GDPR Fusion Information

Introduction to this document

This document provides a detailed overview of the data management practices and access protocols implemented by the Fusion solution in compliance with the General Data Protection Regulation (GDPR). The Fusion solution is designed to integrate seamlessly with Cloud UC application, like for example Microsoft Teams, managing and storing information to ensure optimal functionality and security.

The document addresses the retention and deletion policies for data stored within the Fusion solution, emphasizing the importance of data minimization and timely deletion of unnecessary information. The procedures for handling Call Detail Records (CDRs) are also explained, highlighting the limited retention period and the purpose of storing such records strictly for troubleshooting purposes.

By adhering to these practices, the Fusion solution ensures compliance with GDPR requirements while maintaining the integrity and security of the data it processes. This document serves as a comprehensive guide for understanding the data management, access controls, and security measures implemented by Fusion in the context of its integration with those Cloud UC applications.

Fusion for MS Teams

The Fusion for MS Teams outlines the specific types of information stored in the Fusion database, including tenant details, user and resource account data, and configuration for PSTN usages and voice routing policies. It also details the access permissions and roles required for interacting with Microsoft Teams and Azure Active Directory (Azure AD), ensuring that only necessary information is accessed and managed in a secure manner.

Data Stored in the Fusion Solution

Microsoft Tenant Information Stored in Database

The Fusion solution stores information pertaining to Microsoft tenants in its database. This information is essential for the proper integration and functioning of the Fusion solution within the Microsoft Teams environment. The primary components of Microsoft Tenant Information stored are as follows:

Domain

• Description: The domain represents the unique namespace under which the tenant's services and resources are organized. This domain is used to identify the specific Microsoft tenant within the Fusion solution.
• Example: i99q2qwb3a.test.fusion.netaxis.cloud
• Purpose: The domain is utilized to ensure that all interactions and data management tasks are correctly associated with the appropriate tenant. This aids in maintaining a clear and organized structure within the Fusion solution, allowing for efficient data retrieval and management.

Tenant UUID

• Description: The Tenant UUID (Universally Unique Identifier) is a globally unique identifier assigned to each Microsoft tenant. This UUID ensures that each tenant can be distinctly identified without ambiguity.
• Example: a23da760-32ca-fab3-86e7-099067b8dcca
• Purpose: The Tenant UUID is crucial for maintaining the integrity of tenant-specific data within the Fusion solution. It ensures that data belonging to different tenants does not get mixed up, facilitating accurate tracking and management of tenant-specific configurations, policies, and user data.

These pieces of information are important for the operation of the Fusion solution, enabling it to interact with and manage Microsoft tenants effectively. By storing the domain and Tenant UUID, the Fusion solution can uniquely identify and associate data with the correct tenant, ensuring seamless integration and operational efficiency.

User or Resource Account Information

The Fusion solution stores detailed information about each user and resource account associated with the Microsoft tenant. This information is needed for managing user identities, access permissions, and resource allocations within the Fusion solution. The key components of user or resource account information stored are as follows:

UUID (Universally Unique Identifier)

• Description: The UUID is a unique identifier assigned to each user or resource account. This identifier ensures that every user and resource account can be distinctly recognized within the Fusion solution.
• Example: 3a41ab84-3cc5-4a36-2bb5-3421cec92372
• Purpose: The UUID is essential for maintaining the uniqueness and integrity of each account. It prevents duplication and ensures that all data and actions associated with a user or resource account are accurately tracked and managed. The UUID facilitates seamless integration with Microsoft Teams and Azure Active Directory (Azure AD), ensuring that the Fusion solution can precisely identify and interact with each account.

Assigned Number

• Description: The assigned number is a unique number allocated to each user or resource account within the Fusion solution. This number is used as an additional identifier to facilitate easy reference and management.
• Purpose: The assigned number serves as a quick reference point for administrators and the Fusion system to identify and manage accounts efficiently. It complements the UUID by providing an alternative, potentially more human-readable identifier for accounts, aiding in administrative tasks and troubleshooting.

By storing both the UUID and the assigned number for each user and resource account, the Fusion solution ensures robust account management capabilities. This dual identification system enhances the accuracy of user and resource tracking, supports the execution of account-specific operations, and facilitates efficient data management processes.

Group Information (Selected Groups Only)

The Fusion solution stores detailed information about selected groups within the Microsoft tenant. This information is for managing group identities, access controls, and collaboration settings within the Fusion environment. The primary components of group information stored are as follows:

UUID (Universally Unique Identifier)

• Description: The UUID is a unique identifier assigned to each group within the Microsoft tenant. This identifier ensures that each group can be distinctly recognized and managed within the Fusion solution.
• Example: 6d6f07df-0a1a-48ba-9f51-30090891b040
• Purpose: The UUID is essential for maintaining the uniqueness and integrity of each group. It ensures that all data and actions associated with a group are accurately tracked and managed. The UUID facilitates seamless integration with Microsoft Teams and Azure Active Directory (Azure AD), allowing the Fusion solution to precisely identify and interact with each group. This unique identifier prevents duplication and ensures that group-specific configurations, policies, and memberships are correctly associated with the intended group.

Display Name

• Description: The display name is a human-readable name assigned to each group. This name is used to identify the group within the Fusion solution and across integrated systems.
• Example: All Company
• Purpose: The display name serves as an easily recognizable label for administrators and users to identify groups. It enhances the usability of the Fusion solution by providing a clear and intuitive reference for groups, facilitating efficient management and interaction. The display name helps in quickly identifying the purpose or role of the group within the organization, such as "All Company" for a group that includes all employees.

Importance of Storing Group Information

Storing both the UUID and display name for selected groups allows the Fusion solution to manage group-related data effectively. This dual identification system enhances the accuracy of group tracking, supports the execution of group-specific operations, and facilitates efficient data management processes.

Integration and Permissions Management

The detailed storage of group information is important for the following reasons:

1. Access Control: Groups often determine access permissions and roles within the organization. By storing group information, the Fusion solution can enforce access control policies accurately, ensuring that only authorized users have access to specific resources and functionalities.

2. Collaboration and Communication: Groups are essential for facilitating collaboration and communication within Microsoft Teams. The Fusion solution uses group information to manage membership, ensuring that messages and resources are shared with the correct set of users.

3. Policy Application: Different groups may have different policies applied to them, such as voice routing policies or PSTN usage policies. Storing group information allows the Fusion solution to apply these policies correctly, ensuring consistent and efficient operations.

Efficient Administration

For administrators, having both the UUID and display name makes it easier to manage groups, troubleshoot issues, and perform administrative tasks. The UUID ensures that operations are performed on the correct group without ambiguity, while the display name provides a clear and understandable reference.

PSTN Usages, Voice Routes, and Voice Routing Policies

The Fusion solution stores detailed information about Public Switched Telephone Network (PSTN) usages, voice routes, and voice routing policies. This information is essential for managing telephony settings and ensuring efficient call routing within the Microsoft Teams environment. The primary component of this information stored is the Display Name.

Display Name

• Description: The display name is a human-readable name assigned to each PSTN usage, voice route, and voice routing policy. This name is used to identify the specific telephony configurations within the Fusion solution.
• Example: Examples of display names could include "Corporate PSTN Usage," "International Voice Route," or "Default Voice Routing Policy."
• Purpose: The display name serves as an easily recognizable label for administrators to identify and manage telephony settings. It enhances the usability of the Fusion solution by providing clear and intuitive references for various telephony configurations, facilitating efficient management and troubleshooting.

Importance of Storing PSTN Usages, Voice Routes, and Voice Routing Policies

Storing the display name for each PSTN usage, voice route, and voice routing policy allows the Fusion solution to manage telephony-related data effectively. This approach ensures that telephony settings are accurately applied and managed, supporting efficient call routing and telephony operations within the Microsoft Teams environment.

Key Functions and Benefits

1. Efficient Call Routing: Display names for voice routes and voice routing policies help administrators understand and manage the paths that calls take through the telephony system. This ensures that calls are routed efficiently and according to the organization's policies.

2. Policy Management: Display names for voice routing policies help in identifying the specific rules and configurations applied to voice traffic within the organization. This includes managing how calls are handled, routed, and prioritized based on the policy settings.

3. Simplified Administration: For administrators, having descriptive display names makes it easier to manage and configure telephony settings. It allows for quick identification of PSTN usages and routes, simplifying the process of updating or troubleshooting telephony configurations.

4. Consistency and Clarity: Using display names ensures consistency in how telephony settings are referred to across the Fusion solution and integrated systems. This clarity is crucial for maintaining an organized and efficient telephony management system.

Integration with Microsoft Teams

The storage of display names for PSTN usages, voice routes, and voice routing policies is crucial for seamless integration with Microsoft Teams. It ensures that telephony settings are correctly applied and managed within the Teams environment, supporting effective communication and collaboration.

1. PSTN Usages: Display names for PSTN usages help in identifying the specific telephony services and capabilities assigned to users or groups. This includes managing access to external calling features and services.

