of data from the European Union.

Collection and Use of Information about Your Computer

SQL Server contains Internet-enabled features that can collect and send information about your computer ("standard computer information") to Microsoft. Standard computer information typically includes information such as your IP address, operating system version, browser version, and regional and language settings. In some cases, standard computer information may also include hardware ID, which indicates the device manufacturer, device name, and version. If a particular feature or service sends information to Microsoft, standard computer information will be sent as well. 

The privacy details for each SQL Server feature listed in this privacy statement describe what additional information is collected and how it is used.

Security of Your Information

Microsoft is committed to protecting the security of your information. We use a variety of security technologies and procedures to help protect your information from unauthorized access, use, or disclosure. For example, we store the information you provide on computer servers with limited access that are located in controlled facilities.

Changes to the Privacy Statement

We occasionally update this privacy statement to reflect changes in our products and services and customer feedback. When we post changes, we revise the "last updated" date at the top of this statement. If there are material changes to this statement or in how Microsoft will use your personal information, we notify you either by posting a notice of such changes prior to implementing the change or by directly sending you a notification. We encourage you to periodically review this statement to be informed of how Microsoft is protecting your information.

For More Information

If you have questions about this privacy statement or believe that we have not adhered to it, please contact us by e-mail at sqlpriv@microsoft.com.

You can also mail to:

SQL Server Privacy Statement

Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052

Specific Features:

Customer Experience Improvement Program

What This Feature Does:

The Customer Experience Improvement Program (CEIP) feature of SQL Server Business Intelligence Development Studio and SQL Server Management Studio collects information about your hardware configuration and how you use our software and services so that we can identify trends and usage patterns. This information helps improve the quality, reliability, and performance of Microsoft software and services.

Information Collected, Processed or Transmitted:

The information CEIP collects includes the type and number of errors you encounter, software and hardware performance, and the speed of services. We do not collect your name, address or other contact information.

This feature generates a Globally Unique Identifier (GUID) that is stored on your computer to uniquely identify it. The GUID is a randomly generated number; it does not contain any personal information and will not be used to identify you. CEIP uses the GUID to distinguish how widespread the feedback we receive is and how to prioritize it. For example, this number allows Microsoft to distinguish between one customer having an error 100 times and 100 customers having the same error once. The GUID is persistent.

Use of Information:

The information collected is used to help improve Microsoft’s products. Microsoft employees, contractors and vendors who have a business need to use the data are provided access as necessary.

Choice/Control

You will be given an opportunity to participate in CEIP during the SQL Server installation. For pre-release versions of SQL Server, CEIP is turned on by default. You can later change your installation choice by following the instructions below.

To change your CEIP settings:

  1. Start SQL Server Management Studio, or SQL Server Business Intelligence Development Studio, and open a new or existing Analysis Services, or Data Transformation Services project.

  2. From the Help menu of SQL Server Management Studio, select Microsoft SQL Server Customer Feedback Options, or from the Help menu of SQL Server Business Intelligence Development Studio, select Microsoft SQL Server Customer Feedback Settings.

  3. To turn CEIP off, click No, I don't wish to participate. To turn CEIP on, click Yes, I am willing to participate.

  4. Click OK.

Important Information:

Enterprise customers may construct Group Policy to opt in or out of CEIP by setting a registry-based policy.  The relevant registry key and settings are as follows:

Key = HKEY_CURRENT_USER\Software\Microsoft\Microsoft SQL Server\100

RegEntry name = CustomerFeedback

Entry type DWORD:

  • 0 is opt out

  • 1 is opt in

Caution:

Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer. You can also use the Last Known Good Configuration startup option if you encounter problems after manual changes have been applied.

For more information about CEIP, read the CEIP privacy statement.

Individual Error Reports

What This Feature Does:

Individual Error Reports allow you to report problems you may be having with SQL Server and all of its component products that have user interfaces. Error reporting for components and services that do not have user interfaces (such as SQL Server Database Engine, SQL Agent, Analysis Services, Reporting Services, Notification Services, SQL Replication, the Database Tuning advisor component, SQL Browser Service and SQL Writer) is handled by the Error and Usage Reporting Tool, described below.

