Privacy Policy

giant Computer Systems - Last updated: March 2026

Legal information · DSGVO / GDPR

Privacy Policy for the website and all Dynamics 365 Business Central apps by giant Computer Systems.

We take the protection of your personal data very seriously. This policy explains which data is collected, how it is processed, and what rights you have under the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

Summary

Our Dynamics 365 Business Central extensions do not collect, store, or transmit personal data to giant Computer Systems infrastructure. This website collects only minimal technical data (server logs) necessary for secure operation.

1. Controller (Verantwortlicher gem. Art. 4 Abs. 7 DSGVO)

The controller within the meaning of the GDPR and other applicable data protection laws is:

Marc Breuer
Am Altengraben 23
90768 Fürth
Germany
E-mail: marc.breuer@giant-online.de

2. Data Protection Officer

Under Art. 37 GDPR and § 38 BDSG, the appointment of a Data Protection Officer is not mandatory for our organisation. If you have questions about data protection, please contact us directly at marc.breuer@giant-online.de.

3. General Information on Data Processing

We process personal data only to the extent necessary for providing a functional website and our services. Personal data is collected and used regularly only with your consent or where processing is permitted by law.

Where we rely on consent as the legal basis (Art. 6 Abs. 1 lit. a DSGVO), you may withdraw your consent at any time with effect for the future.

Personal data will be deleted or blocked as soon as the purpose of storage ceases to apply, unless retention is required by European or national legislation (e.g. commercial or tax retention obligations under HGB or AO).

4. Provision of the Website – Server Log Files

When you visit our website, our web server automatically collects and stores information in server log files that your browser transmits to us. This includes:

  • IP address of the requesting device (anonymised where technically feasible)
  • Date and time of the request
  • URL and HTTP method of the request
  • HTTP status code of the server response
  • Volume of data transferred
  • Referring URL (the page from which the request originated)
  • Browser type, version, and operating system

Legal basis: Art. 6 Abs. 1 lit. f DSGVO (legitimate interest). The data is necessary for the stable and secure operation of the website.

Storage duration: Log files are deleted after 30 days unless they are needed for the investigation of security incidents.

This data is not combined with other data sources. No personal profiles are created from the log data.

5. Cookies

This website does not use cookies for tracking, analytics, or advertising purposes.

If technically necessary cookies (e.g. for session management) are used in the future, we will update this section accordingly and, where required, obtain your consent in compliance with § 25 TDDDG (formerly TTDSG).

6. SSL/TLS Encryption

This website uses SSL/TLS encryption for security reasons and to protect the transmission of data. You can recognise an encrypted connection by the “https://” prefix and the lock icon in your browser’s address bar.

When SSL/TLS encryption is activated, data you transmit to us cannot be read by third parties.

7. Contact by E-Mail

If you contact us by e-mail, we process the following personal data:

  • Your e-mail address
  • Your name (if provided)
  • The content of your message
  • Any attachments you send

Legal basis: Art. 6 Abs. 1 lit. b DSGVO (performance of a contract or pre-contractual measures) if your enquiry relates to our products; otherwise Art. 6 Abs. 1 lit. f DSGVO (legitimate interest in responding to your enquiry).

Storage duration: We store the data for as long as needed to process and respond to your enquiry. The data is deleted once the conversation is concluded and no further processing is necessary, unless legal retention periods apply (e.g. 6 years under § 257 HGB for commercial correspondence, 10 years under § 147 AO for tax-relevant documents).

We do not share your contact data with third parties.

8. Data Processing Within Our Business Central Apps

Our Dynamics 365 Business Central extensions operate exclusively within the customer’s own Microsoft Dynamics 365 Business Central environment. The following principles apply:

  • No data transmission: The apps do not send any data (personal or otherwise) to servers operated by giant Computer Systems or any third party.
  • No telemetry or analytics: The apps contain no analytics libraries, tracking pixels, or outbound telemetry calls.
  • No external API calls: The apps do not connect to external web services or APIs.
  • Tenant-local processing: All data processing occurs within the customer’s own Dynamics 365 Business Central tenant using standard Business Central APIs and data structures.
  • Permission-based access: All data access respects the Dynamics 365 Business Central permission model. Users only see data they are already authorised to access.

The apps may read standard Business Central entities such as purchase orders, sales orders, items, vendors, and customers solely to provide their intended functionality. This data remains within the customer’s environment at all times.

