You can import and export solutions to and from Microsoft Dynamics 365 (online). When you do so, the solutions, which may contain personal information, are transferred over a secure connection between your computer and Microsoft servers. In turn, third-party code imported to Dynamics 365 (online) could eventually transmit Customer Data to an external system (i.e. InsideView) or configure/expand entities that get synchronized (i.e. exported) to other external systems that are controlled by a party other than Microsoft.
If a solution to be imported is meant to transmit Customer Data outside of the security boundaries of Dynamics 365 (online), Administrators are invited to verify the types of Customer Data that will be called by the service/software/application prior to uploading third-party code to their Dynamics 365 (online) instance.
Extraction of Customer Data by third party services/software/applications or solutions is controlled by the customer, not Microsoft. The final destiny and privacy policies applicable to the data points extracted by these external solutions are controlled by the Administrator; adequate review of the policies applicable by the third parties operating these services/software/apps is recommended.