Privacy
How SYNTPHONY PAYMENTS manages privacy?
Do we take privacy into account in the development of SYNTPHONY PAYMENTS?
In our technological development process, we integrate from the beginning the principles of privacy by design and comply with the applicable data protection regulations. This means that every stage of the conception, design and deployment of our solutions is carried out with privacy as a central element. We apply proactive measures to guarantee personal data protection, ensuring that our technologies not only comply with relevant legal and regulatory standards, such as the General Data Protection Regulation (GDPR), but also promote trust and security for our customers.
At NTT DATA, we help our clients fulfil current and future business needs by developing products and assets that work together to multiply business value. In doing so, we constantly track the global picture of privacy and align our technology to comply with data protection regulations, ensuring that our customers can operate with confidence and security in the personal data processing when they use our products.
What does NTT DATA do to comply with privacy regulations?
The personal data protection is a NTT DATA priority. We ensure that SYNTPHONY PAYMENTS complies with all requirements stipulated by data protection regulations.
We have therefore implemented security and privacy protocols to guarantee personal data protection in accordance with the highest standards established by European regulations. As a result, our customers can be sure that their personal data is protected while benefiting from an integrated and efficient technological solution that boosts their businesses.
What types of data does SYNTPHONY PAYMENTS process?
The personal data that are processed as a result of the commercialization of the product will depend on the specific functionalities and/or modules that the customer chooses to use. It is important to note that only categories of data explicitly authorized by the client in accordance with the specific instructions provided will be processed by us, and we will ensure that any personal data processing is carried out strictly in accordance with the client's purposes and instructions, thereby ensuring transparency and compliance at all times.
In this particular case, for the use of SYNTPHONY PAYMENTS, we will process the following items specified below:
Categories of Personal Data:
Identification and contact data
Transactional data
Bank details and credit data
Settlement and payment data
Economic data
Personal Characteristics
Access data
Usage and connection data
Categories of Data Subjects:
End customers
Employees
Suppliers
Users
Identification and contact data
Transactional data
Bank details and credit data
Settlement and payment data
Economic data
Personal Characteristics
Access data
Usage and connection data
Categories of Data Subjects:
End customers
Employees
Suppliers
Users
Processing Operations:
Consultation
Recording and Storage
Interconnection
Extraction
Disclosure by transmission
Blocking and erasure
Collection
Retrieval
Comparison
Structuring and Organization
Which suppliers does SYNTPHONY PAYMENTS use?
SYNTPHONY PAYMENTS may rely on the collaboration of suppliers that provide specific software complementing the capabilities of the Product or provide cloud hosting related to both the data hosting in the cloud and the provision of additional services as required (infrastructure maintenance and management, support, etc.).
These suppliers can be either companies within the NTT DATA group or external companies, and may change depending on technical and/or commercial developments. The corresponding data processing agreement signed with the Client will specify the suppliers that may process personal data as sub-processors, which may include the following:
NTT DATA SPAIN CENTERS, S.L.U.
NTT DATA SPAIN Infrastructures Engineering, S.L.U.
NTT DATA SPAIN Infrastructures Operations, S.L.U.
MICROSOFT AZURE
REDSYS SERVICIOS DE PROCESAMIENTO, S.L
NTT DATA SPAIN BPO, S.L.U. Sucursal del Perú
NTT DATA is diligent in choosing its suppliers or service providers and in evaluating the guarantees they can demonstrate regarding compliance with applicable data protection laws, with a view to the protection of data subjects.
Any provider acting under the authority of an NTT DATA entity and having access to personal data processes said data following NTT DATA entity’s instructions, or those of its data controller (e.g., its customers), securely and adopts the technical and organizational measures needed to guarantee compliance with applicable data protection laws.
NTT DATA processors and sub-processors are required to sign appropriate agreements that govern the processing and protection of personal data. These agreements include requirements to ensure that the same obligations are passed to any further processors who may process personal data.
In addition, NTT DATA has policies and supporting procedures to ensure that information assets are protected when NTT DATA engages third party service providers and/or processors. This includes requirements for data privacy, information security due diligence and information security risk assessments to be performed, in order to ensure:
a. Information security requirements are clearly articulated and documented in agreements in accordance with NTT DATA’s information security standards.
b. NTT DATA service providers and processors implement the same level of protection and control as NTT DATA;
c. Service providers and processors are required to report any suspected or actual information security incidents to NTT DATA in a timely manner.
Do we transfer personal data outside the EEA?
In most cases, we will process personal data within the European Economic Area (EEA) or in a country that has an adequacy decision issued by the European Commission (Switzerland, Canada, etc.). However, we may use providers that process personal data from locations outside the EEA, including our NTT DATA Group companies.
In any case, we will take all measures to ensure that our suppliers provide adequate guarantees to protect the personal data processed on behalf of our clients, and we contractually require that such personal data are processed in compliance with applicable data protection laws. In particular, with those suppliers that involve an international data transfer, we do:
Risk Assessment: Before any international data transfer, we conduct a detailed risk assessment to identify and mitigate potential risks to the security and privacy of personal data.
