There's no "detailed" description in the sense you mean it, because no such thing can even be defined. There are some heuristic methods in the scanning engine that may be too weak to trigger regular detections (or maybe not - but it's hard to say before the effect in the real world is seen, that's why they are there in the submitting mode) that do the submits, and even that possibly in random mode - meaning that the submit is often avoided simply to lower the load on the target servers. It is not possible to say what they will actually submit (if we knew what they're going to send, we wouldn't have to do it, right?)
So yes, sometimes a sensitive file might be submitted - but even if that happened, the information in these files is not used in any way (I mean the real content), because the important information for an AV is the "structure" of the file, abnormalities in the file format etc., certainly not the data. Most of the processing is done automatically, so most likely nobody is going to ever see the file at all - and even if somebody does, he/she is hardly going to open the file (if we're talking about documents). But sure, even though I can assure you that nobody is going to abuse your data in any way (should the unlikely even of their submit happen), it's about whether you trust the company or not.
[And yes, the same can be said e.g. about crash dumps submitted to Microsoft etc. - anything can be in the memory, including passwords, opened documents, ... but nobody is going to extract those.]
Anyway, I think it's quite likely that no Excel file has actually been submitted, the filename may have been used as a "carrier" for something else.
Tech, if you upload your setup.log on the FTP, somebody will take a look at it.