Microsoft Whiteboard Preview Agreement

This Preview Agreement (“Agreement”) is an agreement between you (“Participant”) and Microsoft Corporation (or based on where Participant lives one of its affiliates) (“Microsoft”). Participant should read the entire agreement because the terms are important and create a legal agreement (the “Agreement”) that, once accepted by Participant, applies to Participant. By this accepting this Agreement, Participant represents that they are acting as an agent of an organization, and they have the authority to act as an agent of their organization. Participant further represents that they are affiliated to and have the authority to use the Preview Service on behalf of such organization and have the authority to enable authorized users in Participant’s tenant to use the Preview Service.


The parties agree as follows:

1. Overview. Microsoft has a program for certain customers to access and use services or software in a preview form. Participant has to opt in to participate in this program. This Agreement establishes the terms and conditions for Participant’s access and use of the services and participation in the program.

2. Definitions. As used in this Agreement, the following terms have the following meanings:

a. “Affiliate” means any legal entity that owns, is owned by, or is commonly owned with a party, where “own” means having more than 50% ownership or the right to direct the management of the entity.

b. “Confidential Information” means non-public information, know-how, or trade secrets in any form that are designated as being confidential or that a reasonable person knows or reasonably should understand to be confidential. Confidential Information does not include any information, however designated, that (i) is or becomes publicly available without a breach of this Agreement; (ii) was lawfully known to the receiver of the information without an obligation to keep it confidential; (iii) is received from another source who can disclose it lawfully and without an obligation to keep it confidential; (iv) is independently developed; or (v) is Feedback.

c. “Customer Data” means all data, including all text, sound, video, or image files that are provided to Microsoft by, or on behalf of, Participant through use of Office 365 Services.

d. “Feedback” means, collectively, suggestions, comments, feedback, ideas, or know-how, in any form, that Participant provides to Microsoft about Microsoft’s business, products, or services.

e. “NDA” means a standard non-disclosure agreement, if any, between the parties.

f. “Office 365 Services” means the services included in an Office 365-branded plan or suite under Participant’s Microsoft volume licensing agreement or Microsoft Online Subscription Agreement.

g. “Online Services Terms” means the Microsoft Online Services Terms that are available at (or a successor site).

h. “Participant Data” means all data, including all text, sound, video, or image files that are provided to Microsoft by, or on behalf of, Participant through use of the Preview Service.

i. “Personal Data” means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

j. “Preview Program” means the Microsoft invitation-only program through which Microsoft makes the Preview Service available to Participant.

k. “Preview Service” means the Microsoft Whiteboard preview online service that Microsoft makes available to Participant as part of the Preview Program.

l. “Program Materials” means, collectively, all materials that describe the Preview Program and that Microsoft makes available to Participant, including any invitations, materials specifying requirements or eligibility criteria, Preview Service documentation, and this Agreement.

m. “Residuals” means information in intangible form retained in unaided memory by persons who have had access to Confidential Information.

n. “Subprocessor” means other processors used by Microsoft to process Personal Data.

o. “Term” means the term of this Agreement.

p. “Volume Licensing Agreement” means the Online Services Terms and Participant’s Microsoft volume licensing agreement (or other applicable agreement) under which Participant subscribed to the Office 365 Services, including the “Microsoft Online Subscription Agreement” (“MOSA”).

3. Program Participation.

a. Program Materials. Each party will comply with the Program Materials with respect to Participant’s activities and participation in the Preview Program.

b. Feedback. Providing Feedback is voluntary. Microsoft is under no obligation to post or use any Feedback. By providing Feedback to Microsoft, Participant (and anyone providing Feedback through Participant) irrevocably and perpetually grant to Microsoft and its Affiliates, under all of its (and their) owned or controlled intellectual property rights, a worldwide, non-exclusive, fully paid-up, royalty-free, transferable, sub-licensable right and license to make, use, reproduce, prepare derivative works based upon, distribute, publicly perform, publicly display, transmit, and otherwise commercialize the Feedback (including by combining or interfacing products, services or technologies that depend on or incorporate Feedback with other products, services or technologies of Microsoft or others), without attribution in any way and for any purpose.

Participant warrants that 1) it will not provide Feedback that is subject to a license requiring Microsoft to license anything to third parties because Microsoft exercises any of the above rights in Participant’s Feedback; and 2) it owns or otherwise controls all of the rights to such Feedback and that no such Feedback is subject to any third-party rights (including any personality or publicity rights).

