Privacy Protection

The safety and security of all processes involving the storage and handling of personal data is a top priority at Synerise.

Maintaining the privacy standards expected in this field is as mission-critical for us as it is for our clients.

We follow strict procedures and protocols to ensure that we act in accordance with all applicable regulations and good practices associated with personal data.

Regulations Compliance

We are fully committed to guaranteeing compliance with all regulations regarding data privacy and security.
We have implemented changes related to GDPR, especially provisions related to the rights of the data subject (further on that topic below in the document).
We continuously make sure our staff that has access to our Partners' data and processes it is properly trained in handling that data and keeps it secure and confidential.
We work tirelessly to be up-to-date with any regulation changes and guarantee your data is secure and kept confidential.
We have made all required updates to relevant contractual terms.
iPhone mockup
We follow regulations imposed by GDPR, Privacy Shield and obligations they place on us and our Partners.
We continuously make investments into our security infrastructure and security audits.
We are committed to carrying out data impact assessments and audits where applicable.
We are committed to making data protection part of our daily routine.
We expect the same standard from the Vendors that we cooperate with.

Data Management and Portability Tools

Data Subject Rights

Manage data subject rights through self-service for your end-users, web panel for your staff or backend for integration with your existing IT systems.

Consent management

Enable opt-in, opt-out features, any kind of consents and agreements and the ability to enable and disable data collection ad-hoc.

Data Import / Export

There are import and export features available to easily transfer data in or out of the platform.

Audit log

Every single action related to your data is recorded and available through specific events on your end-user record, within the application audit log and system audit log.

Data retention

Our platform enables the steering of data retention globally for the Profile and more granular to specific events depending on your specific business needs.

Approvals & Granular Permissions

Synerise provides features that enable you to tailor most granular permissions around your data and approval system to enforce N+1 approvals on given actions within the platform.

Data Management

You can gather data from any source, you can then configure in our platform visibility of that data, and also configure if specific data is supposed to be returned back through REST APis (through whitelists and blacklists.

Granular permission system

Our tailor-made permissions system enables you to define granular permissions for both your Users and REST API-based integrations so that you can allow only what is required to support your business needs and not compromise security.

Data Integrity

We have mechanisms built-in to take care of data integrity, starting with TL-based communications, JWT token-based authentication (Mobile SDK) & JWT token-based integrity checks (available within our Web aimed Javascript SDK), and also data whitelisting features.

All of our servers are located in Microsoft Azure within Europe...

...and hold the following certifications:
ISO 20000-1:2011
ISO 22301: 2012
ISO 27001:2013
ISO 27018:2014
ISO 9001:2015
ISO 27017:2015
Credit card mockups

Data Location & Hosting Options

Physical storage itself is encrypted and in addition to that drives due for replacement are securely utilized with methods that are NIST 800-88 compliant

Azure Services have built-in multi-level mechanisms that ensure isolation of access to client resources - the Supervised Entity against unauthorized access by other users (including other "malicious" clients of the service). In addition, mechanisms are implemented notifying you of any attempt to access between client environments. Mechanisms are also used to safeguard the availability of resources for clients and to block excessive resource allocation. 

A description of the mechanisms used is available here >>>

Incident Management

Our incident resolution process follows industry best practices and aims to follow the regulations of GDPR and Privacy Shield.
Whenever an incident involves your data, we follow our incident resolution process and work transparently with our clients without any unnecessary delays to resolve the incident in a timely fashion and meet any obligations imposed by contract or regulation.
Dashboard mockup