Managing your Payment Management Data
At Continia Software it is important to protect the personal data of our customers, by complying with the rules of the EU Personal Data Regulation.
EU Personal Data Regulation
All Continia software solutions comply with the requirements in accordance with GDPR legislation. Therefore, we follow the ISEA 3402 standard framework specifically with the GDPR in mind, which among other things consists of the following components:
- Training of our employees.
- Privacy and data protection are built into development and production.
- Appointment of a dedicated Data Protection Officer.
- Continuous control and measurements.
- All data is processed and stored in the EU.
- All data is processed in accordance with our data processor agreement.
At our Continia Trust Center, it is possible to inquire our data processing agreement and have it sent to you.
Below you will find the specific description of how Continia Payment Management communicates with Continia Bank Integration Component (CBIC) and Continia Bank Communication Components (CBCC).
GDPR compliance for Continia Payment Management
When using Payment Management you will create, send and retrieve payment files. The file communication and data managements is accomplished with the use of two external components installed on Continia Online, meaning they are not part of the Microsoft Dynamics 365 Business Central software package, but delivered by Continia Software. The two external components concerns:
The Continia Bank Integration Component (CBIC), for creating the files.
The Continia Bank Communication Component (CBCC), for sending the files to the bank and for retrieving status files, cash receipt files and account statements.
Important
Continia Software is providing this GDPR-compliance document as a matter of convenience only. It's your responsibility to classify the data appropriately and comply with any laws and regulations that are applicable to you. Continia Software disclaims all responsibility towards any claims related to your classification of the data.
Also, files saved to a local file-location, is the responsibility of the user.
Data flow when sending and importing files
Creating the payment file
When creating payments with Payment Management, an xml-formatted file is created with payment data from Microsoft Dynamics 365 Business Central. The file is then send to the CBIC Component on Continia Online.
The CBIC Component then process the payment data in the xml-formatted file and creates a new xml-formatted file that fits with the chosen banks file format. The new file is then send back to Microsoft Dynamics 365 Business Central.
Sending the payment file
When sending payments with Payment Management, (the payment file returned by the CBIC Component), depending on which setting the user have selected when setting up the bank, the following flow is used:
- If the user has selected Direct Communication, the payment file generated by the CBIC Component will be send to the CBCC Component on Continia Online, which will handle the communication with the bank using the users Certificate.
- If the user has selected Manuel Communication, the payment file generated by the CBIC Component is saved on a user specific file location. The user must then manually upload the file to the bank either using a SFTP-folder or using the banks online system, which will handle the communication with the bank.
Retrieving status files, cash receipt files and account statements
When receiving status files, cash receipt files and account statements with Payment Management, depending on which setting the user have selected when setting up the bank, the following flow is used:
- If the user has selected Direct Communication, Business Central generates a request file and sends the file to the CBCC Component on Continia Online, which will handle the communication with the bank using the users Certificate. Based on the request-file the CBCC Component then retrieves the files requested and send the files back to Business Central.
- If the user has selected Manuel Communication, the files must be manually downloaded, for example using the banks online system, and afterwards imported into Business Central using Payment Management feature-specific import actions.
Data store expiration
Using Continia Bank Integration Component (CBIC):
Creating the payment file, data is not saved locally, and they expire immediately after the generated xml file is sent back to Business Central.
Using Continia Bank Communication Component (CBCC):
- Creating Certificate: Data is not saved locally, and they expire immediately after the certificate is send to the bank and secure communication has been established.
- Sending the payment file: Data is not saved locally, and they expire immediately after the file is send to the bank.
- Retrieving status files, cash receipt files and account statements: Data is not saved locally, and they expire immediately after the retrieved files is send to Business Central.
Content
Data related to Creating and Sending Payment file:
Sender Ex.: Bank Reg. No., Account No., Address, CVR, CPR, Amount, Company Name, Company Address, Currency, Bank Name, Bank IBAN, Bank SWIFT, Sender reference.
Recipient Ex.: Name, Address, Account No. Account Reg. No., Bank Name, Bank IBAN, Bank SWIFT, Creditor Number, SE-No., P-No., Receiver Reference.
Creating Certificate Ex.: Sender-id, Signer-id, Receiver-id, Certificate-holder, activation-code.
Data related to Retrieving status files, cash receipt files and account statements Ex.:
Bank user information, File reference number from bank, Swift number, IBAN.
Sensitivity
All data is considered personal sensitive.