2. Voice Routes: Display names for voice routes help in defining the paths that voice traffic takes through the telephony network. This is essential for optimizing call quality and ensuring efficient use of telephony resources.

3. Voice Routing Policies: Display names for voice routing policies help in applying specific rules and configurations to voice traffic, ensuring that calls are handled according to organizational policies and priorities.

Dummy User Information Generated by Fusion

The Fusion solution generates and manages dummy user information as part of its integration and operational processes. This dummy user is created to facilitate specific administrative tasks and interactions with Microsoft Teams and Azure Active Directory (Azure AD). The key components of this dummy user information include the User Principal Name (UPN) and the password in hashed format.

UPN (User Principal Name)

• Description: The User Principal Name (UPN) is an identifier for the dummy user that resembles an email address. It is used to uniquely identify the dummy user within the Fusion solution and across integrated systems.
• Example: netaxis.fusion_ALdcR@i99q2qwb3a.test.fusion.netaxis.cloud
• Purpose: The UPN serves as the primary identifier for the dummy user. It is used for logging in and performing administrative tasks that require user authentication. The UPN format ensures compatibility with Microsoft authentication systems, allowing the dummy user to interact seamlessly with Microsoft Teams and Azure AD.

Password (Hashed)

• Description: The password for the dummy user is stored in a hashed format to ensure security. Hashing converts the password into a fixed-length string of characters, which is not reversible, providing a secure way to store passwords.
• Example: 76492d1116743f0423413b1…kAYgAyADgAMQBjAGNwAxADkA=
• Purpose: Storing the password in hashed format enhances security by protecting the actual password from being exposed. Even if the hashed password is accessed, it cannot be easily converted back to the original password. This practice aligns with security best practices and helps in safeguarding user credentials.

Importance of Dummy User Information

The creation and management of dummy user information are crucial for the operational efficiency of the Fusion solution. This approach ensures that necessary administrative tasks can be performed without compromising security or violating best practices in user management.

Key Functions and Benefits

1. Administrative Tasks: The dummy user is used for specific administrative operations that require user authentication. This includes tasks related to the integration and management of resource accounts, which cannot be performed using application authentication alone due to limitations in Microsoft’s current support for certain PowerShell cmdlets.

2. Temporary Authentication: The dummy user provides a temporary authentication method during the onboarding process. This method is essential for performing initial checks and configurations on the integrated tenant, ensuring that the Fusion solution is correctly set up and operational.

3. Security and Compliance: By using a dummy user with a hashed password, the Fusion solution adheres to security best practices, ensuring that sensitive information is protected. This approach helps in maintaining compliance with security policies and standards, including those required by GDPR.

Integration with Microsoft Teams and Azure AD

The dummy user plays a pivotal role in the integration of the Fusion solution with Microsoft Teams and Azure AD. This role includes:

1. Resource Account Management: The dummy user is used to interact with resource accounts, performing operations such as creating, setting, and syncing application instances. This is necessary because certain cmdlets (e.g., Get-CsOnlineApplicationInstance, Set-CsOnlineApplicationInstance) are not supported for application-based authentication.

2. Configuration Checks: During the onboarding process, the dummy user is used to verify configurations and ensure that the integration between the Fusion solution and the Microsoft tenant is set up correctly. This involves checking domain configurations, role assignments, and other critical settings.

3. Operational Continuity: The dummy user ensures that essential administrative functions can continue without interruption, even when certain authentication methods are temporarily unavailable or unsupported.

Data Retention and Deletion Policy

The Fusion solution follows strict data retention and deletion policies to ensure compliance with data protection regulations such as the General Data Protection Regulation (GDPR). These policies are designed to minimize data storage to only what is necessary for the solution's operation and to ensure timely deletion of data when it is no longer required. The key aspects of this policy include:

Minimum Necessary Information Storage

• Principle: The Fusion solution adheres to the principle of data minimization, which means only storing the information that is absolutely necessary for the correct functioning of the solution.
• Purpose: This approach reduces the risk of data breaches and ensures compliance with GDPR by limiting the amount of personal data stored. It also enhances the efficiency of data management and processing.
• Implementation: Before any data is stored, it is evaluated to determine whether it is essential for operational purposes. Non-essential data is either not collected or immediately discarded.

Duration-Based Data Retention

• Principle: All information stored in the Fusion database is retained only for the necessary duration, which is determined based on the operational requirements and legal obligations.
• Purpose: Retaining data only for the required duration helps in reducing storage costs, minimizing security risks, and complying with data protection regulations. It ensures that outdated or unnecessary data is not kept longer than needed.
• Implementation: The Fusion solution employs automated mechanisms to track the age of stored data. Data retention policies are enforced through scheduled checks and automated deletion processes, ensuring data is purged once it is no longer needed.