Information Collected, Processed, or Transmitted:

Individual Error Reports collect standard computer information, which is not used to identify you. They do not intentionally collect name, address, email address, computer name, or any information that will be used to identify you or contact you. It is possible that such information may be captured in memory or in the data collected from open files, but Microsoft does not use it to identify you.

In rare cases, such as problems that are especially difficult to solve, Microsoft may request additional data, including sections of memory (which may include memory shared by any or all applications running at the time the problem occurred), some registry settings, and one or more files from your computer. Your current documents may also be included. When additional data is requested, you can review the data and choose whether to send it.

In certain cases, you may be asked to answer an optional survey after sending an error report. If you send an error report without sending survey information, none of the information in your error report is used to identify you. If you choose to provide a phone number or e-mail address then we may contact you to ask for additional data that will help us solve a problem. In some cases you may also be presented with an opportunity to track your error report. If you choose to track an error, your report is associated with your e-mail address.

Use of Information:

We use the data for diagnosing and solving customer problems and to improve this and other Microsoft software and services.

Choice/Control:

Each time an error occurs in a SQL Server component with a user interface, a report is generated and you are asked if you want to send this report to Microsoft. You will have an opportunity to view the information contained in the error report before choosing whether to send the report.

Enterprise customers can use Group Policy to configure how Error Reporting behaves on their computers. Configuration options include the ability to completely turn off Error Reporting. For more information about how to configure Group Policy for Error Reporting for administrators, see the Windows Server 2003 TechNet site. For more information about technical details for Windows Server 2008, see Group Policy Planning and Deployment Guide.

Important Information:

For more information about what details are collected and how they are used, see the Privacy Statement for the Microsoft Error Reporting Service.

Error and Usage Reporting

What This Feature Does:

The Error Reporting feature gives you the opportunity to automatically send error reports to Microsoft for SQL Server components and servers that do not have a user interface and run in the background, such as SQL Server Database Engine, SQL Agent, Analysis Services, Reporting Services, Notification Services, SQL Replication, the Database Tuning advisor component, SQL Browser Service and SQL Writer (“Background Services”). If you consent, the Error Reporting feature allows you to automatically report problems you may be having with Background Services to Microsoft and to receive information that may help you get around or solve such problems.

The Usage Reporting Feature gives you the opportunity to automatically send usage information to Microsoft. If you consent, the Usage Reporting feature will collect and send to Microsoft information about your hardware configuration and which SQL Server features are being used on that hardware, so we can identify trends and usage patterns.

Information Collected, Processed, or Transmitted:

The Error Reporting feature collects the same types of information as Individual Error Reports collects. In addition, the Error Reporting feature of SQL Server collects extensive information specific to usage at the time of the error including, for example: machine characteristics (CPU speed, number of processors, etc.), callstack of faulting threads (or all threads for certain types of error), execution plans and other execution data, and information about open files. It may also collect historic information about the behavior of the operating system and SQL Server, and for certain error types, data page contents. It is possible that personally identifiable information may be captured in memory or in the data collected from open files, but Microsoft does not use it to identify you. Unlike Individual Error Reports described above, you will not have the opportunity to review the information in the reports generated by the Error Reporting feature before they are sent.

The Usage Reporting feature collects information about your hardware configuration, which features are installed and used by each of the SQL Server products installed on that hardware and how those features perform. We do not collect your name, address or other contact information. This feature also generates a GUID that is stored on your computer to uniquely identify it. The GUID is a randomly generated number; it does not contain any personal information and will not be used to identify you.

Use of Information:

The data sent by the Error and Usage Reporting is used to track down and solve problems that users are experiencing and to help improve Microsoft’s products. The usage reports are used by the Customer Experience Improvement Program, which helps us make better software. By participating in this program, you are directly influencing how our software is designed.

Choice/Control:

During setup, you will be offered the opportunity to automatically send error and usage reports to Microsoft. For pre-release versions of SQL Server, the Error Reporting feature is turned on by default. To later turn these features on or off, use the Error and Usage Reporting Tool, which is available by clicking on the Start menu, Programs, SQL Server 2008 R2, Configuration Tools, SQL Server Error and Usage Reporting.

