Privacy Policy – AVD Help Assist

This document explains how data is processed in the AVD Help Assist application and what rights users have. The application is an administrative tool for Azure Virtual Desktop (AVD) and, by design, does not process end-user personal data — it runs locally on the administrator’s side, using an authorized connection to Microsoft Azure.

1) Data Controller

The data controller within the meaning of the GDPR isData Sentinels "ITS Systemy Informatyczne - Rafał Studnicki" (the “Controller”). For privacy matters contact: rodo@datasentinels.pl.

2) Scope and Purpose of Processing

AVD Help Assist performs administrative operations on AVD hosts and sessions (e.g., listing active sessions, sending messages, signing users off). In typical use:

• session data (session ID, host name, app type, state) are fetched only in working memory while the app is running,
• the app does not write logs with personal data to disk,
• the app does not send any data to the vendor or third parties unless you explicitly configure otherwise in Azure.

3) Legal Basis

The legal basis is the Controller’s or the Customer’s legitimate interests(Art. 6(1)(f) GDPR) — ensuring secure and effective administration of Azure Virtual Desktop. If, under a contract, you entrust us with data for processing, we act as a processorunder Art. 28 GDPR.

4) Categories of Data

The application does not require and does not process end-user personal data. Technical environment identifiers may occur (e.g., subscription/tenant ID, host or pool names, session identifiers) which, by themselves, do not identify a natural person.

5) Data Sources

Data are retrieved from your Azure subscription via official Microsoft interfaces (SDK/REST API) after granting the application access (App Registration / Entra ID). Permissions are restricted according to the least privilege principle.

6) Retention Period

The application operates in a stateless manner — it does not archive obtained information. When you close the program, in-memory data are discarded.

7) Recipients and Transfers

We do not disclose data to third parties. Any processing in Azure is governed by Microsoft’s terms (Microsoft acts as a separate controller/processor toward you under your agreement with Microsoft). Data are not transferred outside the EEA unless your subscription configuration provides otherwise.

8) Data Subject Rights

• right of access, rectification, erasure, restriction, data portability, and objection,
• right to lodge a complaint with a supervisory authority if you believe processing violates GDPR.

9) Security

• communication with Azure uses encrypted protocols,
• the app’s Entra ID permissions are limited to the necessary minimum,
• we do not create copies of end-user data within the application.

10) Contact

For privacy matters, contact: rodo@datasentinels.pl.