Personal Data Protection

This section provides information about handling of personal data in Sinch Contact Pro and describes the specific features and functions Sinch Contact Pro provides to support compliance with the relevant legal requirements and data privacy.

Data protection is associated with numerous legal requirements and privacy concerns. In addition to compliance with general data privacy acts, it is necessary to consider compliance with industry-specific legislation in different countries. This section describes the specific features and functions that Sinch provides to support compliance with the relevant legal requirements and data privacy.

This document does not constitute a legal advice; instead, all information, content, and materials available in this document are for general informational purposes only. No claim or representation is made or warranty given, express or implied, in relation to any of the information. If customer would like to receive legal advice, Sinch recommends that it contacts its own internal or external lawyers. Furthermore, this guide does not give any advice or recommendations with regard to additional features that would be required in a particular environment; decisions related to data protection must be made on a case-by-case basis and under consideration of the given system landscape and the applicable legal requirements.

Note:

  • In most cases, compliance with data privacy laws is not a product feature.

  • Sinch software supports data privacy by providing security features and specific data-protection-relevant functions such as functions for the searching and deletion of personal data.

  • Sinch does not provide legal advice in any form. The definitions and other terms used in this guide are not taken from any given legal source.

Term

Definition

Personal data

Information about an identified or identifiable natural person.

Business purpose

A legal, contractual, or other justified reason for the processing of personal data. The assumption is that any business purpose has an end date that is usually already defined when the business purpose starts.

Blocking

A method of restricting access to data for which the primary business purpose has ended.

Deletion

Deletion of personal data so that the data is no longer accessible.

Retention period

The time period during which data must be available.

End of purpose (EoP)

A method of identifying the point in time for a data set when the processing of personal data is no longer required for the primary business purpose. After the EoP has been reached, the data is deleted. If restricted part of the data is saved for longer period, that is, blocked, it can only be accessed by users with special authorization.

The following topics are related to data protection and require appropriate technical and organizational measures:

  • Access control: Authentication features as described in section User Administration and Authentication.

  • Separation by purpose is subject to the organizational model implemented and must be applied as part of the authorization concept. Sinch Contact Pro uses role-based user management that enables defining user authorizations on individual, group, or role level.

CAUTION: The extent to which data protection is ensured depends on secure system operation. Network security, security note implementation, adequate logging of system changes, and appropriate usage of the system are the basic technical requirements for compliance with data privacy legislation and other legislation.