Data Processing Agreement (DPA)
This Data Processing Agreement (“DPA”) describes how The Room Company GmbH (“the Processor”) processes personal data when providing the eMove software-as-a-service application to customers (“the Controller”) via the Microsoft Marketplace. eMove is a provider-hosted SaaS solution integrated into Microsoft 365 and Outlook, licensed per user and accessed using Microsoft Entra ID authentication.
1. Data Categories Processed
- eMove processes only the personal data strictly necessary to deliver the service. The following categories of personal data are processed:
Contact information, including the user’s email address and user name obtained from the Microsoft 365 profile.
Identifiers required for license management, including Microsoft Entra ID Tenant ID and User Object ID.
Technical and usage data, including IP address, browser type, timestamps, and diagnostic logs collected via Azure Application Insights.
Sensitive personal data is not processed. Passwords or authentication credentials are not stored by eMove, as authentication is handled exclusively through Microsoft Entra ID.
2. Purpose of Processing
Personal data is processed solely for the following purposes:
To verify that the user holds a valid, paid subscription purchased via the Microsoft Azure Marketplace.
To authenticate users securely using their existing Microsoft 365 credentials.
To deliver the service, including streaming the appropriate video content based on user configuration and settings.
To monitor application availability, ensure security, and perform debugging and error detection.
To verify that the user holds a valid, paid subscription purchased via the Microsoft Azure Marketplace.
To authenticate users securely using their existing Microsoft 365 credentials.
To deliver the service, including streaming the appropriate video content based on user configuration and settings.
To monitor application availability, ensure security, and perform debugging and error detection.
3. Azure Architecture and Data Storage
eMove is hosted on Microsoft Azure using a provider-hosted SaaS model.
The application is hosted using Azure App Service. License and subscription status data is stored in Azure SQL Database. Video content is hosted in Azure Blob Storage. User authentication is managed via Microsoft Entra ID.
All customer data is stored and processed exclusively within the Azure Switzerland North region.
The application is hosted using Azure App Service. License and subscription status data is stored in Azure SQL Database. Video content is hosted in Azure Blob Storage. User authentication is managed via Microsoft Entra ID.
All customer data is stored and processed exclusively within the Azure Switzerland North region.
4. Authentication Method
Authentication to eMove is performed using Single Sign-On (SSO) via Microsoft Entra ID using OpenID Connect.
Authentication tokens are session-based, transient, and validated directly against Microsoft servers. No passwords, credentials, or authentication secrets are stored within the eMove application.
Authentication tokens are session-based, transient, and validated directly against Microsoft servers. No passwords, credentials, or authentication secrets are stored within the eMove application.
5. Data Retention and Deletion
Personal data is retained for the duration of the active subscription.
Following subscription termination, user and license-related data is retained for a maximum of 90 days to allow for reactivation or administrative reconciliation, after which it is deleted.
System and diagnostic logs collected via Azure Application Insights are retained for 30 days and then automatically purged
Following subscription termination, user and license-related data is retained for a maximum of 90 days to allow for reactivation or administrative reconciliation, after which it is deleted.
System and diagnostic logs collected via Azure Application Insights are retained for 30 days and then automatically purged
6. Sub-processors
eMove uses Microsoft Corporation as its sole sub-processor for cloud infrastructure and identity services.
Microsoft provides Azure App Service, Azure SQL Database, Azure Blob Storage, and Microsoft Entra ID. These services are used for application hosting, database management, storage, and authentication.
All sub-processing takes place within the Azure Switzerland North region.
Microsoft provides Azure App Service, Azure SQL Database, Azure Blob Storage, and Microsoft Entra ID. These services are used for application hosting, database management, storage, and authentication.
All sub-processing takes place within the Azure Switzerland North region.
7. Security Measures
eMove implements appropriate technical and organisational measures to protect personal data.
All data stored in Azure SQL Database and Azure Blob Storage is encrypted at rest using AES-256 encryption provided by Azure Storage Service Encryption.
All data transmitted between users and the service is encrypted in transit using HTTPS and TLS.
Administrative access is restricted through Role-Based Access Control (RBAC) and protected using Multi-Factor Authentication (MFA).
All data stored in Azure SQL Database and Azure Blob Storage is encrypted at rest using AES-256 encryption provided by Azure Storage Service Encryption.
All data transmitted between users and the service is encrypted in transit using HTTPS and TLS.
Administrative access is restricted through Role-Based Access Control (RBAC) and protected using Multi-Factor Authentication (MFA).
8. International Data Transfers
Customer data is stored and processed exclusively within the selected Azure region in Switzerland. Personal data is not sold, shared, or transferred to third parties outside of Microsoft as the infrastructure provider. No international data transfers outside Switzerland occur.
9. Customer Deployment Model
eMove is provided as a provider-hosted software-as-a-service solution.
The application and database operate within the Processor’s Azure tenant. Customers access the service using their Microsoft 365 identity.
No software agents are installed on customer systems, and no customer infrastructure is required.
The application and database operate within the Processor’s Azure tenant. Customers access the service using their Microsoft 365 identity.
No software agents are installed on customer systems, and no customer infrastructure is required.
10. Data Breach Handling
eMove uses Azure Monitor and Microsoft Defender for Cloud to detect security incidents and anomalies.
In the event of a confirmed personal data breach, The Room Company GmbH will notify the customer’s designated administrative contact without undue delay and no later than 72 hours after becoming aware of the breach.
In the event of a confirmed personal data breach, The Room Company GmbH will notify the customer’s designated administrative contact without undue delay and no later than 72 hours after becoming aware of the breach.
11. Contact
For questions regarding this Data Processing Agreement or data protection matters, please contact:
The Room Company GmbH
Switzerland
Email: emove.support@theroomcompany.ch
The Room Company GmbH
Switzerland
Email: emove.support@theroomcompany.ch