Where customer data lives
| Component | Data stored | Where |
|---|---|---|
| AL extension | All HR records — employees, documents, family members, competencies, contracts, salary packages, leave journals, loans, installments, announcements, approvals, employee journal lines | Customer’s BC tenant database (Microsoft-managed for SaaS) |
| HR.API | One row per registered BC tenant in a Clients table: GUID, organisation name, BC tenant id, BC environment name, BC company name. No HR data. | Customer-managed SQL Server wherever the partner deploys the API |
| React control add-in | Transient state only — currently-loaded roster entries, dialog UI state | In-memory inside the BC web client iframe; cleared on page navigation |
Data classification
Every field added by this extension is annotated withDataClassification per Microsoft’s AppSource requirements:
| Classification | Used for |
|---|---|
CustomerContent | Employee records, documents, family members, competencies, contracts, payroll setup, salary packages, leave records, loan records, journal lines, announcements |
EndUserIdentifiableInformation | The Related User HAC field on the Employee table (links a BC user identity to an employee record) |
OrganizationIdentifiableInformation | Setup-level codes that identify the customer organisation (HR General Setup, EOS Config, Social Insurance Settings) |
AccountData | Bank-account fields on the employee record (bank name, branch, account number, IBAN, SWIFT) |
Personal data inventory
| Category | Where | Retention |
|---|---|---|
| Identity (name, DOB, nationality, religion) | Standard Employee + Employee HAC extension | Customer-controlled; BC retention applies |
| Contact (address, phone, email) | Standard Employee | Customer-controlled |
| Employment (dates, position, contract) | Standard Employee + Employee Contract HAC, Employee Position HAC | Customer-controlled |
| Family members | Employee Family Member HAC, Employee Family Member Doc HAC | Customer-controlled |
| Identification documents (as binary attachments) | Employee Documents HAC | Customer-controlled |
| Bank account | Standard Employee + extension fields | Customer-controlled |
| Compensation (salary package, allowances, deductions) | Employee Salary Package HAC, Salary Employee HAC | Customer-controlled |
| Leave history | Leave Journal HAC, Employee Leave HAC, Hourly Leave Journal HAC | Customer-controlled |
| Loan history | Employee Loan HAC, Employee Loan Installment HAC | Customer-controlled |
| Punch / attendance | Stored in BC via the API codeunits | Customer-controlled |
Subject access / right to erasure
Microsoft’s standard tooling for Business Central handles GDPR subject access and erasure across all extended tables — both standard BC fields and fields added by this extension. To erase a single employee: delete the BCEmployee record (standard BC behaviour), BC’s cascade rules remove dependent records in this extension’s HR tables, then confirm via the Data Subject Identification report (standard BC).
Outbound network traffic
| Source | Destination | Why | Payload |
|---|---|---|---|
| HR.API server | login.microsoftonline.com | OAuth 2.0 client credentials grant | Standard token request — no HR data |
| HR.API server | *.api.businesscentral.dynamics.com | Bound OData action calls | The HR fields the API was asked to read/write, in the call’s scope |
Telemetry
The extension does not emit custom telemetry. Standard BC telemetry (Application Insights, if configured by the tenant admin) captures normal page open / action invocation events with the AL object IDs, but no field-level HR data.Third-party services
| Service | Used by | What it sees |
|---|---|---|
| Microsoft Entra ID | HR.API | OAuth token issuance only |
| Microsoft Business Central OData | HR.API | The HR fields being queried, scoped per call |
| Syncfusion EJ2 | React control add-in | Renders entirely client-side inside the BC iframe. Does not call out to Syncfusion servers at runtime. |
What to tell customers’ privacy officers
“The HR extension is a Business Central app that stores all HR data inside the customer’s BC database (Microsoft Azure SQL for SaaS customers, in the customer’s region). An optional ASP.NET pass-through API is provided for mobile and portal scenarios; it stores only a routing record locally and proxies calls to BC under OAuth. No data leaves the customer’s deployment. There is no analytics, ad tracking, or third-party data sharing.”