Deletion of Data on Entity Removal

• Principle: When a Microsoft entity (such as a user, group, or resource account) is deleted from the Microsoft portal, all related information stored in the Fusion database is also deleted.
• Purpose: This practice ensures that data associated with deactivated or removed entities is not retained unnecessarily, thus maintaining the relevance and accuracy of the stored data. It also enhances compliance with GDPR requirements for timely deletion of personal data.
• Implementation: The Fusion solution is integrated with the Microsoft portal to receive notifications or updates when an entity is deleted. Upon receiving such a notification, the Fusion solution automatically triggers the deletion of all related data from its database. This process is designed to be swift and comprehensive, ensuring no residual data is left behind.

Key Benefits and Impact

1. Enhanced Data Security: By storing only necessary information and deleting data promptly when it is no longer needed, the Fusion solution minimizes the risk of unauthorized access and data breaches.

2. Regulatory Compliance: Adhering to strict data retention and deletion policies helps the Fusion solution comply with GDPR and other data protection regulations. This compliance is crucial for avoiding legal penalties and maintaining user trust.

3. Operational Efficiency: Efficient data management practices reduce the burden on storage systems and improve the performance of the Fusion solution. It ensures that only relevant and up-to-date information is processed, enhancing overall system efficiency.

4. User Trust and Transparency: Clear and enforced data retention and deletion policies build user trust by demonstrating the Fusion solution’s commitment to protecting personal data and maintaining transparency in data management practices.

Detailed Processes

Data Retention Mechanisms

• Automated Tracking: Each piece of data is tagged with metadata indicating its creation date and retention duration.
• Scheduled Audits: Regular audits are conducted to identify data that has reached the end of its retention period.
• Automated Deletion: Once data is identified as no longer necessary, automated processes ensure its secure deletion from the database.

Data Deletion Triggers

• Entity Deletion Notifications: Integration with the Microsoft portal ensures that the Fusion solution is immediately notified when an entity is deleted.
• Deletion Workflows: Upon receiving a deletion notification, predefined workflows are executed to remove all related data from the Fusion database.
• Confirmation and Logging: Each deletion process is logged and monitored to ensure completeness and compliance with policies. Confirmation mechanisms verify that data has been successfully deleted.

Call Detail Records (CDRs)

Call Detail Records (CDRs) are a critical component of the Fusion solution's telephony management system. They provide detailed information about each call processed through the system, which is essential for troubleshooting and ensuring the smooth operation of voice services. The Fusion solution handles CDRs with strict adherence to data retention policies and privacy standards.

Retention Period: 2 Months

• Description: The retention period for CDRs within the Fusion solution is set to two months. This means that all call detail records are stored for a maximum of 60 days before being automatically deleted.
• Purpose: The two-month retention period strikes a balance between retaining sufficient data for effective troubleshooting and minimizing data storage to reduce security risks and comply with data protection regulations.

Fields Included in CDR

The CDRs stored by the Fusion solution include a range of fields that capture essential details about each call. These fields are:

• Setup Time: The timestamp indicating when the call setup process began.
• Connect Time: The timestamp indicating when the call was successfully connected.
• Disconnect Time: The timestamp indicating when the call was terminated.
• Status Code: A code that represents the status or outcome of the call (e.g., success, failure, busy).
• Call ID: A unique identifier assigned to each call for tracking and reference purposes.
• From: The phone number or identifier of the calling party.
• To: The phone number or identifier of the called party.
• Calling: Additional details about the calling party, such as their name or user ID.
• Called: Additional details about the called party, such as their name or user ID.
• Request URI: The Uniform Resource Identifier used to initiate the call request.
• Request Username: The username associated with the request initiating the call.

Purpose of CDRs

• Troubleshooting: CDRs are primarily stored for troubleshooting purposes. They provide detailed logs of each call, enabling administrators to diagnose and resolve issues related to call connectivity, quality, and routing. By analyzing CDRs, administrators can identify patterns, detect anomalies, and implement solutions to improve the overall performance and reliability of the telephony system.
• Performance Monitoring: CDRs help in monitoring the performance of the telephony system by tracking metrics such as call setup time, connection duration, and call success rates. This information is valuable for ensuring that the system meets performance standards and service level agreements (SLAs).
• Operational Insights: CDRs provide insights into usage patterns and call volumes, helping organizations to optimize their telephony resources and plan for future capacity needs.

