Privacy Policy

PRIVACY POLICY — DEXTERITY

Last updated: March 2026

1. Introduction

De BI Controller B.V. (“we”, “us”, or “our”) operates Dexterity (the “Services”), a Software-as-a-Service solution for replicating data from Microsoft Dynamics 365 Business Central to Azure SQL Database or Microsoft Fabric SQL Database.

We are committed to protecting your personal data and respecting your privacy in accordance with applicable laws, including the General Data Protection Regulation (GDPR) and other global privacy laws.

If you have questions, visit: https://www.debicontroller.nl/contact/

2. Scope of this Policy

This Privacy Policy applies to:

  • Use of Dexterity software and APIs
  • Customer relationships and support interactions
  • Our website and communications

“Customer” refers to business users of the Services.

3. Information We Collect

3.1 Information Provided by You

We may collect:

  • Name, email address, phone number
  • Company name, job title
  • Billing and contract information
  • Account credentials and authentication data
  • Support communications

3.2 Data Processed via the Service

Dexterity processes data from your Business Central environment, which may include:

  • Business data (financial, operational, transactional)
  • Potential personal data contained within your systems

We process this data strictly on your behalf.

3.3 Automatically Collected Data

We may collect:

  • IP address
  • Device and browser information
  • Usage and log data
  • API usage metrics
  • Error and diagnostic data

4. How We Use Your Information

We process personal data based on:

  • Contract performance (providing the Services)
  • Legitimate interests (security, improvements)
  • Legal obligations
  • Consent (where applicable)

We use data to:

  • Provide and operate Dexterity
  • Enable data replication and API functionality
  • Manage accounts and billing
  • Provide customer support
  • Improve performance and security
  • Communicate service updates
  • Comply with legal obligations

5. Data Sharing

We do not sell personal data.

We may share data with:

  • Cloud infrastructure providers (e.g., Microsoft Azure)
  • Sub-processors necessary to deliver the Services
  • Professional advisors (legal, financial)
  • Authorities where required by law

All processing is governed by appropriate agreements and safeguards.

6. International Data Transfers

Data may be processed in countries outside the European Economic Area (EEA).

Where applicable, we ensure safeguards such as:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions
  • Equivalent legal protections

7. Data Retention

We retain personal data:

  • For the duration of the customer relationship
  • As required to provide the Services
  • As required by law (e.g., tax, accounting)

After termination:

  • Data is retained for up to 30 days unless otherwise agreed
  • Then securely deleted or anonymized

8. Data Security

We implement appropriate technical and organizational measures, including:

  • Encryption in transit and at rest (where applicable)
  • Access controls
  • Monitoring and logging
  • Secure cloud infrastructure

However, no system is completely secure.

9. Customer Responsibilities

As a Customer, you are responsible for:

  • Ensuring lawful processing of your data
  • Providing necessary notices and consents
  • Configuring access controls within your systems
  • Compliance with GDPR and other laws

10. Cookies and Tracking

We may use cookies and similar technologies for:

  • Authentication
  • Analytics
  • Performance monitoring

You can control cookies through your browser settings.

11. Your Privacy Rights

Depending on your jurisdiction (e.g., EU/EEA, UK, US), you may have rights to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data
  • Restrict or object to processing
  • Data portability
  • Withdraw consent

To exercise your rights, visit: https://www.debicontroller.nl/contact/

You also have the right to lodge a complaint with a supervisory authority.

12. Data Subject Requests

We will:

  • Respond within legally required timeframes
  • Verify identity before processing requests
  • Retain minimal data necessary for compliance

Customers controlling the data (as controllers) are primarily responsible for responding to end-user requests.

13. Third-Party Services

Dexterity integrates with third-party platforms (e.g., Microsoft Azure, APIs).

We are not responsible for:

  • Third-party privacy practices
  • External systems outside our control

Customers should review third-party policies.

14. Children’s Privacy

Dexterity is a business product and is not intended for individuals under 18.

We do not knowingly collect data from minors.

15. Legal Disclosures

We may disclose data:

  • To comply with legal obligations
  • To enforce agreements
  • To protect rights, safety, or property

We will notify you where legally permitted.

16. Updates to this Policy

We may update this Privacy Policy from time to time.

Changes become effective:

  • Upon publication, or
  • Upon notification

We encourage periodic review.

17. Contact Information

For privacy-related inquiries:

De BI Controller B.V.
Visit: https://www.debicontroller.nl/contact/

18. Additional Regional Rights (Summary)

EU/EEA

  • Full GDPR rights apply
  • Right to lodge complaint with local authority

United States

  • Rights may include access, deletion, and opt-out (depending on state law)

We will comply with applicable laws based on your location.

19. Subprocessors

We may use subprocessors (e.g., cloud providers) to deliver the Services.

A list of subprocessors is available upon request.

20. Data Processing Role

For data processed through Dexterity:

  • Customer = Data Controller
  • Vendor = Data Processor

Processing is governed by a separate Data Processing Agreement (DPA).