Privacy Policy
Updated: 20th of July, 2024
This Privacy Policy describes how data subjects’ personal data is collected, used and deleted while they visit our Platform website https://365sentri.com/ or while their personal data is processed on the Platform.
The controller and/or processor of personal data is 365Sentri OÜ, registry code 16935371, Narva mnt 5, Tallinn 10117, Estonia (365Sentri, we, or us).
Any references or links to third-party websites, services or products are subject to separate privacy policies and terms that 365Sentri does not control nor is responsible for. Please read third-party policies additionally to understand their scope. 365Sentri never knowingly adds any references or links to third parties that have a negative impact on privacy, but we cannot take responsibility for their actions if those third parties are not our service providers.
1. General Provisions
1.1 365Sentri ensures that the processing of personal data is in accordance with the legislation regarding the protection and security of personal data (including the General Data Protection Regulation of the European Union, GDPR), other personal data protection legislation, and good business practices.
1.2 365Sentri considers the privacy of individuals and the protection of their data important and makes the best efforts to ensure the security and protection of the information system and other data carriers.
2. Definitions
2.1 The Client means a Microsoft partner that provides support services for Tenants and is the data processor for End-User personal data.
2.2 End-User means an individual engaged by the Tenant and using Microsoft 365 services.
2.3 Microsoft means Microsoft Corporation which provides Microsoft 365 services and processes End-User personal data as a data processor on behalf of the Tenant (who is the data controller) according to their instructions.
2.4 Personnel means a natural person engaged by the client of 365Sentri in the course of which the client grants the respective person access to the Services.
2.5 Platform means the website https://365sentri.com/ provided by 365Sentri and/or the data processors.
2.6 Processing of personal data means viewing, collecting, saving, storing, altering, transmitting, or receiving personal data and other activities related to personal data.
2.7 Services means the services 365Sentri renders to its clients via the Platform or API for optimising operations, bolstering security, and elevating service delivery, in the course of which it has access to Personnel and End-User personal data.
2.8 Tenant means the data controller for End-User personal data that is processed on Microsoft 365 services and the Platform.
3. Purpose and Legal Basis for Processing Personal Data
3.1 365Sentri processes personal data necessary to provide the Services as well as to run and maintain the Platform. The specific role of 365sentri is:
3.1.1 the sub-processor with respect to End-User personal data in the course of providing the Services, whereas the Tenant is the data controller and the Client the data processor;
3.1.2 the data controller with respect to Personnel personal data processed in the course of providing the Services as well as running and maintaining the Platform.
3.2 In general, the legal basis for such a purpose is carried out in accordance with: Article 6(1)(a) of the GDPR (the data subject has consented to the specific data processing), Article 6(1)(b) of the GDPR (necessary for the performance of the contract or taking steps at specific request of the Client prior to entering into a contract), Article 6(1)(c) of the GDPR (processing is necessary for compliance with a legal obligation), or Article 6(1)(f) of the GDPR (necessary for legitimate interests provided that those interests are not outweighed by the rights and interests of the data subject).
3.3 365Sentri is processing the following personal data:
| Processing Activity | Data Categories | Purpose | Legal basis |
|---|---|---|---|
|
Client management |
Personnel data: name, email address, request content |
To enable 365Sentri to manage Client onboarding, subscription and contact details, and Client account, e.g. managing the list of Personnel with access to the Platform/API |
Contractual obligation |
|
Client communication |
Personnel data: name, email address, request content and communication data |
To resolve Client issues and respond to requests made by the Personnel |
Contractual obligation |
|
Account management |
Personnel data: name, email address, configuration data |
To enable the Client to register on the Platform and manage individual Personnel accounts that allow access to the Platform |
Contractual obligation |
|
Tenant management |
End-User data: name, email address, Microsoft 365 configuration data, event logs detailing changes made to data |
To allow the Client and its Personnel to manage Tenants and End-Users’ Microsoft 365 configuration |
Contractual obligation |
|
Logging Platform usage |
Personnel data and End-User data: Platform/API logs, i.e. logging the time and details of session events of Personnel, changes to configurations |
To improve the functionality and uptime of Services and the Platform |
Contractual obligation |
|
Website and related product maintenance and quality |
IP address of the device, device screen size, device type (unique device identifiers), browser information, geographic location (country only) |
To provide the Platform to website visitors and the Client |
Contractual obligation or legitimate interest, as applicable |
|
Web visitor analytics |
Online identifiers (including cookie identifiers and IP addresses) |
Website visitor statistics |
Consent or legitimate interest, as applicable |
|
Newsletters and offers |
Name, phone number, e-mail address |
Marketing for the Client sent to Personnel |
Consent. You can opt-out of our marketing emails at any time |
4. How We Collect Personal Data
4.1 The Personnel data we process is provided to us either directly by Personnel in order to onboard as a Client, register as our Platform user and while using our Services, or indirectly while we collect log files or use other tracking technologies.
4.2 The End-User data we process is provided to us indirectly from Clients that import Tenant configuration and End-User database to the Platform.
