Skip to main content

Documentation Index

Fetch the complete documentation index at: https://human-resource-docs.ha-consultancy.com/llms.txt

Use this file to discover all available pages before exploring further.

This page summarises how customer data flows through BC Human Resource. It is written for AppSource reviewers, customer privacy officers, and partners answering DPIA / GDPR questionnaires.

Where customer data lives

ComponentData storedWhere
AL extensionAll HR records — employees, documents, family members, competencies, contracts, salary packages, leave journals, loans, installments, announcements, approvals, employee journal linesCustomer’s BC tenant database (Microsoft-managed for SaaS)
HR.APIOne row per registered BC tenant in a Clients table: GUID, organisation name, BC tenant id, BC environment name, BC company name. No HR data.Customer-managed SQL Server wherever the partner deploys the API
React control add-inTransient state only — currently-loaded roster entries, dialog UI stateIn-memory inside the BC web client iframe; cleared on page navigation
The extension does not transmit HR data out of the customer’s BC tenant. All cross-component traffic stays within the customer’s deployment footprint.

Data classification

Every field added by this extension is annotated with DataClassification per Microsoft’s AppSource requirements:
ClassificationUsed for
CustomerContentEmployee records, documents, family members, competencies, contracts, payroll setup, salary packages, leave records, loan records, journal lines, announcements
EndUserIdentifiableInformationThe Related User HAC field on the Employee table (links a BC user identity to an employee record)
OrganizationIdentifiableInformationSetup-level codes that identify the customer organisation (HR General Setup, EOS Config, Social Insurance Settings)
AccountDataBank-account fields on the employee record (bank name, branch, account number, IBAN, SWIFT)

Personal data inventory

CategoryWhereRetention
Identity (name, DOB, nationality, religion)Standard Employee + Employee HAC extensionCustomer-controlled; BC retention applies
Contact (address, phone, email)Standard EmployeeCustomer-controlled
Employment (dates, position, contract)Standard Employee + Employee Contract HAC, Employee Position HACCustomer-controlled
Family membersEmployee Family Member HAC, Employee Family Member Doc HACCustomer-controlled
Identification documents (as binary attachments)Employee Documents HACCustomer-controlled
Bank accountStandard Employee + extension fieldsCustomer-controlled
Compensation (salary package, allowances, deductions)Employee Salary Package HAC, Salary Employee HACCustomer-controlled
Leave historyLeave Journal HAC, Employee Leave HAC, Hourly Leave Journal HACCustomer-controlled
Loan historyEmployee Loan HAC, Employee Loan Installment HACCustomer-controlled
Punch / attendanceStored in BC via the API codeunitsCustomer-controlled

Subject access / right to erasure

Microsoft’s standard tooling for Business Central handles GDPR subject access and erasure across all extended tables — both standard BC fields and fields added by this extension. To erase a single employee: delete the BC Employee record (standard BC behaviour), BC’s cascade rules remove dependent records in this extension’s HR tables, then confirm via the Data Subject Identification report (standard BC).

Outbound network traffic

SourceDestinationWhyPayload
HR.API serverlogin.microsoftonline.comOAuth 2.0 client credentials grantStandard token request — no HR data
HR.API server*.api.businesscentral.dynamics.comBound OData action callsThe HR fields the API was asked to read/write, in the call’s scope
The React control add-in makes no outbound HTTP at runtime. The AL extension does not make outbound HTTP calls in the current shipped version.

Telemetry

The extension does not emit custom telemetry. Standard BC telemetry (Application Insights, if configured by the tenant admin) captures normal page open / action invocation events with the AL object IDs, but no field-level HR data.

Third-party services

ServiceUsed byWhat it sees
Microsoft Entra IDHR.APIOAuth token issuance only
Microsoft Business Central ODataHR.APIThe HR fields being queried, scoped per call
Syncfusion EJ2React control add-inRenders entirely client-side inside the BC iframe. Does not call out to Syncfusion servers at runtime.
No analytics, CDN, error-tracking or A/B-testing services are wired into any of the three components.

What to tell customers’ privacy officers

“The HR extension is a Business Central app that stores all HR data inside the customer’s BC database (Microsoft Azure SQL for SaaS customers, in the customer’s region). An optional ASP.NET pass-through API is provided for mobile and portal scenarios; it stores only a routing record locally and proxies calls to BC under OAuth. No data leaves the customer’s deployment. There is no analytics, ad tracking, or third-party data sharing.”