Privacy

How SYNTPHONY KNOWLEDGE SEARCH manages privacy?

  1. Do we take privacy into account in the development of SYNTPHONY KNOWLEDGE SEARCH?

In our technological development process, we integrate from the beginning the principles of privacy by design and comply with the applicable data protection regulations. This means that every stage of the conception, design and deployment of our solutions is carried out with privacy as a central element. We apply proactive measures to guarantee personal data protection, ensuring that our technologies not only comply with relevant legal and regulatory standards, such as the General Data Protection Regulation (GDPR), but also promote trust and security for our customers.

At NTT DATA, we help our clients fulfil current and future business needs by developing products and assets that work together to multiply business value. In doing so, we constantly track the global picture of privacy and align our technology to comply with data protection regulations, ensuring that our customers can operate with confidence and security in the personal data processing when they use our products.

  1. What does NTT DATA do to comply with privacy regulations?

The personal data protection is a NTT DATA priority. We ensure that SYNTPHONY KNOWLEDGE SEARCH complies with all requirements stipulated by data protection regulations.

We have therefore implemented security and privacy protocols to guarantee personal data protection in accordance with the highest standards established by European regulations. As a result, our customers can be sure that their personal data is protected while benefiting from an integrated and efficient technological solution that boosts their businesses.

  1. What types of data does SYNTPHONY KNOWLEDGE SEARCH process?

The personal data that are processed as a result of the commercialization of the product will depend on the specific functionalities and/or modules that the customer chooses to use. It is important to note that only categories of data explicitly authorized by the client in accordance with the specific instructions provided will be processed by us, and we will ensure that any personal data processing is carried out strictly in accordance with the client's purposes and instructions, thereby ensuring transparency and compliance at all times.

In this particular case, for the use of SYNTPHONY KNOWLEDGE SEARCH, we will process the following items specified below:

  • Categories of Personal Data:

    • Identification and contact details

    • Employment details

    • Personal Characteristics

    • Education and training details

    • Image data

  • Categories of Data Subjects:

    • Controller’s employees

  • Processing Operations:

    • Consultation

    • Modification

    • Recording and Storage

    • Extraction

    • Erasure

    • Collection

    • Structuring

    • Interconnection

    • Ellaboration

  1. Which suppliers does SYNTPHONY KNOWLEDGE SEARCH use?

SYNTPHONY KNOWLEDGE SEARCH may rely on the collaboration of external suppliers to provide software or functionalities complementing the capabilities of the Product, as well as on the collaboration of other NTT DATA group companies for any additional services to be contracted, such as support and maintenance.

NTT DATA is diligent in choosing its suppliers or service providers and in evaluating the guarantees they can demonstrate regarding compliance with applicable data protection laws, with a view to the protection of data subjects.

Any provider acting under the authority of an NTT DATA entity and having access to personal data processes said data following NTT DATA entity’s instructions, or those of its data controller (e.g., its customers), securely and adopts the technical and organizational measures needed to guarantee compliance with applicable data protection laws.

NTT DATA processors and sub-processors are required to sign appropriate agreements that govern the processing and protection of personal data. These agreements include requirements to ensure that the same obligations are passed to any further processors who may process personal data.

In addition, NTT DATA has policies and supporting procedures to ensure that information assets are protected when NTT DATA engages third party service providers and/or processors. This includes requirements for data privacy, information security due diligence and information security risk assessments to be performed, in order to ensure:

  1. Information security requirements are clearly articulated and documented in agreements in accordance with NTT DATA’s information security standards.

  2. NTT DATA service providers and processors implement the same level of protection and control as NTT DATA;

  3. Service providers and processors are required to report any suspected or actual information security incidents to NTT DATA in a timely manner.

  4. Do we transfer personal data outside the EEA?

In most cases, we will process personal data within the European Economic Area (EEA) or in a country that has an adequacy decision issued by the European Commission (Switzerland, Canada, etc.). However, we may use providers that process personal data from locations outside the EEA, including our NTT DATA Group companies.

In any case, we will take all measures to ensure that our suppliers provide adequate guarantees to protect the personal data processed on behalf of our clients, and we contractually require that such personal data are processed in compliance with applicable data protection laws. In particular, with those suppliers that involve an international data transfer, we do:

  • Risk Assessment: Before any international data transfer, we conduct a detailed risk assessment to identify and mitigate potential risks to the security and privacy of personal data.

  • Standard Contractual Clauses (SCCs): SCCs are incorporated into our contracts with our suppliers outside the EEA to ensure an adequate level of personal data protection.

  • Data Protection Agreement (DPA): Our DPA specifies our obligations and commitments, including security, confidentiality, limitations on international data transfers, cooperation with data subjects' rights, and notification of security incidents.

  1. Do we have a Data Protection Officer (DPO)?

To comply with the overarching accountability concept, NTT DATA has implemented procure and avail itself of tools to document and showing compliance with the privacy principles and well as with the applicable data protection laws requirement.

Each company of the NTT DATA dedicates adequate resources to comply with applicable data protection laws, considering different applicable legal requirements of the jurisdictions where NTT DATA operates.

To NTT DATA Group better compliance and to ensure an elevate level of protection of data subjects’ rights and freedoms, which is consistent and harmonised among the various jurisdictions, NTT DATA Group has adopted a hybrid DPO organization model. This model is halfway between a centralized single DPO for the whole group and separate DPOs, and also, Privacy Teams, for each entity in the various jurisdictions.

Therefore, each NTT DATA company has a Data Protection Officer (DPO) in compliance with the applicable laws and regulations, as well as a Local Data Protection Office. The DPO is responsible for the supervision of the data protection strategy and its implementation in order to ensure compliance with legal requirements, as well as acting as a point of contact for any privacy and data protection law related queries. The local Data Protection Office implements and executes the data protection strategy to ensure compliance.

  1. How do we protect personal data?

At NTT DATA we understand the relevance of protecting our clients' personal data. We have therefore implemented a holistic combination of technical and organisational measures designed to guarantee privacy at all phases of the personal data lifecycle, preventing any unauthorised or unlawful processing as well as against any accidental loss, destruction or damage of personal data. In addition, we conduct periodic review processes to assess the compliance and effectiveness of these measures, with the continuous objective of improving security and privacy.

In addition, NTT DATA SPAIN S.L.U. has various certifications that support our commitment to security and privacy, including:

  • ISO/IEC 27001:2022

  • the HIGH category in the “Esquema Nacional de Seguridad” (ENS)

  • ISO 9001:2015

  • ISO 14001:2015

  • ISO/IEC 20000-1:2018

  1. Updates and Modifications

We reserve the right to modify this document to reflect changes in privacy practices or legal updates.

  1. Additional information

PreviousKnowledge SearchNextInfrastructure

Last updated

Was this helpful?