Compliance with GDPR legislation

It is important to us at Continia Software that we protect the personal data of our customers and users and comply with the rules of the EU Personal Data Regulation.

EU Personal Data Regulation

As part of this, we have therefore ensured that all our software solutions comply with the requirements in accordance with GDPR legislation. Therefore, we follow the ISEA 3402 standard framework specifically with the GDPR in mind, which among other things consists of the following components:

  • Training of our employees.
  • Privacy and data protection are built into development and production.
  • Appointment of a dedicated Data Protection Officer.
  • Continuous control and measurements.
  • All data is processed and stored in the EU.
  • All data is processed in accordance with our data processor agreement.

At our Trust Center, it is possible to inquire our data processing agreement and have it sent to you.

Below you will find the specific description of how Continia Payment Management communicates with Continia Bank Integration Component (CBIC) and Continia Bank Communication Components (CBCC).

Note

The description is part of our data processor agreement and is only available in English.

GDPR compliance for Continia Payment Management

Important

Continia Software is providing this GDPR-compliance document as a matter of convenience only. It's your responsibility to classify the data appropriately and comply with any laws and regulations that are applicable to you. Continia Software disclaims all responsibility towards any claims related to your classification of the data.

When using Payment Management you can create, send and retrieve payment files.

This is accomplished with the use of two external components installed on Continia Online], meaning they are not part of the Microsoft Dynamics NAV or Microsoft Dynamics 365 Business Central on-premises software package, but delivered by Continia Software.

  1. The Continia Bank Integration Component (CBIC) for creating the file, and
  2. The Continia Bank Communication Components (CBCC) for sending the file to the bank and for retrieving status files, inpayment files and account statements.

In Payment Management however, you have the choice to either:

  1. Install and use the Continia Bank Integration Component (CBIC) locally, or

  2. Use the Continia Bank Integration Component (CBIC) on Continia Online].

The Continia Bank Communication Components (CBCC) is always installed locally.

Depending on your settings above, only Continia Online] -installed components is Continia Software s responsibility and therefore relevant for this documentation.

Important

Locally installed components, or files saved to a local file-location, is the responsibility of the user.

Flow

Creating the payment file:

When creating payments with Payment Management, an xml-formatted file is created with payment data from Dynamics NAV or Microsoft Dynamics 365 Business Central on-premises. The file is then sent to the CBIC, either installed locally or using the Continia Online] version.

The CBIC then process the payment data in the xml-formatted file and creates a new xml-formatted file that fits with the chosen banks file format. The new file is then sent back to Dynamics NAV or Microsoft Dynamics 365 Business Central on-premises.

Sending the payment file:

When sending payments with Payment Management, (the payment file returned by the CBIC), depending on which setting the user has selected when setting up the bank, the following flow is used:

  1. If the user has selected Direct Communication, the payment file generated by the CBIC will be sent to the locally installed CBCC Components, which will handle the communication with the bank using the users Certificate.

  2. If the user has selected Manual Communication, the payment file generated by the CBIC is saved on a user-specific file location. The user must then manually upload the file to the bank either using a SFTP folder or using the banks online system, which will handle the communication with the bank.

Retrieving status files, inpayment files and account statements:

When receiving status files, inpayment files and account statements with Payment Management, depending on which setting the user have selected when setting up the bank, the following flow is used:

  1. If the user has selected Direct Communication, Dynamics NAV or Microsoft Dynamics 365 Business Central on-premises generates a request file and sends the file to the locally installed CBCC Components, which will handle the communication with the bank using the users Certificate. Based on the request-file the CBCC Components then retrieves the files requested and send the files back to Dynamics NAV or Microsoft Dynamics 365 Business Central on-premises.

  2. If the user has selected Manuel Communication, the files must be manually downloaded, for example using the banks online system, and afterwards imported into Dynamics NAV or Microsoft Dynamics 365 Business Central on-premises using Payment Management feature-specific import actions.

Expiration

Using Continia Bank Integration Component (CBIC):

Creating the payment file: Data is not saved locally and they expire immiedietly after the generated xml file is sent back to Dynamics NAV or Microsoft Dynamics 365 Business Central on-premises.

Using Continia Bank Communication Components (CBCC):

Creating Certificate: Data is not saved locally and they expire immiedietly after the certificate is sent to the bank and secure communication has been established.

Sending the payment file: Data is not saved locally and they expire immiedietly after the file is sent to the bank.

Retrieving status files, inpayment files and account statements: Data is not saved locally and they expire immiedietly after the rectreived files is sent to Dynamics NAV or Microsoft Dynamics 365 Business Central on-premises.

Content

Data related to Creating and Sending Payment file:

Sender Ex.: Bank Reg. No., Account No., Address, CVR, CPR, Amount, Company Name, Company Address, Currency, Bank Name, Bank IBAN, Bank SWIFT, Sender reference.

Recipient Ex.: Name, Address, Account No. Account Reg. No., Bank Name, Bank IBAN, Bank SWIFT, Creditor Number, SE-No., P-No., Receiver Reference.

Creating Certificate Ex.: Sender ID, Signer ID, Receiver ID, Certificate Holder, activation code.

Data related to Retrieving status files, inpayment files and account statements Ex.:

Bank user information, File reference number from bank, Swift number, IBAN.

Sensitivity

All data is considered personal sensitive.