Privacy Protection

The safety and security of all processes involving the storage and handling of personal data is a top priority at Synerise.

Maintaining the privacy standards expected in this field is as mission-critical for us as it is for our clients.

We follow strict procedures and protocols to ensure that we act in accordance with all applicable regulations and good practices associated with personal data.

Blurred imageAnalytics presented on the computer screen

Regulations Compliance

Blurred imageFragment of programming code on the computer screen

We are fully committed to guaranteeing compliance with all regulations regarding data privacy and security. 

  • We have implemented changes related to GDPR, especially provisions related to the rights of the data subject (further on that topic below in the document).
  • We continuously make sure our staff that has access to our Partners' data and processes it is properly trained in handling that data and keeps it secure and confidential.
  • We work tirelessly to be up-to-date with any regulation changes and guarantee your data is secure and kept confidential.
  • We follow regulations imposed by GDPR, Privacy Shield and obligations they place on us and our Partners.
  • We continuously make investments into our security infrastructure and security audits.
  • We are committed to carrying out data impact assessments and audits where applicable.
  • We have made all required updates to relevant contractual terms.
  • We are committed to making data protection part of our daily routine.
  • We expect the same standard from the Vendors that we cooperate with.

Data Management and Portability Tools

  • Data Subject Rights

    Manage data subject rights through self-service for your end-users, web panel for your staff or backend for integration with your existing IT systems.

  • Consent management

    Enable opt-in, opt-out features, any kind of consents and agreements and the ability to enable and disable data collection ad-hoc.

  • Data Import / Export

    There are import and export features available to easily transfer data in or out of the platform.

  • Audit log

    Every single action related to your data is recorded and available through specific events on your end-user record, within the application audit log and system audit log.

  • Data retention

    Our platform enables the steering of data retention globally for the Profile and more granular to specific events depending on your specific business needs.

  • Approvals & Granular Permissions

    Synerise provides features that enable you to tailor most granular permissions around your data and approval system to enforce N+1 approvals on given actions within the platform.

  • Data Management

    You can gather data from any source, you can then configure in our platform visibility of that data, and also configure if specific data is supposed to be returned back through REST APis (through whitelists and blacklists.

  • Granular permission system

    Our tailor-made permissions system enables you to define granular permissions for both your Users and REST API-based integrations so that you can allow only what is required to support your business needs and not compromise security.

  • Data Integrity

    We have mechanisms built-in to take care of data integrity, starting with TL-based communications, JWT token-based authentication (Mobile SDK) & JWT token-based integrity checks (available within our Web aimed Javascript SDK), and also data whitelisting features.

Data Location & Hosting Options

Blurred imagePhisical storage of servers

All of our servers are located in Microsoft Azure within Europe and hold the following certifications:

 

ISO 27001:2013         ISO 27017:2015
ISO 27018:2014         ISO 20000-1:2011
ISO 22301: 2012        ISO 9001:2015
CSA STAR

 

Physical storage itself is encrypted and in addition to that drives due for replacement are securely utilized with methods that are NIST 800-88 compliant.

 

Azure Services have built-in multi-level mechanisms that ensure isolation of access to client resources - the Supervised Entity against unauthorized access by other users (including other "malicious" clients of the service). In addition, mechanisms are implemented notifying you of any attempt to access between client environments. Mechanisms are also used to safeguard the availability of resources for clients and to block excessive resource allocation. 

A description of the mechanisms used is available here >>>

 

This isolation is carried out at levels including:

  • Isolation of clients at the subscription level and authorization services.
  • Isolation of resources at the computational layer level (virtual machines, services).
  • Isolation at the network level and data storage accounts.
  • Isolation at the network level from the outside world (implicitly the internet).

Incident Management

Blurred imageIncident Management

Our incident resolution process follows industry best practices and aims to follow the regulations of GDPR and Privacy Shield.  
  
Whenever an incident involves your data, we follow our incident resolution process and work transparently with our clients without any unnecessary delays to resolve the incident in a timely fashion and meet any obligations imposed by contract or regulation.

Questions?

Feel free to write to us. We will gladly clarify all doubts regarding your data privacy protection.

Contact us