Please supply me with any information, documentation, contract clause change or emails, etc. that you have received in the past two years which identify any countries where Microsoft can or actually do process any data you have uploaded to the following services:
1 - Any service operated by or on the Microsoft Azure cloud platform by any of your processors or contracted service providers (including a direct contract with Microsoft)
2 - Any Microsoft M365 service
For the purposes of this request you should consider any offshored administration or direct system support as being ‘processing’, whether this relates to personal data or not - this is not a GDPR specific request.