4. Use of Preview Service.

a. License Grant. During the Term, Microsoft grants to Participant and authorized users in Participant’s tenant for the Office 365 Services a non-exclusive, non-transferable, non-sublicensable right and license to access and use the Preview Service in accordance with this Agreement.

b. Use Terms. During the Term, this Agreement governs Participant’s use of the Preview Service and supersedes any Microsoft terms and conditions Services Agreement that may be linked in the user interface of the Preview Service. Participant acknowledges that (i) the Preview Service may not work correctly or in the manner that a commercial service may function; Microsoft may change it for the final, commercial version or choose not to release a commercial version; (ii) Microsoft may not provide support for the Preview Service; (iii) the Volume Licensing Agreement, including any obligations Microsoft may have regarding Customer Data, do not apply to the Preview Service or Participant Data; (iv) Microsoft has no obligation to hold, export or return Participant Data; (v) Microsoft has no liability for the deletion of Participant Data; and (vi) Participant may lose access to the Preview Service and Participant Data after the Term.

c. Acceptable Use. Neither Participant, nor those that access the Preview Service through Participant, may: (i) use the Preview Service (A) in a way prohibited by law, regulation, governmental order or decree; (B) to violate the rights of others; (C) to try to gain unauthorized access to or disrupt any service, device, data, account or network; (D) to spam or distribute malware; or (E) in a way that could harm the Preview Service or impair anyone else’s use of it; or (ii) reverse engineer, decompile, disassemble, or work around any technical limitations in the Preview Service, or use the Preview Service to create a competing product. Participant is responsible for responding to any third-party request regarding Participant’s use of the Preview Service or Participant Data, such as a request to take down Participant Data under the U.S. Digital Millennium Copyright Act or other applicable laws.

d. Data Collection, Use and Location. Microsoft Online Services Privacy Statement applies to the collection, use and location of Participant Data. In the event of a conflict between the Microsoft Online Services Privacy Statement and the terms of this Agreement, the terms of this Agreement will control.

5. Reservation of Rights. Subject to the licenses granted in this Agreement, (a) Participant retains all rights, title, and interest in and to Feedback and Participant Data, and (b) Microsoft retains all rights, title, and interest in and to the Preview Service and Program Materials. Participant receives no rights or licenses to the intellectual property of Microsoft under this Agreement, whether by implication, estoppel or otherwise.

6. Term and Termination.

a. Term; Termination Rights. The Term begins on the Effective Date and will continue until the earlier of (i) the date that Microsoft terminates the Preview Program; or (ii) Microsoft Whiteboard becomes generally available to the public (i.e., no longer a preview). Participant’s continued participation in the Preview Program is always voluntary for both Participant and Microsoft. Either Microsoft or Participant may terminate this Agreement upon five days’ prior written notice to the other party. Microsoft may also terminate this Agreement or suspend Participant’s use of the Preview Service upon prior written notice to Participant if Participant breaches this Agreement and either (i) the breach is one that cannot be cured, or (ii) Participant fails to cure the breach within five days after it receives notice of the breach.

b. Effect of Termination. Upon the termination or expiration of this Agreement, Participant will cease using the Preview Service unless the parties have entered into an arrangement for Participant’s continued use of the Preview Service after the Term.

7. Confidentiality.

i. Existing NDA. The information shared under this Agreement (except Feedback) is Confidential Information (defined in the NDA) subject to the NDA. If the parties do not have an existing NDA that is in effect, Section 7(b) - (c) will apply.

ii. Use of Confidential Information. Beginning on the day of disclosure and for a period of five years thereafter, neither party will disclose the other party’s Confidential Information to a third party. Each party will (a) use such information only for purposes of this business relationship, and (b) take reasonable steps to protect the other party’s Confidential Information. A party may disclose the other party’s Confidential Information to its Affiliates, employees, and contractors only on a need-to-know basis, subject to the obligations of this section. If a party so discloses the other party’s Confidential Information, that party remains responsible for any unauthorized use or disclosure.

iii. Residuals. Each party receiving Residuals may freely use them without payment, and need not limit personnel assignments based on access to Confidential Information. This section is not a copyright or patent license and does not modify duties to safeguard Confidential Information.

