Trust & Compliance

Privacy First: Your Confidence, Our Commitment

We understand the critical importance of privacy and data security in today's digital landscape.

We're all about keeping your data safe and sound. We're dedicated to maintaining top-notch data protection standards.

Backed by our ISO27001 certification, we strive to provide you with the utmost confidence in our commitment to protecting your sensitive information.

Legal Documents

FAQ

Data Flow Diagrams

Cloud Security

The most important information at a glance

How is the data processed (Data Flow)?

For a comprehensive understanding of the flow and destination of data, please refer to our two data flow diagrams:

For DocumentsCorePack: DCP Data Flow Diagram
For AttachmentExtractor: AE Data Flow Diagram

Which data is processed?

Customers have full control over this aspect whether through DocumentsCorePack's Template Designer or by adjusting settings in AttachmentExtractor. They have the ability to define the data to be processed, potentially including personal information.

Where is the data processed?

This choice is also left to the customer. During service configuration, you choose the data center (location) where the service will operate.
By default, the data center with the optimal bandwidth connection to the customer's Dynamics 365 instance is preselected.

Full list of possible locations

How is the communication secured?

The cloud service communicates securely with Dynamics 365 web services using methods provided by the Dynamics 365 SDK (TLS 1.2, OAuth authentication).

Is there any data being stored (data at rest)?

No, during the standard document generation, data is solely retained in memory and not stored beyond the document creation process. However, there are two exceptions:

1. Debugging enabled by customer
2. Large document package requests

In both exceptional circumstances, data is stored in distinct folders on the same Azure server as the service, ensuring limited access and encrypted with 256-bit AES. Furthermore, the data is automatically deleted after 14 days.

Are there any third-party involvements?

Yes, the service runs on one of our servers hosted in the Microsoft Azure Datacenter.

Third-party compliance: Azure Compliance Overview

Have you conducted an external penetration test?

Yes, a comprehensive gray-box penetration test was performed on the website, service configuration, and Azure infrastructure of https://mscrm-addons.com, in compliance with OWASP Top 10 standards.

The most recent certification can be found here.

See how it works
Here is our complete FAQ sheet for download.

Legal Safeguards

Discover our key legal documents for data protection & more!

General Terms & Conditions

Your guide to fair usage

Data Processing Agreement

Ensuring data security and compliance

Having any questions or concerns?

Julian Handl
Office & Certified ISMS Manager
gdpr@ptm-edv.at

I would like to
Data processing topic
Questions about the contracts
Other
Name

First Name
Last Name
Email
Your message
Captcha