Standard Contractual Clauses (SCCs): SCCs are incorporated into our contracts with our suppliers outside the EEA to ensure an adequate level of personal data protection.
Data Protection Agreement (DPA): Our DPA specifies our obligations and commitments, including security, confidentiality, limitations on international data transfers, cooperation with data subjects' rights, and notification of security incidents.
Do we have a Data Protection Officer (DPO)?
To comply with the overarching accountability concept, NTT DATA has implemented procure and avail itself of tools to document and showing compliance with the privacy principles and well as with the applicable data protection laws requirement.
Each company of the NTT DATA dedicates adequate resources to comply with applicable data protection laws, considering different applicable legal requirements of the jurisdictions where NTT DATA operates.
To NTT DATA Group better compliance and to ensure an elevate level of protection of data subjects’ rights and freedoms, which is consistent and harmonised among the various jurisdictions, NTT DATA Group has adopted a hybrid DPO organization model. This model is halfway between a centralized single DPO for the whole group and separate DPOs, and also, Privacy Teams, for each entity in the various jurisdictions.
Therefore, each NTT DATA company has a Data Protection Officer (DPO) in compliance with the applicable laws and regulations, as well as a Local Data Protection Office. The DPO is responsible for the supervision of the data protection strategy and its implementation in order to ensure compliance with legal requirements, as well as acting as a point of contact for any privacy and data protection law related queries. The local Data Protection Office implements and executes the data protection strategy to ensure compliance.
How do we protect personal data?
At NTT DATA we understand the relevance of protecting our clients' personal data. We have therefore implemented a holistic combination of technical and organisational measures designed to guarantee privacy at all phases of the personal data lifecycle, preventing any unauthorised or unlawful processing as well as against any accidental loss, destruction or damage of personal data. In addition, we conduct periodic review processes to assess the compliance and effectiveness of these measures, with the continuous objective of improving security and privacy.
In addition, NTT DATA SPAIN S.L.U has various certifications that support our commitment to security and privacy, including:
ISO/IEC 27001:2022
the HIGH category in the “Esquema Nacional de Seguridad” (ENS)
ISO 9001:2015
ISO 14001:2015
ISO/IEC 20000-1:2018
PCI DSS v.3.2.1
How does NTT DATA help customers comply with regulations in the use of SYNTPHONY PAYMENTS?
a) Fairness and transparency
At NTT DATA we understand the importance of compliance with the principles of transparency and fair processing, so we have created this template to facilitate the identification of processing operations and sub-processors so that the Client, as the data controller, can comply with its obligations with respect to these principles.
b) Data Protection Rights
NTT DATA Group has implemented policies, procedures, forms, and tools to enable the data subjects to exercise their rights (“DSR”) considering the visibility, accessibility, and simplicity of the applicable DSR system. All this allows us to efficiently assist in the management of rights requests such as access, rectification, objection, portability, erasure, restriction of processing and other rights established by the regulations.
NTT DATA Group makes available to its employees, clients, users, contractors, or any other data subjects who own the personal data in the databases, systems or other means of information owned by the entities of NTT DATA Group, appropriate channels to receive and respond to requests, inquiries, and claims from their owners so that they can exercise their rights.
NTT DATA Group maintains a record of all data subject requests received and the actions taken to respond to these requests.
We are diligent in notifying the client of the rights requests we receive and following the procedures established by the applicable regulations to guarantee the protection and privacy of personal data, safeguarding the rights and freedoms of data subjects.
c) Personal Data Breaches
At NTT DATA we effectively manage our clients' data breaches through internal protocols. In this way, we are constantly monitoring our systems to prevent security incidents and/or breaches affecting personal data.
Therefore, in the event of a breach, in accordance with established protocols, research plans will be undertaken to determine whether the confidentiality, integrity and availability of personal data has been compromised. In addition, the client will be notified without undue delay of any data breaches of which we become aware.
This communication will always include the relevant aspects of the incident, such as the nature of the breach, the number of individuals affected, the actions taken, etc. In the event that all information cannot be provided immediately, it will be provided in a gradual way without undue delay. In addition, we have established clear procedures for the ongoing monitoring of reported breaches, ensuring a quick and adequate response to mitigate any potential impact on the security of personal data.
d) Deletion and/or Return of Personal Data at the end of the provision of services
NTT DATA has protocols for the return and/or deletion of information at the end of the contract with the client, strictly following the instructions received by the client. Our commitment is to ensure that any personal data collected or processed is handled with the utmost security and in accordance with the principles of data protection, while respecting confidentiality and privacy throughout the entire lifecycle of personal data.
Updates and Modifications
We reserve the right to modify this document to reflect changes in privacy practices or legal updates.
Additional information Please, refer to our Privacy Policies and our website Syntphony - Home for additional Information about SYNTPHONY PAYMENTS.
Last updated
Was this helpful?