8. Representations and Warranties.

a. By the Parties. Each party represents and warrants to the other party that (i) it has all necessary rights, title, and authority to enter into and perform under this Agreement; (ii) its performance under this Agreement will not breach any agreement with a third party; and (iii) it will comply with any and all laws, rules, and regulations that are applicable to its performance under this Agreement.


9. Limitation of Liability. Except as otherwise described in this Section 9, the only remedy either party has for claims relating to this Agreement or participation in any specific Preview Program is to terminate this Agreement or Participant’s participation in such program. NEITHER PARTY WILL BE LIABLE TO THE OTHER PARTY FOR ANY DAMAGES, INCLUDING DIRECT, INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, OR DAMAGES FOR LOST REVENUE, LOST PROFIT, LOST BUSINESS INFORMATION, OR BUSINESS INTERRUPTION, EVEN IF THE PARTY KNEW OR SHOULD HAVE KNOWN OF THE POSSIBILITY OF SUCH DAMAGES. The limitations in this Section 9 do not apply to claims arising from any breach of confidentiality obligations under Section 7.

10. General.

a. Non-Exclusivity. This Agreement is nonexclusive. It does not restrict either party from entering into the same or similar arrangement with any third party.

b. Relationship. Each party is an independent contractor. This Agreement does not create an employer-employee relationship, partnership, joint venture, franchise, or agency relationship.

c. Notices. Notices may be provided either by electronic or physical mail. The Participant identified on the first page of this Agreement will receive notices on behalf of their respective company. A party may change the person(s) to whom notices will be sent by giving notice to the other party.

d. Jurisdiction and Governing Law. The laws of the State of Washington, excluding conflicts of law provisions, govern this Agreement. If federal jurisdiction exists, then each party consents to exclusive jurisdiction and venue in the federal courts in King County, Washington. If no federal jurisdiction exists, then each party consents to exclusive jurisdiction and venue in the Superior Court of King County, Washington.

e. Force Majeure. A party will not be liable for failure to perform an obligation under this Agreement to the extent that failure is due to a cause beyond that party’s reasonable control, including natural disaster, war, civil disturbance, or governmental action.

f. Attorneys’ fees. If a party employs attorneys to enforce any rights arising out of or relating to this Agreement, the prevailing party will be entitled to recover its reasonable attorneys’ fees, costs, and other expenses.

g. Waiver. A party’s delay or failure to exercise any right or remedy will not result in a waiver of that or any other right or remedy.

h. Severability. If any court of competent jurisdiction determines that any provision of this Agreement is illegal, invalid, or unenforceable, then remaining provisions will remain in full force and effect.

i. Assignment. Participant may not assign this Agreement or delegate any of its rights or obligations under this Agreement to a third party without Microsoft’s prior written consent.

j. Entire Agreement. This Agreement is the entire agreement between the parties regarding its subject matter and replaces all prior agreements, communications, and representations between the parties regarding its subject matter.

k. Amendment. This Agreement may be changed only by an amendment signed by both parties.

l. Counterparts. The parties may execute this Agreement in counterparts. Each counterpart will be deemed an original, and all counterparts will constitute one agreement binding both parties. Facsimile signatures will be considered binding.

m. Survival. Section 3.b. (Feedback), 6 (Term and Termination), 7 (Confidentiality), 8 (Representations and Warranties), 9 (Limitation of Liability), and 10 (General) will survive this Agreement’s expiration or termination.

11. To the extent Microsoft is a processor of Personal Data subject to the GDPR Terms in Attachment 1 govern that processing and the parties also agree to the following terms:

i. Processing Details: The parties acknowledge and agree that:

· The subject-matter of the processing is limited to Personal Data within the scope of the GDPR;

· The duration of the processing shall be for the duration of the Participant’s right to use the Preview Service and until all Personal Data is deleted or returned in accordance with Customer instructions or this Agreement;

· The nature and purpose of the processing shall be to provide the Preview Service pursuant to the Agreement;

· The types of Personal Data processed by the Preview Service include those expressly identified in Article 4 of the GDPR to the extent included by Customer in Customer Data; and

· The categories of data subjects are Participant’s representatives and end users, such as employees, contractors, collaborators, and customers.

ii. Data Transfers:

· Customer Data and Personal Data that Microsoft processes on Participant’s behalf may be transferred to, and stored and processed in, the United States or any other country in which Microsoft or its Subprocessors operate. Participant appoints Microsoft to perform any such transfer of Customer Data and Personal Data to any such country and to store and process Customer Data and Personal Data to provide the Preview Service.

