PRIVACY POLICY Azure Active Directory B2C

1. DATA CONTROLLER

The data controller ("Controller") for this service under the General Data Protection Regulation ("GDPR") of the European Union ("EU") is: Fecton Software Sales GmbH, Maria-Theresia-Straße 51, 4600 Wels, Austria.

2. RIGHTS OF DATA SUBJECTS

According to the GDPR, every natural person ("data subject") has the right to exercise the following general rights regarding their personal data processed by us.

Personal data refers to any information related to an identified or identifiable natural person. To define terms, this Privacy Policy ("Privacy Policy") generally refers to the legal definitions as per Article 4 GDPR.

2.1 WITHDRAWAL OF CONSENT

For all data processing or transfers based on consent, you can withdraw your consent at any time for the future. If you withdraw your consent, the legality of the data processing affected by this withdrawal will expire from the time of withdrawal for the future (Art. 7 (3) GDPR).

2.2 OBJECTION BASED ON LEGITIMATE INTEREST

If the legal basis for processing your data is a legitimate interest according to Art. 6 (1) lit. f GDPR, you can object to this type of data processing (Art. 21 GDPR). If the data processing in question involves direct marketing, you do not need to further justify your objection; in all other cases, you would need to justify your objection based on your specific situation.

2.3 RECTIFICATION

You can request us to correct your data if we have stored incorrect information about you (Art. 16 GDPR).

2.4 INFORMATION

You can request information about what personal data is being processed about you (Art. 15 GDPR).

2.5 RESTRICTION AND ERASURE

You can request that we delete your personal data or restrict its processing, provided there are no overriding retention obligations contrary to your request (Art. 17 or 18 GDPR).

2.6 DATA PORTABILITY

You can request to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format for transfer to third parties (Art. 20 GDPR).

2.7 COMPLAINT TO THE SUPERVISORY AUTHORITY

You can file a complaint about the data processing carried out by us with an EU supervisory authority for data protection.

3. LEGAL BASIS OF DATA PROCESSING

Every form of processing personal data requires a legal basis that allows us to process such data. The legal basis is primarily determined by the purpose for which the data is processed. Legality within a legal basis is regularly measured by the specific scope of data processing and the measures we have taken to protect your data.

All legal bases for data processing arise from Article 6 (1) GDPR and, for particularly sensitive data such as health data, from Article 9 (2) GDPR. These two provisions mention the preparation or fulfillment of contractual, legal, or social obligations as the main legal basis for data processing. In addition, many data processing operations are carried out in our legitimate interest unless the interests of the data subjects outweigh the data processing in light of the specific circumstances. Finally, there is the possibility that data processing is based on your consent (Article 7 GDPR) or, for persons under 16 years of age when using information society services (e.g., websites, online games, social media platforms) by children or adolescents in connection with the consent of a parent or legal guardian (Article 8 GDPR).

At this point, we would like to explicitly state that none of our services are directed at persons under 16 years of age.

4. DATA PROCESSING

4.1 COOKIES

Our browser-based services use so-called cookies. These are text files that are stored by your browser on your device when you visit a website. Various information can be stored in a cookie. Sometimes, a cookie only stores a yes or no ("true" or "false"), sometimes a string is stored that allows the browser to be uniquely identified when revisiting the website.

The right to set cookies is measured not only by the GDPR but also by the ePrivacy Directive of the European Union of 2002 as amended in 2009 and its implementation into national law. The ePrivacy Directive distinguishes between (essential) cookies that are absolutely necessary for the operation of the online service and those that are not. Essential cookies can also be set without consent, but non-essential cookies always require consent - even if not required under the GDPR (and, for example, legitimate interest is the legal basis).

The purpose of each cookie and the legal basis for its use under GDPR can be found in the following description of each data processing.

For reliable identity and access management, we use Microsoft Azure Active Directory B2C.

The cookies used by Azure Active Directory B2C are listed below:

CookieDescriptionExpiration Time
x-ms-cpim-adminContains user membership data across tenants. The tenants to which a user belongs and the membership level (admin or user).End of browser session
x-ms-cpim-sliceUsed to route requests to the appropriate production instance.End of browser session
x-ms-cpim-transUsed for tracking transactions (number of authentication requests to Azure AD B2C) and the current transaction.End of browser session
x-ms-cpim-sso:{id}Used to maintain the single sign-on session.End of browser session
x-ms-cpim-cache:{id}_nUsed to maintain the request state.End of browser session, successful authentication
x-ms-cpim-csrfCross-Site Request Forgery Token for CRSF protection.End of browser session
x-ms-cpim-dcUsed for network routing from Azure AD B2C.End of browser session
x-ms-cpim-ctxContextEnd of browser session
x-ms-cpim-rpUsed to store membership data for the resource provider tenant.End of browser session
x-ms-cpim-rcUsed for storing the relay cookies.End of browser session

4.2 USER ACCOUNT REGISTRATION

DESCRIPTION

You can create a personal user account on our website. With this account, you can log in to all services available to the customer. We process only data necessary for providing a login and associating your account with the corresponding service contract of your organization.

For reliable identity and access management, we use Microsoft Azure Active Directory B2C. The cookies used by Azure Active Directory B2C, listed above, are session cookies and are deleted after the end of the browser session. For more information about Azure Active Directory B2C, visit: https://docs.microsoft.com/en-us/azure/active-directory-b2c/cookie-definitions

For general privacy information regarding access to our website, please visit our general privacy policy: https://www.fecton.com/datenschutz/

DATA CATEGORIES

Registration data (Name, email address, encrypted password, timestamp for acceptance of the privacy policy, accepted version of the privacy policy), activity history (Timestamp of account creation, login, and logout), access authentication data (as processed by Microsoft Azure Active Directory B2C cookies)

DATA RECIPIENTS

Microsoft Ireland Operations Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521, Ireland, as our service provider for the customer database, is obligated to protect your data through a data processing agreement (Article 28 GDPR).

DATA TRANSFER TO A THIRD COUNTRY

If the EU subsidiary of Microsoft Corp. transfers personal data outside the European Economic Area (EEA), this transfer is carried out through EU Standard Contractual Clauses.

PURPOSE + LEGAL BASIS

The operation of your user account serves the fulfillment of our respective terms of use. The legal basis is contract fulfillment.

STORAGE DURATION

Your customer data remains active until your customer relationship with us ends. After that, we store the data depending on the respective retention obligations concerning our business relationship.

Je früher Sie Fecton kontaktieren, desto länger profitieren Sie von den Vorteilen unserer individualisierbaren Software-Lösungen. Senden Sie uns jetzt eine Nachricht. Wir antworten so schnell wie möglich.
Termin vereinbaren

FECTON SOFTWAREVERTRIEB GMBH

Maria-Theresia-Straße 51
AT-4600 Wels
+43 7242 306070
office@fecton.com