Compliance with GDPR legislation
It is important to us at Continia Software that we protect the personal data of our customers and users and comply with the rules of the EU Personal Data Regulation.
EU Personal Data Regulation
As part of this, we have therefore ensured that all our software solutions comply with the requirements in accordance with GDPR legislation. Therefore, we follow the ISEA 3402 standard framework specifically with the GDPR in mind, which among other things consists of the following components:
- Training of our employees.
- Privacy and data protection are built into development and production.
- Appointment of a dedicated Data Protection Officer.
- Continuous control and measurements.
- All data is processed and stored in the EU.
- All data is processed in accordance with our data processor agreement.
At our Trust Center, it is possible to inquire about our data processing agreement and have it sent to you.
Below you will find the specific description of how Continia Payment Management communicates with Continia Bank Integration Component (CBIC) and Continia Bank Communication Components (CBCC).
Note
The description is part of our data processor agreement and is only available in English.
GDPR compliance for Continia Payment Management
Important
This document is provided by Continia Software to help with GDPR compliance. However, it is your responsibility to properly classify your data and follow any applicable laws and regulations. Continia Software is not responsible for any claims related to your data classification.
To create, send, and retrieve payment files in Payment Management, two external components are used. These components are not part of the Microsoft Dynamics NAV or Microsoft Dynamics 365 Business Central on-premises software package, but are provided by Continia Software. The Continia Bank Integration Component (CBIC) creates the file, while the Continia Bank Communication Components (CBCC) sends the file to the bank and retrieves status files, inpayment files, and account statements.
In Payment Management however, you have the choice to either:
Install and use the Continia Bank Integration Component (CBIC) locally, or
Use the Continia Bank Integration Component (CBIC) on Continia Online.
The Continia Bank Communication Components (CBCC) is always installed locally.
Depending on your choice, only the Continia Online-installed components are relevant for this documentation.
Important
It's important to note that locally installed components or files saved to a local file-location are the responsibility of the user.
Flow
Creating the payment file:
When creating payments with Payment Management, an xml-formatted file is created with payment data from Dynamics NAV or Microsoft Dynamics 365 Business Central on-premises. The file is then sent to the CBIC, either installed locally or using the Continia Online] version.
The CBIC then process the payment data in the xml-formatted file and creates a new xml-formatted file that fits with the chosen banks file format. The new file is then sent back to Dynamics NAV or Microsoft Dynamics 365 Business Central on-premises.
Sending the payment file:
When sending payments with Payment Management, (the payment file returned by the CBIC), depending on which setting the user has selected when setting up the bank, the following flow is used:
If the user has selected Direct Communication, the payment file generated by the CBIC will be sent to the locally installed CBCC Components, which will handle the communication with the bank using the users Certificate.
If the user has selected Manual Communication, the payment file generated by the CBIC is saved on a user-specific file location. The user must then manually upload the file to the bank either using a SFTP folder or using the banks online system, which will handle the communication with the bank.
Retrieving status files, inpayment files and account statements:
When receiving status files, inpayment files and account statements with Payment Management, depending on which setting the user have selected when setting up the bank, the following flow is used:
If the user has selected Direct Communication, Dynamics NAV or Microsoft Dynamics 365 Business Central on-premises generates a request file and sends the file to the locally installed CBCC Components, which will handle the communication with the bank using the users Certificate. Based on the request-file the CBCC Components then retrieves the files requested and send the files back to Dynamics NAV or Microsoft Dynamics 365 Business Central on-premises.
If the user has selected Manuel Communication, the files must be manually downloaded, for example using the banks online system, and afterwards imported into Dynamics NAV or Microsoft Dynamics 365 Business Central on-premises using Payment Management feature-specific import actions.
Expiration
Using Continia Bank Integration Component (CBIC):
Creating the payment file: Data is not saved locally and they expire immiedietly after the generated xml file is sent back to Dynamics NAV or Microsoft Dynamics 365 Business Central on-premises.
Using Continia Bank Communication Components (CBCC):
Creating Certificate: Data is not saved locally and they expire immiedietly after the certificate is sent to the bank and secure communication has been established.
Sending the payment file: Data is not saved locally and they expire immiedietly after the file is sent to the bank.
Retrieving status files, inpayment files and account statements: Data is not saved locally and they expire immiedietly after the rectreived files is sent to Dynamics NAV or Microsoft Dynamics 365 Business Central on-premises.
Content
Data related to Creating and Sending Payment file:
Sender Ex.: Bank Reg. No., Account No., Address, CVR, CPR, Amount, Company Name, Company Address, Currency, Bank Name, Bank IBAN, Bank SWIFT, Sender reference.
Recipient Ex.: Name, Address, Account No. Account Reg. No., Bank Name, Bank IBAN, Bank SWIFT, Creditor Number, SE-No., P-No., Receiver Reference.
Creating Certificate Ex.: Sender ID, Signer ID, Receiver ID, Certificate Holder, activation code.
Data related to Retrieving status files, inpayment files and account statements Ex.:
Bank user information, File reference number from bank, Swift number, IBAN.
Sensitivity
All data is considered personal sensitive.