Trust & Compliance

Privacy First: Your Confidence, Our Commitment

We understand the critical importance of privacy and data security in today's digital landscape.

We're all about keeping your data safe and sound. We're dedicated to maintaining top-notch data protection standards.

Backed by our ISO27001 certification, we strive to provide you with the utmost confidence in our commitment to protecting your sensitive information.

Legal Documents

FAQ

Data Flow Diagrams

Cloud Security

The most important information at a glance

How is the data processed (Data Flow)?

For a comprehensive understanding of the flow and destination of data, please refer to our two data flow diagrams:

For DocumentsCorePack: DCP Data Flow Diagram
For AttachmentExtractor: AE Data Flow Diagram

Which data is processed?

Customers have full control over this aspect whether through DocumentsCorePack's Template Designer or by adjusting settings in AttachmentExtractor. They have the ability to define the data to be processed, potentially including personal information.

Where is the data processed?

This choice is also left to the customer. During service configuration, you choose the data center (location) where the service will operate.
By default, the data center with the optimal bandwidth connection to the customer's Dynamics 365 instance is preselected.

Full list of possible locations

How is the communication secured?

The cloud service communicates securely with Dynamics 365 web services using methods provided by the Dynamics 365 SDK (TLS 1.2, OAuth authentication).

Is there any data being stored (data at rest)?

No, during standard document generation, data is only retained in memory and not stored beyond the creation process. However, there are three exceptions:

1. When debugging is enabled by the customer.
2. For large document package requests.
3. Customer-activated file storage in Azure Blob.

In the first two specific cases, data is stored in the mscrm-addons.com environment, isolated by services with restricted access. Additionally, the data is automatically deleted after 7 days.

Customers can choose to store temporary document files either as annotations in Dynamics 365 (default), in their own Azure Blob or in an Azure Blob managed by mscrm-addons.com. When stored in their own Dynamics 365 or Azure Blob, the customer is fully responsible for managing and deleting the files. In those scenarios, data is never stored on mscrm-addons.com’s infrastructure or Azure Blob.

If the customer selects to store the temporary files in an Azure Blob managed by mscrm-addons.com, the files are stored in mscrm-addons.com's environment, where they are automatically deleted after 7 days. Each storage instance on mscrm-addons.com’s side is isolated by services to ensure security and separation.

Are there any third-party involvements?

Yes, the service runs on one of our servers hosted in the Microsoft Azure Datacenter.

Third-party compliance: Azure Compliance Overview

Have you conducted an external penetration test?

Yes, a comprehensive gray-box penetration test was performed on the website, service configuration, and Azure infrastructure of https://mscrm-addons.com, in compliance with OWASP Top 10 standards.

The most recent certification can be found here.

See how it works
Here is our complete FAQ sheet for download.

Legal Safeguards

Discover our key legal documents for data protection & more!

General Terms & Conditions

Your guide to fair usage

Data Processing Agreement

Ensuring data security and compliance

Having any questions or concerns?

Julian Handl
Office & Certified ISMS Manager
gdpr@ptm-edv.at

I would like to
Data processing topic
Questions about the contracts
Other
Name

First Name
Last Name
Email
Your message
Captcha