Who is responsible for data collection?
Responsible for data processing in the PresenceHub is the aurenz GmbH. You can find their contact details under point 2: General information and mandatory information.
What data is collected in the Presence Hub?
The Presence Hub accesses the following data of the customer:
- User: id, displayName, mail, department, givenName, surname, jobTitle, businessPhones of the user for which the service is licensed.
- Microsoft tenant ID,
- Presence status change notifications,
- Users extension/endpoint name from the connected PBX/UC-plattform
- User access token of the "service user" (used for Graph API access with delegate permissions)
- User RingCentral API access token of the API user that is used to access the RingCentral API (API access point)
- Number of licenses
Why is this data collected?
Data that is stored is necessary for the proper operation of the Presence Hub.
We delete all data, including log entries for a customer, as soon as the SaaS has been canceled and the data is not needed anymore to provide the Presence Hub service (24h after cancelation or 7 days after the subscription was suspended), billing information (90 days after cancelation) and license management (30 days after cancelation).
What rights do you have regarding your data?
You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have a right to request the correction, blocking or deletion of this data. For this purpose, as well as for further questions on the subject of data protection, you can contact the address of the responsible office at any time. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.
Detailed information on this can be found in the following under point 4.
We would like to point out that data transmission on the Internet can have security gaps. Complete protection of data against access by third parties is not possible.
Note on the responsible office
The responsible party for data processing is:
73230 Kirchheim under Teck
Phone: +49 (0) 7021 73888-0
The responsible party is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses or similar).
By using Presence Hub, the user consents to the processing of the above data. Saving of data in case of objection to data processing can be disabled. This is equivalent to terminating the service, as the service will then no longer be operational.
Right of appeal to the competent supervisory authority
In the event of violations of the GDPR, data subjects shall have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged violation. The right of appeal is without prejudice to other administrative or judicial remedies.
Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done insofar as it is technically feasible.
The Presence Hub SaaS is based on the azure cloud services. We exclusively use the azure core services which are GDPR compliant.
TLS encryption (Encryption-in-transit)
For security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator, this site uses TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. TLS is also used for communication between all service components.
Data encryption (Encryption-at-rest)
As a data storage the azure SQL Database service with Transparent Data Encryption (TDE) is used. The TDE encrypts the entire database using an AES encryption algorithm (details see here). Critical and very sensitiv data like access tokens are stored in azure Key Vaults. Key Vault encrypts secrets at rest with a hierarchy of encryption keys, with all keys in that hierarchy are protected by modules that are FIPS 140-2 compliant (details see here).
During the Presence Hub SaaS onboarding process you grant permissions to access some of your Microsoft 365 tenant's data through the Microsoft Graph API. After completion of the onboarding the Presence Hub App is registered as Enterprise Application within your Azure Active Directory. You can revoke the granted rights at any time through the Azure Portal. To connect to your RingCentral instance through the RingCentral API you also have to give permissions to the Presence Hub App during the setup. This permissions can be revoked at anytime through the admin portal.
Information, blocking, deletion and correction
Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of data processing and, if necessary, a right to correction, blocking or deletion of this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time at the address given in the responsible office.
Right to restriction of processing
You have the right to request the restriction of the processing of your personal data. To do this, you can contact us at any time at the address given in the imprint. The right to restriction of processing exists in the following cases:
If you have restricted the processing of your personal data, this data may - apart from being stored - only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.
Data protection officer required by law
We have appointed a data protection officer for our company.
Consulting Office Bergmeir GbR,
Am Meerbach 10
Phone: 07161 5078566
Privacy Statement from Microsoft:
Standard agreement/license terms from Microsoft: