EFFECTIVE DATE: 04-10-2024

Privacy Policy

At ServiceChanger.com, we are dedicated to safeguarding your privacy and treating your personal information with the utmost care and respect. This Privacy Policy details our commitments and your rights regarding your personal data, reflecting our strong commitment to data protection and transparency.

Information Collection, Use, and Sharing

What We Collect:

User Data from Azure Entra ID:We utilize the Microsoft Graph API to access user data from Azure Entra ID for managing access control within your enterprise environment. This data may include user names, job titles, company email addresses, and department information.
Service Usage Data:Information on how you use our services, including usage patterns and preferences.
Cookies and Similar Technologies:We collect data through cookies and similar technologies, capturing information such as IP addresses, browser types, and session details.

How We Use It:

Service Delivery:To provide role-based access control services in accordance with your enterprise's requirements.
Service Improvement:To analyze service quality and user experience with the aim of improving our offerings.
Communication:To keep administrators informed about their accounts, our services, and any updates to this policy.

Legal Basis for Processing

We process data based on the following legal grounds:

The processing is necessary for the performance of a contract to which our enterprise customer is a party.
Compliance with legal obligations.
The user's consent for specific processing activities.
Our legitimate interests, such as improving our services and ensuring their security.

Data Minimization

We access and process only the data necessary to provide and improve our services. The data collected via the Microsoft Graph API is limited to what is required to fulfill our role-based access control and other service functionalities.

Data Controller and Data Processor Roles

In most cases, the enterprise customer acts as the data controller, determining the purposes and means of processing user data. ServiceChanger.com acts as a data processor, processing data on behalf of the enterprise customer in accordance with their instructions and our contractual obligations.

User Rights and Data Protection

Your Rights:Under the GDPR and other applicable privacy laws, you have the right to:

Access the information held about them.
Request correction of inaccurate data.
Request deletion of their data under certain conditions.
Object to or restrict processing of their data.
Request data portability.

Exercising Your Rights:Since the enterprise customer typically acts as the data controller, individual users should first direct their requests to their organization's administrator. If we receive a request directly, we will forward it to the relevant enterprise customer for handling.

Data Security

We employ a variety of security measures to protect your data from unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption:Data transmitted between our servers and your browser is encrypted using Transport Layer Security (TLS).
Access Controls:We restrict access to your data to authorized personnel only.
Network Security:We utilize firewalls and other network security protocols to protect data from unauthorized access.
Regular Security Audits:Our security protocols and systems are subject to regular audits to ensure ongoing protection of your data.

Data Sharing and Transfers

We may share personal data with third-party service providers, including cloud hosting providers, payment processors, analytics services, and customer support tools, solely for the purpose of operating our services and conducting our business. Where personal data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, to protect the rights and freedoms of individuals.

Use of Microsoft Graph API:Our service integrates with the Microsoft Graph API to securely access and manage Azure Entra ID data. We comply with Microsoft's terms of service and privacy policies when using the Microsoft Graph API to ensure the security and privacy of the data we process.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. The retention period may vary depending on the nature of the data and the purpose for which it was collected. When we no longer need to process your personal data, we will securely delete or anonymize it.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our service and hold certain information. You have the option to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our service.

Policy Updates

We reserve the right to modify this Privacy Policy at any time. Any significant changes will be communicated to you via email or a prominent notice on our website. We encourage users to frequently check this page for any updates to stay informed about how we are protecting the personal information we collect. Your continued use of the website after any modifications to this Privacy Policy will constitute your acknowledgment of the changes and your consent to abide and be bound by the modified Privacy Policy.

The latest update to this Privacy Policy was made on: 04-10-2024

Contact Information

For any questions or concerns regarding this policy or our data practices, please contact us at:

[email protected]

Your trust is essential to us, and we strive to ensure your data is handled with the highest level of security and respect.