Privacy and Data Protection

• No Call Content Recording: The Fusion solution strictly ensures that the content of calls is never recorded or stored. This policy aligns with privacy regulations and ensures that sensitive communication remains confidential.
• Secure Storage: CDRs are stored securely within the Fusion database, with access controls in place to protect against unauthorized access. Encryption and other security measures are employed to safeguard the integrity and confidentiality of the stored data.
• Automated Deletion: At the end of the two-month retention period, CDRs are automatically deleted from the system. This automated process ensures compliance with data retention policies and minimizes the risk of retaining outdated or unnecessary data.

Information Accessed by the Fusion Solution

Microsoft Tenant Information (Read-Only)

The Fusion solution accesses certain Microsoft Tenant Information in a read-only mode to facilitate its operations. This ensures that the necessary data is available for integration and management purposes while maintaining data integrity and security. The read-only access applies to several key elements within the Microsoft Tenant, including Groups, Users, and Resource Accounts.

Groups

• UUID: The Universally Unique Identifier for each group, ensuring unique identification and facilitating precise management of group-related data.
• Display Name: The human-readable name of the group, used for easy identification and reference within the Fusion solution.

User

• Display Name: The name of the user, used to identify the user within the system.
• Country: The country associated with the user, providing location-specific details that may be relevant for regional settings or compliance.
• Licenses: Information about the licenses assigned to the user, indicating what Microsoft services and features the user has access to.

Groups (Voice Routing Policy)

• Voice Routing Policy: The policies applied to groups that dictate how voice calls are routed, ensuring that calls follow the specified paths and rules.

Resource Account

• Display Name: The name assigned to the resource account, making it easy to identify and manage.
• Country: The country associated with the resource account, which can affect regional settings and compliance requirements.
• Type: The type of resource account, specifying its role and function within the Microsoft Tenant.
• Licenses: Information about the licenses assigned to the resource account, indicating the services and features available to it.
• Voice Routing Policy: The voice routing policies applied to the resource account, managing how calls are directed and handled for that account.

Roles and Permissions of Fusion on MS Teams

The Fusion solution operates within Microsoft Teams with specific roles and permissions tailored to facilitate seamless integration and efficient management of resources. These roles are essential for ensuring secure access and effective administration of Microsoft services.

Authentication Methods

1. Username/Password Authentication:

   • This method serves as a temporary authentication mechanism used exclusively for interacting with Resource Accounts.
   • During the onboarding process, a dummy user is created to conduct necessary checks and interactions with the integrated tenant.
   • It is employed because certain PowerShell cmdlets crucial for managing Resource Accounts lack support for application authentication.

2. Application Authentication:

   • As the primary authentication method against Microsoft services, application authentication is intended to become the sole authentication method once issues with Resource Accounts are resolved.
   • The dummy user utilized for Resource Account interactions holds the roles of Teams Administrator and User Administrator, ensuring adequate permissions for administrative tasks.

Minimum Scopes Required by Onboarding Script

To successfully execute the onboarding process, the Fusion solution requires specific scopes to manage applications and perform role assignments effectively:

• Application.ReadWrite.All: Essential for creating and managing the application within the Microsoft ecosystem.
• AppRoleAssignment.ReadWrite.All: Used to assign roles to applications, ensuring appropriate access and permissions.
• RoleManagement.ReadWrite.Directory: Enables role assignments within the directory, crucial for managing user roles effectively.

Roles Required by Integrated Application

For the integrated application to operate seamlessly within Microsoft Teams and Azure Active Directory (Azure AD), it requires comprehensive roles to manage various aspects of the organizational environment:

• Domain.ReadWrite.All: Utilized during onboarding to manage domain settings, ensuring proper configuration and integration.
• Application.ReadWrite.All: Provides permissions to manage the application itself, including configurations and updates.
• Directory.ReadWrite.All: Enables management of users and groups within Azure AD, ensuring accurate user provisioning and group management.
• Organization.ReadWrite.All: Facilitates management of organizational details, crucial for overseeing tenant-specific configurations and settings.
• User.ReadWrite.All: Enables comprehensive management of user accounts, ensuring efficient user provisioning, updates, and deprovisioning.
• Sites.ReadWrite.All: Provides permissions to manage items across all site collections, essential for site administration and content management.
• EntitlementManagement.ReadWrite.All: Used for assigning roles and entitlements to users, ensuring proper access controls and permissions management.
• RoleManagement.ReadWrite.Directory: Enables management of directory roles, crucial for assigning and modifying roles within Azure AD, ensuring appropriate access levels.