Data Protection FAQs
Data Protection FAQs
Introduction
Synergy Evolution Proprietary Limited (“Synergy Evolution”) adheres to applicable data privacy laws. We believe that everyone has a right to privacy, and we take our responsibilities seriously in processing the personal information of those we do business with.
What is the global view on data protection?
Over 100 nations, including a rising number of African nations, have data protection legislation. The good news is that 80% of the world’s data protection rules are the same. Synergy Evolution, a proudly South African business that competes on a global scale, maintains a global perspective due to the interdependence of data privacy regulations.
What is the GDPR?
The General Data Protection Regulation is known as GDPR. It is a law of the European Union (EU) that went into effect on May 25, 2018. The GDPR sets the global trends for data protection law because Europe is the world leader in data protection. The GDPR establishes how businesses must handle and safeguard the personal data of those residing in the European Union. Although it was created and adopted in the EU, it puts requirements on organizations worldwide that target or gather personal data about EU citizens. Despite having a very limited number of customers in the EU, Synergy Evolution takes the safety of your personal information very seriously and has set itself up to comply with the GDPR.
What is POPIA?
The Protection of Personal Information Act is referred to as POPIA. The law of South Africa controls the gathering, use, and storage of personal data. POPIA recently went into effect in its entirety on July 1, 2021. It strives to improve South Africa’s security and protection of personal information. Synergy Evolution must adhere to POPIA regulations.
POPIA uses different terminology to the GDPR:
- POPIA refers to a responsible party, the GDPR refers to a controller.
- POPIA refers to an operator, the GDPR refers to a processor.
- POPIA refers to personal information, the GDPR refers to personal data.
What is personal information (or personal data)?
Any information that directly or indirectly identifies a person (such as names and contact information) is considered personal information (or personal data) (e.g. email addresses and IP addresses). In contrast to the GDPR, POPIA safeguards the personal information of legal entities, such as businesses, closely held enterprises, and non-profit organizations.
What is Synergy Evolution’s role as defined by data protection laws?
Generally, there are three role players in data protection:
- The data subject: the person to whom the information relates.
- The responsible party: the person who determines why and how to process the personal information.
- The operator: the person who processes personal information on behalf of the responsible party.
Synergy Evolution is either the responsible party or the operator, depending on the circumstance.
- We are the responsible party when we directly collect personal information. A good example is when we directly collect our employees’ personal information because we determine why and decide how to process it.
- Most times however, we are your (our customers’) operator, especially with our different software-as-a-service solutions. Here are some examples:
– We give you features for practice administration, auditing, and financial reporting. Our service enables you to upload your customers’ information for more effective management of their tax, financial, and audit-related issues. We are your operator in this situation because you are utilizing the solution to offer services to your clients and we have access to their data in the backend to assist you in troubleshooting any problems you may have.
– We may also provide you services for managing factory operations and electronic work permits. You employ our technology to keep tabs on the compliance and safety of your employees at a plant. We have the ability to view your employee data from the backend and troubleshoot any problems you might be having.
Although these are our solutions, you are collecting the personal information that we can view, and you are making the decisions on how to process that personal information.
- In summary, if we are processing personal data on your behalf, and you determine the why and the how of the processing, then we are your operator, and you are the responsible party.
Does the GDPR apply to Synergy Evolution’s resellers, collaborators and contractors?
Yes. If you provide products or services to clients in the EU, then you need to comply with the GDPR in the following roles:
- You will be the controller of the personal data that you process about your client or customer.
- You will also be a processor of personal data uploaded to your hosting package on Synergy Evolution’s servers.
Synergy Evolution becomes a sub-processor of the data uploaded to your hosting plan on our servers when a reseller of Synergy Evolution’s services acts as a processor to their clients.
What is an Information Officer (or Data Protection Officer)?
An organization’s information officer is in charge of ensuring that all necessary precautions are taken to preserve the privacy of individuals. A data protection officer or privacy officer is another name for an information officer. If you have any inquiries regarding the protection of your personal information or how we make sure that it is handled in accordance with applicable laws and regulations.
What steps has Synergy Evolution taken to comply with relevant data protection laws?
We have taken several steps to comply with relevant data protection laws, including:
- updating our privacy and information security policies;
- entering into data processing agreements with our customers and suppliers;
- updating our data security on our equipment, infrastructure, and systems; and
- putting in place monitoring processes to ensure adherence to corporate policies and data protection legislation.
Our privacy policy goes into more detail to help you to better understand how we protect your personal information, and you can find it here.
What is a data processing agreement?
A legally binding contract known as a data processing agreement (or data processing addendum, or DPA) specifies a deal between two organizations where one authorizes the other to carry out information operations on their behalf. These relationships nearly always involve a third party handling individuals’ private information. As a result, data processing agreements are typically subject to severe regulations under data protection legislation.
Does Synergy Evolution have data processing agreements?
We have taken proactive measures to amend our numerous agreements, including our customer relationship terms, contractor relationship terms, and various orders, in accordance with our obligations under data protection law. This indicates that your contracts with us already include data protection clauses.
Please get in touch with our information officer if you have any additional questions regarding whether you require a DPA with us. To ensure adherence to pertinent data protection rules, we are delighted to collaborate with you.
In terms of POPIA, does the law prohibit Synergy Evolution from transferring personal information cross-border?
Typically, no. However, POPIA does impose a number of restrictions on the cross-border transmission of personal data by a responsible party. Synergy Evolution often operates as an operator in accordance with the definition of POPIA on behalf of our clients (the responsible party). Under the condition that a responsible party is informed by an operator where personal data is transferred, POPIA authorizes operators to transfer personal data outside of South Africa.
We may have to transmit the personal information you entrust to us outside of South Africa in order to provide you with our products and services. This is particularly true of our products’ cloud-based technology-based products.
Although cloud infrastructure may not always be based in South Africa, we have taken appropriate due diligence and care to ensure that:
- the infrastructure is either located in countries that have similar data protection laws to South Africa to ensure that your personal data is protected; or
- We have agreements in place to ensure that the information is protected and kept secure, where the countries that do not have adequate data protection laws like POPIA.
The personal information you entrust to Synergy Evolution is protected to the best of our ability through the use of industry-standard information security measures.
Synergy Evolution is still dedicated to assisting you in achieving more by collaborating to safeguard personal information.