Enterprise customers can use Group Policy to configure how the Error Reporting feature behaves on their computers. Configuration options include the ability to completely turn off Error Reporting. For more information about how to configure Group Policy for Error Reporting for administrators, see the Windows Server 2003 TechNet site. For more information about technical details for Windows Server 2008, see Group Policy Planning and Deployment Guide

Important Information:

Some error reports may be sent to Microsoft even if you choose not to use the SQL Server Error Reporting feature if you have configured Windows to use Microsoft Error Reporting.

SQL Server Books Online: Content Feedback Feature

What This Feature Does:

For each SQL Server Books Online Help topic, you can provide feedback to the SQL Server documentation team regarding whether the content was useful. At the bottom of each Help topic, you will see the question “Was this information helpful?” If you click the Yes button or the No button, an e-mail message will be generated in your e-mail client, and the subject line of that e-mail message will be automatically populated with information about the content you are commenting on. You can add specific feedback regarding the content in the body of this e-mail message.

Information Collected, Processed or Transmitted:

To provide the SQL Server Documentation team with the necessary context information regarding your feedback, the subject line of the feedback e-mail message will contain some or all of the following information: the topic title, the product name, the product version, the documentation version, the name of the Help file, the topic URL, the topic rating (which varies depending on whether you clicked Yes or No), the type of Help file (.chm or .hxs), the language you are using (for example, English), and the version number of the Help feedback script. Note that if the Help topic is in the .chm Help format, the Help file installation path on your computer may also be included.

Use of Information:

The information you provide is used by the SQL Server Documentation team in order to make corrections or enhancements to the documentation provided with SQL Server.

Choice/Control:

The feedback e-mail message is not generated unless you click Yes or No, and the e-mail message is not sent to Microsoft unless you click Send in your e-mail client.

Important Information:

Your e-mail address is not used for marketing purposes unless you have given consent for that purpose.

Microsoft SQL Server Books Online: Online Content Settings for Help

What This Feature Does:

The Online Content feature enables you to query online Web sites automatically when performing a search, including Microsoft’s MSDN Online Web site and third-party community Web sites. In addition, you can get information from these same Web sites in response to pressing the F1 key on language keywords in the code window.

Information Collected, Processed or Transmitted:

To return relevant results, the Online Content feature transmits to MSDN Online (and any other third-party Web sites you designate in the Online Content option) information including standard computer information, the search text string you entered or the keywords associated with the language keyword you pressed F1 on, and the sources to be searched (such as MSDN Online).

Use of Information:

The information is used to respond to the search query or F1 key press. Microsoft also uses this information to develop new content and revise existing content.

Choice/Control:

By default, SQL Server searches for help only on your computer. No information is sent to Microsoft if you do not choose to use the Use Online Content setting. To choose your search settings:

  1. Within Books Online, select Help at the top of the screen, select Tools, then select Options, and then select Online.

  2. Select one of the following three options: Try Local Only, Not Online; Try Local First, then Online; or Try Online First, then Local.

  3. In the Search Providers box, you can select or deselect any of the providers and, using the up/down arrows, you can set the order that search providers are used.

  4. Click OK.

Important Information:

This disclosure only covers interactions with MSDN Online; how other designated Web sites collect and use search information depends on the particular site selected. For more information about MSDN Online privacy practices, see Microsoft Online Privacy Notice.

Using Microsoft Bing Maps With SQL Server Reporting Services

What This Feature Does:

SQL Server Reporting Services allows you to build reports that integrate with Microsoft Bing Maps. To enable this feature, certain information is sent from your server to the Bing Maps Web service.

Information Collected, Processed or Transmitted:

If you configure SQL Server with your Bing Maps ID, that ID will be sent to Bing Maps along with your requests for data each time you run a report that uses the Bing Maps feature.

Use of Information:

Microsoft uses the information to operate and improve Microsoft Bing Maps and other Microsoft sites and services. For more information, see the Microsoft Online Privacy Statement.

Choice/Control:

By default, a unique identifier is not sent with requests to Microsoft Bing Maps. See your SQL Server documentation to learn how you can add your Bing Maps ID to your SQL Server configuration.