Data protection and
privacy by design

Privacy by Design

Data protection is an integral part of MyDesk's architecture - not an afterthought. We follow the principles of Privacy by Design and Privacy by Default, which means we minimize data collection and ensure that personal data is only processed for specified, legitimate purposes.

Encryption

All data is encrypted in transit via TLS 1.2 or higher. Data at rest is encrypted via Azure Storage Service Encryption (SSE) with AES-256. Encryption keys are managed by Microsoft Azure Key Vault.

Data Processing Agreement (DPA)

MyDesk enters into a data processing agreement with all customers as standard. The agreement is designed in accordance with GDPR Article 28 and covers all aspects of data processing, including purpose, scope, security measures and sub-processors.

Data subject rights

MyDesk assists customers in fulfilling data subject rights, including:

• Right of access (access to your own data)
• Right to rectification (correction of incorrect data)
• Right to erasure ("right to be forgotten")
• Right to data portability
• Right to restriction of processing
• Right to object

Data minimization and retention limitation

MyDesk only collects the personal data necessary to provide the service. Data is automatically deleted in accordance with agreed retention periods. Customers can request deletion of data at any time.

Data processing within the EU/EEA

All personal data is processed and stored within the EU/EEA on Microsoft Azure infrastructure. No data is transferred to third countries without appropriate security measures.