Personal data and associated processing in Sage XRT Solution

User management

User management is centralized in the Administration Console (Data security).

The list of users is automatically populated after user creation in the Administration Console.

User administration within Sage XRT Solution involves defining the application security policy: access rights to functions, actions, data (Companies, Accounts).

Security Policy

You can adapt the security policy to your specific organization scheme and set your own security level for each function of the product and every action linked.

Users can be granted the rights to view, create, edit and/or delete data.

In the example below, the user is not authorized to create data:

Employee management

The Employees table enables you to specify individuals from your company that will act as Delegators and/or Delegatees in the management chain of Bank Delegations.

Viewing employees:

Viewing employees’ personal data:

Purpose of Employees Data Processing

Employees created as Delegators and/or Delegatees are key information to implement the electronic management of Bank Delegations in your company.

The process associated to employees data lies on bank delegations management.

Bank Delegations consist of the following elements:

• Delegator(s)
• Delegatee(s)
• Bank Account(s)
• Transaction Type(s)
• Signature Type(s)
• Limit
• Date

As far as signatories are concerned, a bank delegation will only contain the essential information: their name.

Reporting

The data displayed can be customized and exported in various formats, according to the audit requirements in your company:

• Excel format
• Json format
• custom structure in a fixed or variable format

Data grid for all employees in the application:

XLS output for employees list:

Identification of bank delegations by accounts, using the list of authorized employees:

Employees Administration

A set of actions is available to update the personal data in the employees table (change of position, e-mail address, etc.), and even delete them provided the corresponding employees have not been activated or assigned any bank delegation.

When an employee leaves the company, this specific action is available: Deactivate Employee.

Documents Management

Sage XRT Solution enables the safe storage of various document types, such as ID Documents or Signatures. These documents can be imported as attachments for each employee.

Only the employees involved in the bank delegation chain within the company are referenced in the database, with the information that was strictly necessary to create a delegation:

• Individual’s name
• Phone number
• Email address
• Copy of the ID card
• Handwritten specimen signature

Documents are sent by email or by post to all banking partners of your company.

Storage

All employee documents are stored into the database in an encrypted way.

Encryption

The solution uses industry-proved crypto-algorithms: AES256 (AES with 256-bit key), HMASCHA512, HMASCHA256, PBKDF2, MS DPAPI.

All the documents are encrypted with AES256 and signed with HMACSHA512.

Every document is encrypted with a unique session key which is derived with HMACSHA256 function from the common master key. It means the knowledge of the key used for encryption of a particular document gives no possibility to decrypt any other document.

Encryption/decryption is performed on the platform level and is totally transparent.

Bank Branch Contacts

Contact information for branches includes the names of individuals working for the banks in charge of back-office treasury operations, and linked to the company treasurers.

The list of bank branches is available for information purposes and can be modified and/or deleted.

Personal data linked to contact persons consist in the information displayed in Contact and Addresses tabs.

Purpose of Contact Data Processing

Personal data from the Contact part of the application can be used for sending confirmation letters to the banks.

Contact Management

To manage contact information, you can create custom filters and views displaying personal data such as Name, Address, Phone.

You can select a branch to display the related contacts in the data grid.

The Modify and Delete actions enable the management of the personal data associated with the branch.

Reporting

The Export to Excel action enables the listing of the personal data associated with each bank branch.

Display of all bank branch contacts:

Personal data list