The safety and security of all processes involving the storage and handling of personal data is a top priority at Synerise.
We are fully committed to guaranteeing compliance with all regulations regarding data privacy and security.
Manage data subject rights through self-service for your end-users, web panel for your staff or backend for integration with your existing IT systems.
Enable opt-in, opt-out features, any kind of consents and agreements and the ability to enable and disable data collection ad-hoc.
There are import and export features available to easily transfer data in or out of the platform.
Every single action related to your data is recorded and available through specific events on your end-user record, within the application audit log and system audit log.
Our platform enables the steering of data retention globally for the Profile and more granular to specific events depending on your specific business needs.
Synerise provides features that enable you to tailor most granular permissions around your data and approval system to enforce N+1 approvals on given actions within the platform.
You can gather data from any source, you can then configure in our platform visibility of that data, and also configure if specific data is supposed to be returned back through REST APis (through whitelists and blacklists.
Our tailor-made permissions system enables you to define granular permissions for both your Users and REST API-based integrations so that you can allow only what is required to support your business needs and not compromise security.
All of our servers are located in Microsoft Azure within Europe and hold the following certifications:
ISO 27001:2013 ISO 27017:2015
ISO 27018:2014 ISO 20000-1:2011
ISO 22301: 2012 ISO 9001:2015
Physical storage itself is encrypted and in addition to that drives due for replacement are securely utilized with methods that are NIST 800-88 compliant.
Azure Services have built-in multi-level mechanisms that ensure isolation of access to client resources - the Supervised Entity against unauthorized access by other users (including other "malicious" clients of the service). In addition, mechanisms are implemented notifying you of any attempt to access between client environments. Mechanisms are also used to safeguard the availability of resources for clients and to block excessive resource allocation.
A description of the mechanisms used is available here >>>
This isolation is carried out at levels including:
Our incident resolution process follows industry best practices and aims to follow the regulations of GDPR and Privacy Shield.
Whenever an incident involves your data, we follow our incident resolution process and work transparently with our clients without any unnecessary delays to resolve the incident in a timely fashion and meet any obligations imposed by contract or regulation.