Azure Stack Hub 日志和客户数据处理Azure Stack Hub log and customer data handling

在某种程度上 Azure 是 Azure Stack Hub 相关个人数据的处理方或辅助处理方,Azure 对所有客户提供以下承诺(从 2018 年 5 月 25 日开始生效):To the extent Azure is a processor or subprocessor of personal data in connection with Azure Stack Hub, Azure makes to all customers, effective May 25, 2018, the following commitments:

  • 联机服务条款的“数据保护条款”部分中的“个人数据的处理;GDPR”条款。The "Processing of Personal Data; GDPR" provision in the "Data Protection Terms" section of the Online Services Terms.
  • 联机服务条款附件 4 中的“欧盟一般数据保护条例条款”。The European Union General Data Protection Regulation Terms in Attachment 4 of the Online Services Terms.

由于 Azure Stack Hub 驻留在客户数据中心,因此,对于通过诊断遥测与 Azure 共享的数据,Azure 是唯一的数据控制方。As Azure Stack Hub resides in customer datacenters, Azure is the Data Controller solely of the data that is shared with Azure through Diagnostics, and Telemetry.

数据访问控制Data access controls

Azure 员工受派调查特定的支持案例时,将获得加密数据的只读访问权限。Azure employees, who are assigned to investigate a specific support case, will be granted read-only access to the encrypted data. 如果需要,Azure 员工还有权访问用于删除数据的工具。Azure employees also have access to tools used to delete the data if needed. 对客户数据的所有访问都会受到审核和记录。All access to the customer data is audited and logged.

数据访问控制:Data access controls:

  • 在结案后,数据最多只保留 90 天。Data is only kept for a maximum of 90 days after case close.
  • 在 90 天期限内,客户随时可以删除数据。The customer always has the choice to have the data removed at any time in that 90-day period.
  • Azure 员工获得的数据访问权限根据不同的案例而定,并且只在需要帮助解决支持问题时才能获得该访问权限。Azure employees are given access to the data on a case-by-case basis and only as needed to help resolve the support issue.
  • 如果 Azure 必须与 OEM 合作伙伴共享客户数据,必须经得客户的同意。In the event where Azure must share customer data with OEM partners, customer consent is mandatory.

客户可以实施哪些数据主题请求 (DSR) 控制?What Data Subject Requests (DSR) controls do customers have?

Azure 根据客户请求提供按需删除数据的支持。Azure supports on-demand data deletion per customer request. 客户可以请求我们的支持工程师之一在任何时间删除给定案例的所有日志,然后再将数据永久擦除。Customers can request that one of our support engineers delete all their logs for a given case at any time, before the data is permanently erased.

删除数据时,Azure 是否通知客户?Does Azure notify customers when the data is deleted?

对于自动化数据删除操作(案例关闭后 90 天),我们不会主动联系客户并通知他们有关删除的信息。For the automated data deletion action (90 days after case close), we don't proactively contact customers and notify them about the deletion.

对于按需删除数据操作,Azure 支持工程师有权访问相应的工具进行按需数据删除。For the on-demand data deletion action, Azure support engineers have access to the tool that lets them delete data on demand. 他们可以在完成删除后通过电话向客户提供确认。They can provide confirmation on the phone with the customer when it's done.

诊断数据Diagnostic data

在支持过程中,Azure Stack Hub 操作员可与 Azure Stack Hub 支持和工程团队共享诊断日志,以方便进行故障排除。As part of the support process, Azure Stack Hub Operators can share diagnostic logs with Azure Stack Hub support and engineering teams to help with troubleshooting.

Azure 为客户提供所需的工具和脚本用于收集及上传请求的诊断日志文件。Azure provides a tool and script for customers to collect and upload requested diagnostic log files. 收集日志文件后,这些文件将通过 HTTPS 保护的加密连接发送到 Azure。Once collected, the log files are transferred over an HTTPS protected encrypted connection to Azure. 由于 HTTPS 提供在线加密,因此传输中加密无需密码。Because HTTPS provides the encryption over the wire, there's no password needed for the encryption in transit. Azure 收到日志后,会加密并存储日志,在关闭支持案例 90 天后自动将其删除。After they're received, logs are encrypted and stored until they're automatically deleted 90 days after the support case is closed.

遥测数据Telemetry data

Azure Stack Hub 遥测通过互连用户体验将系统数据自动上传到 Azure。Azure Stack Hub telemetry automatically uploads system data to Azure via the Connected User Experience. Azure Stack Hub 操作员可以随时控制自定义遥测功能和隐私设置。Azure Stack Hub Operators have controls to customize telemetry features and privacy settings at any time.

Azure 无意收集敏感数据,例如信用卡号、用户名和密码、电子邮件地址等。Azure doesn't intend to gather sensitive data, such as credit card numbers, usernames and passwords, email addresses, and so on. 如果我们确定敏感信息是无意中收集到的,我们会予以删除。If we determine that sensitive information has been inadvertently received, we delete it.

后续步骤Next steps

详细了解 Azure Stack Hub 安全性Learn more about Azure Stack Hub security