aurenz Presence Hub SaaS - Privacy Policy

Protecting your privacy is important to aurenz GmbH. Please take a moment to read the privacy policy of aurenz GmbH. 

1. Data protection at a glance

General Information

The following notices provide a simple overview of what happens to your personal data when you use PresenceHub from aurenz GmbH. Personal data is any data that can be used to identify you personally. For detailed information on data protection, please refer to the privacy policy listed in this text.

Data collection in aurenz Presence Hub

Who is responsible for data collection?
Responsible for data processing in the PresenceHub is the aurenz GmbH. You can find their contact details under point 2: General information and mandatory information. 


What data is collected in the Presence Hub?

The Presence Hub accesses the following data of the customer:
- User: id, displayName, mail, department, givenName, surname, jobTitle, businessPhones of the user for which the service is licensed. 
- Microsoft tenant ID,
- Presence status change notifications, 
- Users extension/endpoint name from the connected PBX/UC-plattform
- User access token of the "service user" (used for Graph API access with delegate permissions)
- User RingCentral API access token of the API user that is used to access the RingCentral API (API access point) 
- Number of licenses

Why is this data collected?
Data that is stored is necessary for the proper operation of the Presence Hub.


Deletion
We delete all data, including log entries for a customer, as soon as the SaaS has been canceled and the data is not needed anymore to provide the Presence Hub service (24h after cancelation or 7 days after the subscription was suspended), billing information (90 days after cancelation) and license management (30 days after cancelation).


What rights do you have regarding your data?
You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have a right to request the correction, blocking or deletion of this data. For this purpose, as well as for further questions on the subject of data protection, you can contact the address of the responsible office at any time. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.
You also have the right to request the restriction of the processing of your personal data under certain circumstances. For details, please refer to the privacy policy under "Right to restriction of processing".


Third-party tools
Detailed information on this can be found in the following under point 4.  


2. General notes and mandatory information

Data protection

The manufacturer of Presence Hub takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations and this privacy policy.
Personal data is data with which you can be personally identified. This Privacy Policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.
We would like to point out that data transmission on the Internet can have security gaps. Complete protection of data against access by third parties is not possible.
Note on the responsible office
The responsible party for data processing is:
aurenz GmbH
Hans-Böckler-Str. 29
73230 Kirchheim under Teck
Phone: +49 (0) 7021 73888-0
E-mail: info@aurenz.de

The responsible party is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses or similar).

By using Presence Hub, the user consents to the processing of the above data. Saving of data in case of objection to data processing can be disabled. This is equivalent to terminating the service, as the service will then no longer be operational.

Right of appeal to the competent supervisory authority 

In the event of violations of the GDPR, data subjects shall have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged violation. The right of appeal is without prejudice to other administrative or judicial remedies. 

Right to data portability 

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done insofar as it is technically feasible. 

Data security

The Presence Hub SaaS is based on the azure cloud services. We exclusively use the azure core services which are GDPR compliant.

TLS encryption (Encryption-in-transit)

For security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator, this site uses TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. TLS is also used for communication between all service components.

Data encryption (Encryption-at-rest)

As a data storage the azure SQL Database service with Transparent Data Encryption (TDE)  is used. The TDE encrypts the entire database using an AES encryption algorithm (details see here). Critical and very sensitiv data like access tokens are stored in azure Key Vaults. Key Vault encrypts secrets at rest with a hierarchy of encryption keys, with all keys in that hierarchy are protected by modules that are FIPS 140-2 compliant (details see here).

Integration type

During the Presence Hub SaaS onboarding process you grant permissions to access some of your Microsoft 365 tenant's data through the Microsoft Graph API. After completion of the onboarding the Presence Hub App is registered as Enterprise Application within your Azure Active Directory. You can revoke the granted rights at any time through the Azure Portal. To connect to your RingCentral instance through the RingCentral API you also have to give permissions to the Presence Hub App during the setup. This permissions can be revoked at anytime through the admin portal.

Information, blocking, deletion and correction 

Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of data processing and, if necessary, a right to correction, blocking or deletion of this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time at the address given in the responsible office. 

Right to restriction of processing 

You have the right to request the restriction of the processing of your personal data. To do this, you can contact us at any time at the address given in the imprint. The right to restriction of processing exists in the following cases: 

  • If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the review, you have the right to request the restriction of the processing of your personal data. 
  • If the processing of your personal data has happened / is happening unlawfully, you can request the restriction of data processing instead of deletion. 
  • If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of erasure. 
  • If you have lodged an objection pursuant to Art. 21 (1) GDPR, a balancing of your and our interests must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data. 

 

If you have restricted the processing of your personal data, this data may - apart from being stored - only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State. 

3. Data protection officer

Data protection officer required by law
We have appointed a data protection officer for our company.
Consulting Office Bergmeir GbR,
Am Meerbach 10
73035 Göppingen

Ralf Bergmeir
Phone: 07161 5078566
E-mail: ralf@bergmeir.com

 

4. third-party tools

Privacy Statement from Microsoft:
https://privacy.microsoft.com/en-us/privacystatement
Standard agreement/license terms from Microsoft:
https://learn.microsoft.com/de-de/azure/marketplace/standard-contract