· Microsoft will abide by the requirements of European Economic Area and Swiss data protection law regarding the collection, use, transfer, retention, and other processing of Personal Data from the European Economic Area and Switzerland. All transfers of Personal Data to a third country or an international organization will be subject to appropriate safeguards as described in Article 46 of the GDPR and such transfers and safeguards will be documented according to Article 30(2) of the GDPR.

· In addition, Microsoft is certified to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks and the commitments they entail. Microsoft agrees to notify Participant in the event that it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Privacy Shield principles.

Attachment 1 – European Union General Data Protection Regulation Terms (“GDPR Terms”)

For purposes of these GDPR Terms, Participant and Microsoft agree that Participant is the controller of Personal Data and Microsoft is the processor of such data, except when Participant acts as a processor of Personal Data, in which case Microsoft is a subprocessor. These GDPR Terms apply to the processing of Personal Data, within the scope of the GDPR, by Microsoft on behalf of Participant. These GDPR Terms do not limit or reduce any data protection commitments Microsoft makes to Participant in other agreement between Microsoft and Participant. These GDPR Terms do not apply where Microsoft is a controller of Personal Data.

Relevant GDPR Obligations: Articles 28, 32, and 33

1. Microsoft shall not engage another processor without prior specific or general written authorisation of Participant. In the case of general written authorisation, Microsoft shall inform Participant of any intended changes concerning the addition or replacement of other processors, thereby giving Participant the opportunity to object to such changes. (Article 28(2))

2. Processing by Microsoft shall be governed by these GDPR Terms under European Union (hereafter “Union”) or Member State law and are binding on Microsoft with regard to Participant. The subject-matter and duration of the processing, the nature and purpose of the processing, the type of Personal Data, the categories of data subjects and the obligations and rights of the Participant are set forth in section 11 above, including these GDPR Terms. In particular, Microsoft shall:

(a) process the Personal Data only on documented instructions from Participant, including with regard to transfers of Personal Data to a third country or an international organisation, unless required to do so by Union or Member State law to which Microsoft is subject; in such a case, Microsoft shall inform Participant of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest;

(b) ensure that persons authorised to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;

(c) take all measures required pursuant to Article 32 of the GDPR;

(d) respect the conditions referred to in paragraphs 1 and 3 for engaging another processor;

(e) taking into account the nature of the processing, assist Participant by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Participant’s obligation to respond to requests for exercising the data subject's rights laid down in Chapter III of the GDPR;

(f) assist Participant in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR, taking into account the nature of processing and the information available to Microsoft;

(g) at the choice of Participant, delete or return all the Personal Data to Participant after the end of the provision of services relating to processing, and delete existing copies unless Union or Member State law requires storage of the Personal Data;

(h) make available to Participant all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR and allow for and contribute to audits, including inspections, conducted by Participant or another auditor mandated by Participant.

Microsoft shall immediately inform Participant if, in its opinion, an instruction infringes the GDPR or other Union or Member State data protection provisions. (Article 28(3))

3. Where Microsoft engages another processor for carrying out specific processing activities on behalf of Participant, the same data protection obligations as set out in these GDPR Terms shall be imposed on that other processor by way of a contract or other legal act under Union or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the GDPR. Where that other processor fails to fulfil its data protection obligations, Microsoft shall remain fully liable to the Participant for the performance of that other processor's obligations. (Article 28(4))

4. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Participant and Microsoft shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:

(a) the pseudonymisation and encryption of Personal Data;

(b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;

(c) the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; and

(d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. (Article 32(1))

5. In assessing the appropriate level of security, account shall be taken of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed. (Article 32(2))

6. Participant and Microsoft shall take steps to ensure that any natural person acting under the authority of Participant or Microsoft who has access to Personal Data does not process them except on instructions from Participant, unless he or she is required to do so by Union or Member State law. (Article 32(4))

7. Microsoft shall notify Participant without undue delay after becoming aware of a personal data breach. (Article 33(2)). Such notification will include that information a processor must provide to a controller under Article 33(3) to the extent such information is reasonably available to Microsoft.