Skip to main content

Your browser is out of date, and unable to use many of the features of this website

Please upgrade your browser.

Ignore

This website requires cookies. Your browser currently has cookies disabled.

Set your privacy preferences

We use necessary cookies to make our website work. Cookies are small files stored on your device. We also use optional cookies to improve our services and tell us if you have seen our advertising. The data we collect is anonymised. Are you happy to accept these cookies?

Countries where Microsoft processes data

FOI reference - FOI-363

Date - 22 April 2025

Request

Please supply me with any information, documentation, contract clause change or emails, etc that you have received in the past two years which identify any countries where Microsoft can or actually do process any data you have uploaded to the following services:

  1. Any service operated by or on the Microsoft Azure cloud platform by any of your processors or contracted service providers (including a direct contract with Microsoft).
  2. Any Microsoft M365 service.

For the purposes of this request you should consider any offshored administration or direct system support as being ‘processing’, whether this relates to personal data or not – this is not a GDPR specific request.

Response

I confirm that we hold some of the information you have requested.

In 2023 TPR entered into a Channel Partner Agreement with its Microsoft channel partner Phoenix Software Limited (and auxiliary agreements directly with Microsoft). The Channel Partner Agreement states personal data will be stored and accessed in the UK.

We have not supplied the signed Microsoft documents because they do not themselves identify where Microsoft can or do actually process data as detailed in your request, as they collectively refer out to, and incorporate the terms and provisions in the Microsoft Master Agreement, Product Terms, and the Online Services Terms and other relevant terms to the services. These link to the publicly available sites on the Microsoft website, see Microsoft Product Terms.

Please note that the terms and conditions for products licensed under these agreements may change (and are changed) from time to time by Microsoft. For example, a subscription to a product under the terms of the Product Terms site is subject to the data processing and security terms (see the Microsoft Online Services Data Protection Addendum (DPA)). The current and archived editions of the DPA are available for download. In the timescale you have specified there have been five released versions in English, and these are here – the top listed five documents Licensing Documents.

TPR has not received any communication in addition to the publicly available information below:

Data Residency in Azure

This information, and the contractual provisions and updates to the terms are provided by Microsoft as part of the Product Terms and licensing and our continued use is subject to these terms. The level of information provided by TPR to you has been considered in the context that more granular linking would trigger the costs exemption applicable under section 12 of the FOIA.

Aside from this contract change and subject to the publicly available terms detailed above, I confirm that TPR has not received any further of the above in relation to Azure and M365’s use which identify any countries where Microsoft can or do process data. Also, that no communications from Microsoft have been escalated from contract managers to their commercial business partners.

We do not store any information from service providers as to whether they have received any communication in relation to this.

Back to top