DORA

DORA is an EU regulation that strengthens digital resilience in the financial sector, including banks, insurance companies, investment firms, and critical ICT providers. It establishes a comprehensive framework for financial entities to manage digital risks, test their systems, and report major incidents. DORA requires organizations to implement robust ICT risk management frameworks, conduct regular digital resilience testing, and monitor third-party technology providers.

Try Our Tool

About DORA Assessment Tool

Our DORA Assessment Tool helps financial institutions evaluate their current digital operational resilience status and prepare for compliance. The tool provides a comprehensive analysis of your organization’s readiness for DORA implementation.

Thought Leadership

Latest post from the Synch team

DORA's Technical Side: What Third Party Providers of ICT Services Need to Do
In this third article, we break down what third-party providers of ICT services need to do to start their DORA compliance journey.
Read more
DORA's Technical Side: What Financial Entities need to do
As stated in our first article: “DORA – Let’s turn regulatory challenges into strategic advantages” we provided a breakdown of DORA describing what it is, why it matters and last but not least answered the question: Who needs to care about it?
Read more
DORA - Let's turn regulatory challenges into strategic advantages!
The Digital Operational Resilience Act (DORA) is a transformative regulation set to reshape the digital landscape of financial services within the European Union (EU).
Read more

Recent DORA News

Stay updated with the latest developments

EU Finalizes DORA Implementation Timeline
January 2025

Key updates on compliance deadlines and requirements

Test Your DORA Knowledge

Challenge yourself with our interactive quiz

Contact Our Experts

Get personalized guidance on DORA compliance

Johan Ragnar
DORA Compliance Expert
Schedule Consultation
Marcus Appeltofft
DORA Compliance Expert
Schedule Consultation
*ZeroGravity is an innovation platform by Synch that does not provide legal advice or services. For legal inquiries, please contact Synch directly.
Privacy Notice
Privacy Policy

PRIVACY NOTICE FOR ZERO GRAVITY

If you arereading this privacy notice, you are visiting Zero Gravity, a platform designedto transcend traditional legal barriers, and you seek to understand how Synchprocesses your personal data. This notice is published to provide you with acomprehensive understanding of how we process your personal data within ZeroGravity, the reasons for such processing, and to inform you of your dataprotection rights.

WHO WE ARE

Zero Gravity is operating under theumbrella of Synch Advokat AB (Org.no 556955-6656) (“Synch”, “we”, “our”) and weare responsible for any processing of your personal data taking place at ZeroGravity.

You can find us at:

Phone: +46(0)8 761 35 35

Email: privacy@synch.law

Address:P.O. Box 3631 SE-103 59 Stockholm Sweden

VisitingAddress: Birger Jarlsgatan 6 Stockholm Sweden

Kindly note that this privacy notice doesnot cover any processing of personal data on our main website (www.synch.com).

 INFORMATION ABOUT THE PROCESSINGIN ZERO GRAVITY

In the following table you will find morethorough information relating to the processing of your personal data in ZeroGravity, such as (i) the purposes for which we process your personal data, (ii)the legal bases upon which we process it, (iii) what categories of personaldata we process to achieve each listed purpose, and (iv) the retention time ofsuch data:

Purpose of Processing

• To enable you to use the legal assessment tools on Zero Gravity

• To market our services

Legal Basis

• Our legitimate interest to provide you with legal assessment tools that we created.

• Our legitimate interest in marketing our services, including other similar products in Zero Gravity.

Personal Data

• Your (business) email and your results (i.e. your responses to the questionnaires).

• Your (business) email.

Retention Time

• We will store your email and results for one month upon completion of the questionnaire. This retention time will enable us to resend you the results upon your request.

• We may use your email to market our services and similar products. You can always opt out from our mailing list by clicking the “unsubscribe” button at the end of each email communication. Once you unsubscribe, we will no longer use your email address for marketing communications.

COOKIES AND SIMILAR TECHNOLOGIES

At Zero Gravity, we do not employ cookies orsimilar technologies to monitor your behavior, with the exception of functionalcookies that are essential for the operation of our website. The placement ofthese functional cookies does not require your consent, which is why we do notdisplay a cookie banner.

All legal assessment tools are accessibleon our webpage through the embedded code of Microsoft Forms. Visitors canconveniently utilize them by clicking directly from the frontend page of ZeroGravity. According to Microsoft, when forms are shared anonymously (such as ourembedded assessment tools on the webpage), the system neither collects norstores the IP addresses of respondents.

RECIPIENTSAND TRANSFERS OF PERSONAL DATA

We will not share your personal data withany other third parties, apart from, in certain cases, our service providers.Any such processing by our service providers will take place on our behalf andunder our instructions as stipulated in data processing agreements we have inplace with them.

We currently store and process yourpersonal data in Europe. If we will transfer your personal data outside theEU/EEA, either directly by us or through our service providers, we ensure thatadequate safeguards are in place to require that your personal data remainprotected in accordance with this Notice and applicable data protection laws.We will do this through one of the following measures:

(i)         By transferring the personaldata to a country that is on the European Commission’s list of Third Countrieswith an adequate level of protection, or;

(ii)       By implementing a validtransfer mechanism (such as controller-to-processor standard contractualclauses that have been approved by the European Commission), as applicable fromtime to time, for the transfer of personal data to Third Countries that are noton the EU Commission’s list as described in point (i).

If a standard contract is deemedineffective due to national law of the country of destination, we will takeadditional technical, organisational, or contractual measures to ensure anadequate level of protection when transferring personal data to countriescovered by paragraph (ii) above.

 

YOUR DATA PROTECTION RIGHTS

You can read more about your dataprotection rights in our general privacy notices here.You can exercise your rights by send us an email at privacy@synch.law.