9. Data Controller for Business Central Environments

The customer is the data controller (Art. 4 No. 7 GDPR) for all personal data within their Dynamics 365 Business Central environment. Microsoft acts as data processor for the cloud infrastructure under the customer’s Microsoft Cloud Agreement / Data Processing Addendum.

giant Computer Systems does not act as a data processor for data within the customer’s Business Central environment because no data is transmitted to or accessible by giant Computer Systems.

Microsoft’s privacy statement for the underlying platform is available at privacy.microsoft.com.

10. Microsoft AppSource

Our apps are distributed through Microsoft AppSource. When you install an app from AppSource, Microsoft processes data in accordance with its own privacy terms. We have no access to data collected by Microsoft during the installation or billing process.

For information on Microsoft’s data processing, refer to the Microsoft Privacy Statement.

11. Legal Basis for Data Processing (Art. 6 DSGVO)

We process personal data only on the basis of one of the following legal grounds:

  • Art. 6 Abs. 1 lit. a DSGVO – Consent: Where you have given explicit consent to the processing of your personal data for a specific purpose.
  • Art. 6 Abs. 1 lit. b DSGVO – Contract performance: Where processing is necessary for the performance of a contract or pre-contractual measures.
  • Art. 6 Abs. 1 lit. c DSGVO – Legal obligation: Where processing is required to comply with a legal obligation (e.g. tax or commercial law retention requirements).
  • Art. 6 Abs. 1 lit. f DSGVO – Legitimate interest: Where processing is necessary for the purposes of our legitimate interests, provided that your interests or fundamental rights do not override those interests.

12. Your Rights as a Data Subject

Under the GDPR, you have the following rights with respect to your personal data:

  • Right of access (Art. 15 DSGVO): You have the right to request confirmation as to whether personal data concerning you is being processed and, if so, to obtain access to that data and further information.
  • Right to rectification (Art. 16 DSGVO): You have the right to request the correction of inaccurate personal data or the completion of incomplete data.
  • Right to erasure (Art. 17 DSGVO): You have the right to request the deletion of your personal data, provided that no legal retention obligation or other legitimate reason prevents deletion.
  • Right to restriction of processing (Art. 18 DSGVO): You have the right to request the restriction of processing under certain circumstances.
  • Right to data portability (Art. 20 DSGVO): You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transfer it to another controller.
  • Right to object (Art. 21 DSGVO): You have the right to object to the processing of your personal data based on Art. 6 Abs. 1 lit. f DSGVO at any time for reasons relating to your particular situation. We will then cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
  • Right to withdraw consent (Art. 7 Abs. 3 DSGVO): Where processing is based on consent, you may withdraw your consent at any time with effect for the future. The lawfulness of processing carried out before the withdrawal remains unaffected.

To exercise any of these rights, contact us at bc-support@giant-software.de.

13. Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement (Art. 77 DSGVO).

The supervisory authority responsible for giant Computer Systems is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach
Germany
Website: www.lda.bayern.de

A list of all German data protection supervisory authorities is available at www.bfdi.bund.de.

14. Data Retention

Personal data is stored only for as long as necessary to fulfil the purposes for which it was collected. After the purpose ceases, the data is routinely deleted unless statutory retention periods require longer storage. Key retention periods under German law include:

  • 6 years – Commercial correspondence (§ 257 HGB)
  • 10 years – Tax-relevant documents (§ 147 AO)

After expiration of the applicable retention period, the data is deleted unless there is a further lawful basis for continued storage.

15. No Obligation to Provide Personal Data

You are not legally or contractually required to provide personal data to us. However, if you choose not to provide certain data (e.g. your e-mail address when contacting us), we may not be able to respond to your enquiry or provide certain services.

16. Automated Decision-Making and Profiling

We do not use automated decision-making or profiling as defined in Art. 22 DSGVO.

17. Data Transfers to Third Countries

We do not transfer personal data to countries outside the European Economic Area (EEA) ourselves. Where the website is hosted by a provider that may process data in the EEA, any such processing is covered by appropriate safeguards (e.g. EU Standard Contractual Clauses or an adequacy decision by the European Commission).

When you interact with Microsoft AppSource or Dynamics 365 Business Central, Microsoft’s own data processing terms apply, including any third-country transfers described in Microsoft’s data protection documentation.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements, technical developments, or our services. The “Last updated” reference at the top of the page indicates the most recent revision. We recommend checking this page periodically.

See also the End User License Agreement.