Personal Data Protection

Topics in this section are especially important if your system or your customers are located in European Union countries.

Data protection is associated with numerous legal requirements and privacy concerns. In addition to compliance with general data privacy acts, it is necessary to consider compliance with industry-specific legislation in different countries. This section describes the specific features and functions that Sinch provides to support compliance with the relevant legal requirements and data privacy.

This section and any other sections in this Security Guide do not give any advice on whether these features and functions are the best method to support company, industry, regional or country-specific requirements. Furthermore, this guide does not give any advice or recommendations with regard to additional features that would be required in a particular environment; decisions related to data protection must be made on a case-by-case basis and under consideration of the given system landscape and the applicable legal requirements.

Note:
  • In the majority of cases, compliance with data privacy laws is not a product feature.

  • Sinch software supports data privacy by providing security features and specific data-protection-relevant functions such as functions for the searching and deletion of personal data.

  • Sinch does not provide legal advice in any form. The definitions and other terms used in this guide are not taken from any given legal source.

Table 1. Some Security-Related Terms

Glossary Term

Definition

Personal data

Information about an identified or identifiable natural person.

Business purpose

A legal, contractual, or other justified reason for the processing of personal data. The assumption is that any business purpose has an end date that is usually already defined when the business purpose starts.

Blocking

A method of restricting access to data for which the primary business purpose has ended.

Deletion

Deletion of personal data so that the data is no longer accessible.

Retention period

The time period during which data must be available.

End of purpose (EoP)

A method of identifying the point in time for a data set when the processing of personal data is no longer required for the primary business purpose. After the EoP has been reached, the data is deleted. If restricted part of the data is saved for longer period, that is, blocked, it can only be accessed by users with special authorization.

The following topics are related to data protection and require appropriate technical and organizational measures:

  • Access control: Authentication features as described in section User Administration and Authentication.

  • Separation by purpose is subject to the organizational model implemented and must be applied as part of the authorization concept. Sinch Contact Pro uses role-based user management that enables defining user authorizations on individual, group, or role level.

CAUTION: The extent to which data protection is ensured depends on secure system operation. Network security, security note implementation, adequate logging of system changes, and appropriate usage of the system are the basic technical requirements for compliance with data privacy legislation and other legislation.