4.3 We may also collect some additional personal data indirectly. When visiting our website, we and our service providers may collect certain data using tracking technologies like cookies, web beacons and similar technologies. The use of web cookies is described on our website in the cookie banner.
4.4 Indirectly collected data may fall under the terms of third-party privacy policies while they act as independent data controllers. Please read those separately.
5. Disclosure of Personal Data
5.1 Any personal data we process will not be publicly displayed or shared. 365Sentri employees and business partners have access to personal data to the extent necessary for the performance of their work duties and are covered by confidentiality obligations.
5.2 365Sentri engages third-party service providers to provide, run, and maintain the Platform on our behalf. These service providers have access to personal data only to the extent necessary to perform their services, and they are contractually obligated to maintain the confidentiality and security of personal data.
5.3 We may disclose personal data if required to do so by law or in good faith belief that such action is necessary to comply with legal obligations, such as platform exchange of tax information or anti-money laundering obligations.
5.4 We share personal data with:
| Categories of Recipients | Reason for Sharing | Territory |
|---|---|---|
|
Service providers |
We work with service providers that work on our behalf which may need access to certain personal data to provide their services to us. These companies include those we have hired to operate the technical infrastructure that we need to provide service and assist in protecting and securing our systems and services as well as for business management and marketing. |
EEA/hosting location chosen by the Client from the predetermined list |
|
Payment providers |
For payment services we use a third-party payment service provider(s). Payment service providers process personal data separately as data controllers and thus their privacy policy applies. |
EEA |
|
Advertising partners |
We work with advertising partners to enable us to customize advertising and promotional content. We and our advertising partners process certain personal data to help us understand the Client’s interests or preferences so that we can deliver more relevant advertisements.
When doing this, we take into account the data protection requirements regarding consent and opt-out. |
EEA/USA |
6. Transmission of Personal Data
6.1 365Sentri processes personal data in the European Union (EU) and within the European Economic Area (EEA). 365Sentri receives, transmits, and processes personal data only digitally.
6.2 If we use service providers that process personal data outside the EEA, we make sure that the transfer of personal data is carried out in accordance with applicable privacy laws and, in particular, that appropriate contractual, technical, and organisational measures are in place (e.g. additional safeguards through Standard Contractual Clauses).
7. Security of Personal Data
7.1 We have taken necessary technical and organizational security measures to protect personal data against accidental or unlawful destruction, loss or alteration and against unauthorized disclosure, abuse, or other processing in violation of applicable laws.
8. Retention of Personal Data
8.1 The storage period of personal data depends on the legal obligations to store data (i.e. accounting regulations), contractual obligations, legitimate interest to provide the best services, or consent:
| Data type | Purpose | Retention time |
|---|---|---|
|
End-User data |
To allow the Client and its Personnel to manage Tenants and End-Users’ Microsoft 365 configuration |
End-User personal data is retained for the duration the related Tenant is active. If the Client removes the Tenant from its subscription or the subscription is terminated, the End-User data is deleted. However, event logs will be retained in any case for 24 months after their creation to improve the Services and the Platform or resolve any disputes |
|
Personnel data |
To enable 365Sentri to manage clients and client communication |
Until termination of the subscription and for an additional 24 months to improve the Services and the Platform or resolve any disputes |
|
Device information |
Providing the Platform and functionalities |
Until account deletion |
|
Online identifiers (including cookie identifiers and IP addresses) |
Website visitor statistics |
Until cookie retention time or request for data deletion |
|
Name, phone number, e-mail address |
Marketing |
Until withdrawal of consent |
9. Rights of the Data Subject
9.1 The data subject shall at all times have the right:
9.1.1 to be informed and to access personal data (to get information regarding personal data processed by us, accessed via the Platform);
9.1.2 to data portability (to receive personal data from us in a structured, commonly used and machine-readable format and to independently transmit the data to a third party);
9.1.3 to erasure (to have personal data we process erased from our systems if the personal data is no longer necessary for the related purposes);
9.1.4 to object and restrict (to object to the processing of personal data and restrict it in certain cases);
9.1.5 to rectification (to request corrections to personal data);
9.1.6 to withdraw consent (upon having been given consent, the said consent may be withdrawn at any time).
9.2 In order to exercise these rights, please contact [email protected]. The application shall be responded to within a maximum of 30 calendar days.
10. Additional Provisions
10.1 With explicit consent, we may send newsletter and marketing offers. These messages may be opted out at any time. Please note that email marketing messages, if used, include an opt-out mechanism within the message itself (e.g. an unsubscribe link in the messages we send). Clicking on the link will opt out of further messages.
10.2 For any questions or concerns about our use of personal data, feel free to contact us at [email protected]. You may also lodge a complaint to the supervisory authority, the Estonian Data Protection Inspectorate, [email protected].
10.3 365Sentri has the right to change the conditions for processing personal data. In the event that there are substantial changes, 365Sentri will provide at least 1 (one) month’s notice in advance through the Platform before the substantial changes take effect.