1. Controller and scope: This policy describes the processing of personal data carried out by Axians Business Management Solutions, 6-26 Bd national, 92250 La Garenne-Colombes, France, as part of the Axians Business Management Solutions applications and professional services distributed via Microsoft AppSource. It applies to personal data that we process in-house (e.g. data related to support, billing via the marketplace). The use of the application within the Microsoft environment is, for the customer’s business data, under the responsibility of the customer and technically operated by Microsoft. The applicable data protection rules are those of Regulation (EU) 2016/679 (GDPR) and the amended French law no. 7817 known as « Informatique et Libertés ». See in particular LIL Art. 1 and Title II which refer to the GDPR. 1
  2. Data processed by Axians Business Management Solutions
    Professional identity and contact data transmitted during support or commercial exchanges requests (name, position, email, telephone, company).
    Contract and billing data relating to subscription/acquisition via the marketplace.
    Technical logs limited to support, if you voluntarily provide them to us. Axians Business Management Solutions does not access the customer’s business data processed in Business Central by the application; this data remains in the customer’s Microsoft environment.
  3. Purposes and legal bases
    To provide support and respond to requests: performance of the contract or pre-contractual measures (GDPR Art. 6(1)(b)).
    Manage the Axians Business Management Customer Solutions relationship, invoicing and compliance: contract performance and legal obligations (Art. 6(1)(b) and 6(1)(c)).
    Improving the application and ensuring its security: legitimate interest (Art. 6(1)(f)) in compliance with the principles of the GDPR and the LIL Title II. 2
  4. Recipients and transfers
    Data may be shared with:
    Microsoft for marketplace and Business Central ecosystem-specific processes (as they are conditioned)
    Our strictly necessary service providers (support, invoicing)
    The competent authorities if required by law. Where applicable, transfers outside the EU are regulated in accordance with the GDPR (Chapter V). General reference to the GDPR via the LIL, Art. 2 and Art. 43. 3
  5. Retention periods
    Support and commercial relationship: during the contractual relationship and then the applicable legal prescription.
    Invoicing: according to legal obligations. Technical logs transmitted for support purposes are deleted after processing, unless otherwise required by law.
  6. Security: Axians Business Management Solutions implements appropriate organizational and technical measures to protect data in accordance with the principles of GDPR/LIL. 4
  7. Your rights: You have the rights of access, rectification, erasure, limitation, opposition and, where applicable, portability, in accordance with the GDPR and the French Data Protection Act. You can also lodge a complaint with the competent supervisory authority (in France, the CNIL). These rights are exercised in accordance with the principles set out in the Act (art. 1; Title II). 5
  8. Data processed by Microsoft and by the customer: For the customer’s business data handled by the application in Business Central, the customer remains responsible for the processing and Microsoft operates the corresponding SaaS infrastructure. How this data is processed, secured, retained, and transferred is governed by Microsoft’s agreements and policies.
  9. Contact and DPO: For any requests relating to data protection or the exercise of your rights, please contact dpo.france@vinci-energies.com. You can contact him or her at the same address specifying « For the attention of the DPO ».
  10. Changes: We may update this policy to reflect legal or functional changes. The date of the last update is below.
    Last updated: March 09, 2026.