1.Data Controller

The data controller for personal data processed in connection with BigApp is:

HubOne AS is responsible for determining the purposes and means of processing personal data in connection with BigApp. Your organisation (the customer) is the data controller for all business data processed within your Business Central tenant. HubOne AS acts as a data processor only to the limited extent described in this policy.

2.What Data We Process

BigApp operates entirely within your Microsoft Dynamics 365 Business Central environment (your tenant). HubOne AS does not collect, store or have access to your business data. The data categories below describe what BigApp processes within your tenant on your behalf.

Data categoryExamplesWhere processedEmployee dataName, employee number, time registrations, absence, rotation schedulesYour BC tenantCustomer / contact dataName, address, email, phone, organisation numberYour BC tenantProject and task dataProject names, responsible persons, deadlines, notesYour BC tenantService and equipment dataSerial numbers, service history, component data, ownership recordsYour BC tenantUsage telemetryAnonymised feature usage signals, error logsMicrosoft Azure (via Application Insights)

3.How Data is Processed

BigApp processes data for the following purposes:

  • Project management: Planning, tracking, and invoicing of projects and deliveries within your Business Central environment.

  • Time and attendance: Registration of working hours, absence, and rotation schedules for payroll and capacity management.

  • CRM and customer management: Managing leads, pipeline, contacts and customer communication.

  • Service and aftermarket: Tracking service history, components, and contracts for equipment and individuals.

  • Quality and compliance: Non-conformance reports, risk assessments, and measurement documentation.

  • Software improvement: Anonymised telemetry data is used to improve stability and functionality of BigApp.

4.Legal Basis for Processing (GDPR)

BigApp is a business-to-business (B2B) solution. Your organisation is the data controller for all business and employee data processed within your Business Central tenant. HubOne AS acts as data processor on your behalf for telemetry data only.

Processing activityLegal basisBusiness data in your BC tenantControlled by your organisation (GDPR Art. 6). HubOne AS has no access.Anonymised telemetryLegitimate interest – software improvement (GDPR Art. 6(1)(f))Contact data from sales inquiriesConsent or pre-contractual measures (GDPR Art. 6(1)(a/b))

5.Data Storage and Location

All business data processed by BigApp resides in your Microsoft Dynamics 365 Business Central tenant. This data is stored in Microsoft's data centres in accordance with your Microsoft agreement, typically within the EEA (European Economic Area) for European customers.

Anonymised telemetry data sent to Application Insights is stored in Microsoft Azure infrastructure. This data does not contain personally identifiable information and cannot be traced back to an individual.

HubOne AS does not operate its own servers or databases containing customer business data.

6.Data Sharing and Third Parties

HubOne AS does not sell, rent or share customer business data with any third parties. The following third-party services are used by BigApp:

ServiceProviderPurposeData typeApplication InsightsMicrosoft AzureTelemetry and error monitoringAnonymised usage dataGoogle Maps APIGoogle LLCAddress lookup (optional feature)Address strings (no personal data)ELMA / PeppolDifi / Norwegian agencye-Invoicing lookupOrganisation numbers onlyNorwegian Business Registry (Brreg)Brønnøysund Register CentreCompany lookupOrganisation numbers only

BigApp integrates with Microsoft Teams and SharePoint via your existing Microsoft 365 tenant. No data is transferred outside your tenant by these integrations.

7.Retention Periods

Business data stored within your Business Central tenant is retained according to your own organisation's data retention policies and any applicable legal requirements. HubOne AS does not control or influence this retention.

Anonymised telemetry data in Application Insights is retained for 90 days by default, after which it is automatically deleted by Microsoft Azure.

Contact data received through sales inquiries (e.g. contact form submissions) is retained for as long as necessary to fulfil the purpose of the inquiry or as required by applicable law, and no longer than 3 years without renewed consent.

8.Your Rights Under GDPR

If HubOne AS processes personal data about you (e.g. as a contact in connection with a sales inquiry), you have the following rights under the GDPR:

  • Right of access – You can request a copy of the personal data we hold about you.

  • Right to rectification – You can ask us to correct inaccurate data.

  • Right to erasure – You can ask us to delete your personal data where there is no compelling reason for its continued processing.

  • Right to restrict processing – You can ask us to limit how we use your data.

  • Right to data portability – You can ask for your data in a structured, machine-readable format.

  • Right to object – You can object to processing based on legitimate interests.

To exercise any of these rights, contact us at post@hubone.no. You also have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) at www.datatilsynet.no.

Note: For rights relating to data held within your Business Central tenant, you should contact your own organisation's data controller, as HubOne AS has no access to this data.

9.Security

BigApp is built on Microsoft's Business Central platform and inherits Microsoft's enterprise-grade security infrastructure, including Azure Active Directory authentication, role-based access control, and Microsoft's compliance certifications (ISO 27001, SOC 2, GDPR).

HubOne AS follows secure development practices and Microsoft's AppSource certification requirements, which include security reviews before publication. All BigApp updates go through Microsoft's automated and manual validation process before release.

10.Telemetry and Application Insights

BigApp uses Microsoft Azure Application Insights to collect anonymised telemetry signals for the purpose of monitoring software stability and improving functionality. This telemetry:

  • Does not contain personally identifiable information (names, email addresses, company-specific business data).

  • Is limited to feature usage signals, error codes and performance metrics.

  • Is transmitted securely to Microsoft Azure and retained for 90 days.

  • Is used solely by HubOne AS for product development and support purposes.

The Application Insights connection string referenced in app.json points to HubOne AS's own Azure resource and is used exclusively for BigApp telemetry.

11.Children's Privacy

BigApp is a business application intended exclusively for use by organisations and business professionals. It is not directed at or intended for use by children under the age of 16. HubOne AS does not knowingly collect personal data from children.

12.Changes to This Privacy Policy

HubOne AS may update this Privacy Policy from time to time. When we make material changes, we will update the version number and effective date at the top of this document. We encourage you to review this policy periodically. Continued use of BigApp following any changes constitutes acceptance of the updated policy.

The current version is always available at www.hubone.no and linked from BigApp's AppSource listing under Details + Support → Legal.

13.Contact

For questions, requests or complaints regarding this Privacy Policy or the processing of personal data by HubOne AS, please contact:

You also have the right to lodge a complaint with the supervisory authority in your country. In Norway, this is: