PRIVACY STATEMENT Azure Active Directory B2C
The controller ("controller") for this service within the meaning of the General Data Protection Regulation ("GDPR") of the European Union ("EU") is: Fecton Softwarevertrieb GmbH, Maria-Theresia-Straße 51, 4600 Wels, Austria.
In accordance with the GDPR, every natural person ("data subject") has the right to exercise the following general rights in relation to their personal data processed by us.
Personal data refers to any information relating to an identified or identifiable natural person. For the definition of terms, this Privacy Policy ("Privacy Policy") generally refers to the legal definitions pursuant to Article 4 GDPR.
For all data processing or data transfers based on consent, you can revoke your consent at any time for the future. If you withdraw your consent, the lawfulness of the data processing affected by this withdrawal expires from the time of withdrawal for the future (Art. 7 para. 3 GDPR).
If the legal basis for the processing of your data is a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR, you can object to this type of data processing (Art. 21 GDPR). If the data processing in question is direct marketing, you do not have to give any further reasons for your objection; in all other cases, you would have to justify your objection on the basis of your particular situation.
You can ask us to correct your data if we have stored incorrect information about you (Art. 16 GDPR).
You can request information from us about which of your personal data is being processed (Art. 15 GDPR).
You can request that we erase your personal data or restrict its processing, provided that no overriding retention obligations conflict with your request (Art. 17 or 18 GDPR).
You may request to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format for transmission to third parties (Art. 20 GDPR).
You can lodge a complaint with an EU data protection supervisory authority about the data processing we carry out.
Any form of processing of personal data requires a legal basis that enables us to process such data. The legal basis is primarily determined by the purpose for which the data is processed. The lawfulness within a legal basis is regularly measured by the specific scope of the data processing and the measures we have taken to protect your data.
All legal bases for data processing result from Article 6 para. 1 GDPR and for particularly sensitive data, such as health data, from Article 9 para. 2 GDPR. These two provisions name the preparation or fulfillment of contractual, legal or social obligations as the most important legal basis for data processing. In addition, many data processing operations are carried out in our legitimate interest, unless the interests of the data subjects outweigh the data processing in view of the specific circumstances. Finally, there is the possibility that data processing is based on your consent (Article 7 GDPR) or for persons under the age of 16 when using information society services (e.g. websites, online games, social media platforms) by children or adolescents in connection with the consent of a parent or guardian (Article 8 GDPR).
At this point we would like to expressly point out that none of our services are aimed at persons under the age of 16.
Our browser-based services use so-called cookies. These are text files that are stored on your device by your browser when you visit a website. Various information can be stored in a cookie. Sometimes a cookie only stores a yes or no ("true" or "false"), sometimes a character string is stored that enables the browser to be uniquely identified when the website is visited again.
The right to set cookies is measured not only by the GDPR, but also by the European Union's ePrivacy Directive of 2002 as amended in 2009 and its transposition into national law. The ePrivacy Directive distinguishes between (essential) cookies, which are absolutely necessary for the operation of the online service, and those that are not. Essential cookies can also be set without consent, but non-essential cookies always require consent - even if this is not required under the GDPR (and there is a legitimate interest as a legal basis, for example).
The purpose of each cookie and the legal basis for its use in accordance with the GDPR can be found in the following description of the individual data processing.
We use Microsoft Azure Active Directory B2C for reliable identity and access management.
The cookies used by Azure Active Directory B2C are listed below:
Cookie | Description | Expiry time |
x-ms-cpim-admin | Contains membership data of a user across clients. The clients to which a user belongs and the membership level (admin or user). | End of the browser session |
x-ms-cpim-slice | Is used to forward requests to the corresponding production instance. | End of the browser session |
x-ms-cpim-trans | Used for tracking transactions (number of authentication requests to Azure AD B2C) and the current transaction. | End of the browser session |
x-ms-cpim-sso:{id} | Is used to maintain the SSO session. | End of the browser session |
x-ms-cpim-cache:{id}_n | Is used to maintain the request status. | End of the browser session, successful authentication |
x-ms-cpim-csrf | Cross-site request forgery token for CRSF protection. | End of the browser session |
x-ms-cpim-dc | Used for the Azure AD B2C network line. | End of the browser session |
x-ms-cpim-ctx | Context | End of the browser session |
x-ms-cpim-rp | Used to save membership data for the resource provider client. | End of the browser session |
x-ms-cpim-rc | Used to store the relay cookie. | End of the browser session |
You can create a personal user account on our website. You can use this account to log in to all services available to the customer. To manage your account, we only process data that is required to provide a login and assign your account to the corresponding service contract of your organization.
We use Microsoft Azure Active Directory B2C for reliable identity and access management. The cookies used by Azure Active Directory B2C listed above are session cookies and are deleted at the end of the browser session. Further information on Azure Active Directory B2C can be found at: https://docs.microsoft.com/en-us/azure/active-directory-b2c/cookie-definitions
For general data protection information on accessing our website, please visit our general privacy policy: https://www.fecton.com/datenschutz/
Registration data (name, email address, encrypted password, timestamp for acceptance of privacy policy, accepted version of privacy policy), activity history (timestamp of account creation, login and logout), access authentication data (as processed by Microsoft Azure Active Directory B2C cookies)
Microsoft Ireland Operations Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521, Ireland, as our service provider for the customer database, is obliged to protect your data by means of a data processing agreement (Article 28 GDPR).
If the EU subsidiary of Microsoft Corp. transfers personal data outside the European Economic Area (EEA), this transfer will be governed by EU standard data protection clauses.
The operation of your user account serves to fulfill our corresponding user agreement. The legal basis is the fulfillment of the contract.
Your customer data remains active until your customer relationship with us ends. Thereafter, we store the data depending on the respective retention obligations relating to our business relationship.