Version 5 - April 8, 2021
The panagenda group is made up of the following entities:
Contact details for the Data Protection Officer can be found in the “Contact Us” section at the end of this document.
General contact details for all entities can be found on our website: https://www.panagenda.com/imprint
The main function of OE EPM is to collect and analyze technical and usage information from a variety of devices and cloud services. As such, we collect a large range of data. To protect your privacy, we split this data into two parts that get processed and stored separately.
Core Data is anonymized telemetry data. Core Data contains no Personally Identifiable Information (PII) of any kind.
Privileged Data has the potential to contain information that may be covered by privacy laws or company policies. As a result, all Privileged Data is isolated and stored in customer specific data structures.
The following information can be collected, depending on chosen settings:
These are collected to assist with reporting in user interfaces. For example, this would allow your help desk to identify data about a specific user. This is a cloud-only function, the agent never has access to this information.
These are categorized into public and internal/private. They can be used to identify where people are, for example if you know the address ranges of your office locations. For each, you can choose to store the original or replace it with a cryptographic hash.
The host names of users’ devices, to assist with help desk activities.
For identifying issues with networks and performance. This includes data like the SSID.
Metadata about the usage of MS Teams for your analytics, reporting, and help desk.
Used for analytics, reporting, and help desk activities. This data can be stored at the most accurate level, or get replaced with a circular reference approximating the location to about 160 km.
There are two main sources of information: The agent that you install on your users’ devices which then uploads information to us, and your Microsoft cloud services from which we pull information. Data from both is transmitted to and stored in our cloud services and is encrypted in transit and at rest.
Core Data (anonymized, no personally identifiable information) and Privileged Data (personally identifiable information) are stored separately, and Privileged Data can only be accessed by the accounts of your employees that you authorize to do so.
We use or access your data to:
The jurisdiction can be chosen by you. Currently the choices are:
Upon collection, data is transferred to the chosen location and stored there. Both Core Data and Privileged Data will remain in the chosen location unless a transfer to a different location is requested by you.
For any transfer of data across jurisdictions we implement appropriate solutions as required by law (e.g. standard contractual clauses, privacy shield in accordance with Article 5 GDPR).
First things first: Keeping your data safe is of paramount importance to us.
You trust us with very sensitive information. That’s why our service was built from the ground up with the safety of your data in mind:
While we are committed to take all reasonable steps to protect and secure your data, we will not be held responsible for events arising from external parties gaining unauthorized access.
Data is stored until it must be deleted in compliance with legal obligations.
Generally, we do not share your data with anyone, except for parties we are working with to provide this service, as outlined in the sections “Others Working for Us” and “Where We Transfer and Store Your Data” above.
This especially applies to Privileged Data.
However, Core Data may be used to draw insights, perform statistical analysis, and be aggregated to provide anonymized information to all our customers and to the public. Under no circumstance will information based on this data be traceable or identifiable as coming from your organization or a specific person at your organization.
Furthermore, we may be compelled to disclose your data (Core or Privileged):
Data subjects have the right to lodge a complaint with a supervisory authority, the right to request access to and rectification or erasure of personal data, restriction of processing or to object to processing, as well as the right to data portability.
Where processing is based on freely given consent (Article 6 (1)(a) GDPR), data subjects have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. With this notice we provide you with some general information regarding the processing of personal data in connection with our contractual relationship. Information about processing activities other than the ones associated with this service might be provided separately.
You have following specific rights when it comes to the processing of your personal data by us:
Please send us a written request to our Data Protection Officer (contact details can be found at the end of this document). We cannot accept verbal requests (via phone, chat) as we may not be able to deal with your identification. Therefore, your request should contain a detailed, accurate description of your data you want to access or corrected. In cases where we have a reasonable doubt about your person, we might ask to provide a copy of a document helping us verifying your identity (e.g. passport, please black out the information which are is not necessary thereof). We only use the information on your identification strictly for this purpose and the data will not be stored longer than needed.
If we make changes to this policy that materially reduce your rights or protections, we will send you an update notice via the contact information you have provided to us.
We welcome questions, requests, and comments regarding this policy or any information we collect. They should be addressed to our Data Protection Officer.
AT-1010 Vienna, Austria
Cell: +43 699 18 99 18 00