Personal Data Protection
Topics in this section are especially important if your system or your customers are located in European Union countries.
- Privacy Statement and Data Protection Officer
- Deletion of Personal Data
- Sensitive Personal Data
- Logging Changes to Personal Data
- Customer Consent for Saving Personal Data
- Generating Personal Data Report
Data protection is associated with numerous legal requirements and privacy concerns. In addition to compliance with general data privacy acts, it is necessary to consider compliance with industry-specific legislation in different countries. This section describes the specific features and functions that Sinch provides to support compliance with the relevant legal requirements and data privacy.
This section and any other sections in this Security Guide do not give any advice on whether these features and functions are the best method to support company, industry, regional or country-specific requirements. Furthermore, this guide does not give any advice or recommendations with regard to additional features that would be required in a particular environment; decisions related to data protection must be made on a case-by-case basis and under consideration of the given system landscape and the applicable legal requirements.
-
In the majority of cases, compliance with data privacy laws is not a product feature.
-
Sinch software supports data privacy by providing security features and specific data-protection-relevant functions such as functions for the searching and deletion of personal data.
-
Sinch does not provide legal advice in any form. The definitions and other terms used in this guide are not taken from any given legal source.
Glossary Term |
Definition |
---|---|
Personal data |
Information about an identified or identifiable natural person. |
Business purpose |
A legal, contractual, or other justified reason for the processing of personal data. The assumption is that any business purpose has an end date that is usually already defined when the business purpose starts. |
Blocking |
A method of restricting access to data for which the primary business purpose has ended. |
Deletion |
Deletion of personal data so that the data is no longer accessible. |
Retention period |
The time period during which data must be available. |
End of purpose (EoP) |
A method of identifying the point in time for a data set when the processing of personal data is no longer required for the primary business purpose. After the EoP has been reached, the data is deleted. If restricted part of the data is saved for longer period, hat is, blocked, it can only be accessed by users with special authorization. |
The following topics are related to data protection and require appropriate technical and organizational measures:
-
Access control: Authentication features as described in section User Administration and Authentication.
-
Separation by purpose is subject to the organizational model implemented and must be applied as part of the authorization concept. Sinch Contact Center uses role-based user management that enables defining user authorizations on individual, group, or role level.