The types of personal information we collect
We currently collect the following information:
- Azure Tenant Data: Unique Tenant IDs
- Azure Resource Data: Subscription Names and IDs, Resource Group Names and IDs, Log Analytics Workspace IDs
- Azure User Data: Object IDs, Display Names, User Principal Names, Email Addresses
- RoleSense Usage Data: Logs, IP addresses, device information
- RoleSense Application Data: Metada, configuration, and settings, role assignments & recommendations at time of reporting
- RoleSense Operational Data: Activity logs, billing and cost data, access logs
We currently process the following information in addition to the data shown above:
- Azure Tenant Data: User Count, Tenant Display Name
- Azure Resource Data: Subscription Details, Resource Group Details, Log Analytics Workspace Details, Activity Logs, Role Definitions
How we get the personal information and why we have it
All personal information that is processed and/or stored is provided via the Microsoft Graph API at your request in order to make use of RoleSense, all data that is processed and/or stored is used for the following purposes:
- Registration and User account management
- Billing and licence management
- Marketing-related communications
- Processing of user tenant data for reporting and analysis purposes
- Storage of data for viewing historical report suggestions
Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are
- Your consent. You are able to remove your consent at any time. You can do this by contacting support@rolesense.org
- We have a contractual obligation.
- We have a legitimate interest
How we store your personal information
- Your information is securely stored.
- We keep data for the lifetime of the account to ensure continued access to RoleSense and to view reports.
- If an account is deleted or such a request is received by the primary email associated with an account we will dispose of personally identifiable information within 4 weeks of taking receipt of said request.
Your data protection rights
Under data protection law, you have rights including:
- Your right of access - You have the right to ask us for copies of your personal information.
- Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
- Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
- Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.
- Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at support@rolesense.org if you wish to make a request.
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at support@rolesense.org
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICOs address:
Information Commissioners Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk