Overholdelse af GDPR-lovgivning

• 19/04/2024
• 8 minutter at læse

Det er vigtigt for os hos Continia Software, at vi beskytter vores kunders og brugeres personoplysninger og overholder reglerne i EU's persondataforordning.

EU's persondataforordning

Som et led i dette har vi derfor sikret, at alle vores softwareløsninger overholder kravene i overensstemmelse med GDPR lovgivningen. Derfor følger vi ISEA 3402 standardrammen specifikt med GDPR i tankerne, der blandt andet består af følgende komponenter:

• Uddannelse af vores medarbejdere.
• Beskyttelse af personlige oplysninger og databeskyttelse er indbygget i udvikling og produktion.
• Udnævnelse af dedikeret Data Protection Officer.
• Kontinuerlig kontrol og målinger.
• Alle data behandles og opbevares i EU.
• Alle data behandles i overensstemmelse med vores databehandleraftale.

Via vores Trust Center kan du anmode om at få tilsendt vores databehanderaftale.

Nedenfor finder du den specifikke beskrivelse af, hvordan Continia Payment Management kommunikerer med Continia Bank Integration Component (CBIC) og Continia Bank Communication Components (CBCC).

GDPR-compliance for Continia Payment Management

When using Payment Management you can create, send and retrieve payment files.

This is accomplished with the use of two external components installed on Continia Online, meaning they are not part of the Microsoft Dynamics NAV or Microsoft Dynamics 365 Business Central on-premises software package, but delivered by Continia Software.

1. The Continia Bank Integration Component (CBIC) for creating the file, and
2. The Continia Bank Communication Components (CBCC) for sending the file to the bank and for retrieving status files, inpayment files and account statements.

In Payment Management however, you have the choice to either:

1. Install and use the Continia Bank Integration Component (CBIC) locally, or

2. Use the Continia Bank Integration Component (CBIC) on Continia Online.

The Continia Bank Communication Components (CBCC) is always installed locally.

Depending on your settings above, only Continia Online-installed components is Continia Softwares responsibility and therefore relevant for this documentation.

Flow

Creating the payment file:

When creating payments with Payment Management, an xml-formatted file is created with payment data from Dynamics NAV or Microsoft Dynamics 365 Business Central on-premises. The file is then send to the CBIC, either installed locally or using the Continia Online version.

The CBIC then process the payment data in the xml-formatted file and creates a new xml-formatted file that fits with the chosen banks file format. The new file is then send back to Dynamics NAV or Microsoft Dynamics 365 Business Central on-premises.

Sending the payment file:

When sending payments with Payment Management, (the payment file returned by the CBIC), depending on which setting the user have selected when setting up the bank, the following flow is used:

1. If the user have selected Direct Communication, the payment file generated by the CBIC will be send to the locally installed CBCC Components, which will handle the communication with the bank using the users Certificate.

2. If the user have selected Manuel Communication, the payment file generated by the CBIC is saved on a user-specific file location. The user must then manually upload the file to the bank either using a SFTP-folder or using the banks online system, which will handle the communication with the bank.

Retrieving status files, inpayment files and account statements:

When receiving status files, inpayment files and account statements with Payment Management, depending on which setting the user have selected when setting up the bank, the following flow is used:

1. If the user have selected Direct Communication, Dynamics NAV or Microsoft Dynamics 365 Business Central on-premises generates a request file and sends the file to the locally installed CBCC Components, which will handle the communication with the bank using the users Certificate. Based on the request-file the CBCC Components then retrieves the files requested and send the files back to Dynamics NAV or Microsoft Dynamics 365 Business Central on-premises.

2. If the user have selected Manuel Communication, the files must be manually downloaded, for example using the banks online system, and afterwards imported into Dynamics NAV or Microsoft Dynamics 365 Business Central on-premises using Payment Management feature-specific import actions.

Expiration

Using Continia Bank Integration Component (CBIC):

Creating the payment file: Data is not saved locally and they expire immiedietly after the generated xml file is sent back to Dynamics NAV or Microsoft Dynamics 365 Business Central on-premises.

Using Continia Bank Communication Components (CBCC):

Creating Certificate: Data is not saved locally and they expire immiedietly after the certificate is send to the bank and secure communication has been established.

Sending the payment file: Data is not saved locally and they expire immiedietly after the file is send to the bank.

Retrieving status files, inpayment files and account statements: Data is not saved locally and they expire immiedietly after the rectreived files is send to Dynamics NAV or Microsoft Dynamics 365 Business Central on-premises.

Content

Data related to Creating and Sending Payment file:

Sender Ex.: Bank Reg. No., Account No., Address, CVR, CPR, Amount, Company Name, Company Address, Currency, Bank Name, Bank IBAN, Bank SWIFT, Sender reference.

Recipient Ex.: Name, Address, Account No. Account Reg. No., Bank Name, Bank IBAN, Bank SWIFT, Creditor Number, SE-No., P-No., Receiver Reference.

Creating Certificate Ex.: Sender-id, Signer-id, Receiver-id, Certificate-holder, activation-code.

Data related to Retrieving status files, inpayment files and account statements Ex.:

Bank user information, File reference number from bank, Swift number, IBAN.

Sensitivity

All data is considered personal sensitive.