General Data Protection Regulation (“GDPR”) Information
The following information describes our commitments to you under EU General Data Protection Regulation (“GDPR”).
The GDPR makes a distinction between organizations that process personal data for their own purposes (known as “Data Controllers”) and organizations that process personal data on behalf of other organizations (known as “Data Processors”). Syncro only acts as a Data Controller for very limited types of data, such as the information you enter when you register an account on our website or the information you submit when purchasing our software.
When We Act as a Data Controller
When we process your data as a Data Controller, the following applies.
We collect, use, and share your personal data where we are satisfied that we have an appropriate legal basis to do this. This may be because:
- Consent: Our use of your personal data is in accordance with your consent. If we process your personal data based on consent, you will be asked for said consent at or before the time of data collection. You may withdraw your consent at any time, and will not suffer any detriment for withdrawing your consent.
- Contract: Our use of your personal data is to fulfill a contract between us and you.
- Legal Obligation: Our use of your personal data is necessary to comply with a relevant legal or regulatory obligation that we have (for example, where we are required to disclose personal data to a court); or
- Legitimate Interest: Our use of your personal data is for a legitimate interest of ours, such as fraud prevention and ensuring our network’s security.
Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, EU residents have certain rights in relation to their personal data:
- Right to Access: You have the right to access to your personal data that is being processed; specifically, you may request to view your personal data and obtain copies of your personal data.
- Right to Rectification: You have the right to request modifications to your personal data if it is out of date or inaccurate. In some circumstances, you may be able to exercise this right, in whole or in part, through your existing account with us.
- Right of Erasure: You have the right to ask that we delete your personal data. However, we are not required to comply with your request to erase personal data if the processing of your personal data is necessary for compliance with a legal obligation, or for the establishment, exercise, or defense of legal claims.
- Right to Restriction of Processing: Under certain circumstances, you have the right to request we restrict processing your personal data You have the right to restrict the use of your personal data. However, we can continue to use your personal data following a request for restriction (a) where we have your consent; (b) to establish, exercise or defend legal claims; or (c) to protect the rights of another natural or legal person.
- Right to Data Portability: To the extent that we process your information (i) based on your consent or under a contract; and (ii) through automated means, you have the right to receive such personal data in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller.
- Right to Object: You have the right to object to the processing of your personal data. However, we may still process your personal data if we demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
- Right to Object to Automated Processing: You have the right to object to decisions based on automated processing, such as where a computer assesses factors in the data we collect about you and makes a determination.
We retain your personal data for as long as necessary to provide you with our services, or for other important purposes such as complying with legal obligations, resolving disputes, and enforcing our agreements.
We ask that you please attempt to resolve any issues regarding your data protection or requests with us first before contacting the relevant supervisory authority. If you would like to exercise any of the rights described above, please send a request to firstname.lastname@example.org. In your message, please indicate the right you would like to exercise and the information that you would like to access, review, correct, or delete.
We may ask you for additional information to confirm your identity and for security purposes, before disclosing the requested personal data.
We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
When Syncro Acts as a Data Processor
Where we process your data in our capacity as a Data Processor, the processing of your data will not be governed by the foregoing provisions (“When We Act As Data Controller”), but you can contact the Data Controller directly to learn about their processing of your information and to exercise your rights, or we will forward your request directly to them at your request.
Syncro’s “privacy by design” approach requires that our default user data protection levels be at the highest setting by default. In the unlikely event of breach, Syncro will notify data subjects and Supervisory Authorities (SAs) in the EU according to procedures provided in GDPR Articles 33 and 34.
Syncro may be required to disclose personal data pursuant to lawful requests made by public authorities, including to meet national security or law enforcement requirements.
Inquiries and Complaints
We take safeguarding your privacy very seriously. If you wish to verify, correct or delete any personal data we have collected, or if you have any questions or concerns, or if you have any complaints, please contact us at email@example.com.
When Syncro collects personal data from individuals, it will inform the individual of the purpose for which it collects and uses the personal data and the types of non-agent third parties to which Syncro discloses or may disclose that information. Syncro shall provide the individual with the choice and means for limiting the use and disclosure of their personal data. Notice will be provided in clear and conspicuous language when individuals are first asked to provide personal data to Syncro, or as soon as practicable thereafter, and in any event before Syncro uses or discloses personal data for a purpose other than for which it was originally collected.
In instances in which Syncro is not the controller or collector of the personal data, but only a processor, it has no means of providing individuals with the choice and means for limiting the use and disclosure of their personal data or providing notices when individuals are first asked to provide personal data to Syncro. In such instances, Syncro will comply with the instructions of the controller of such information; provide appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and to the extent appropriate, assist the controller in responding to individuals exercising their rights under the Principles.
Except as indicated in the next paragraph, in those instances in which Syncro collects personal data from individuals, such information will not be disclosed to any third party or used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. The only choice to be made by the user is whether to provide the information to Syncro for the purposes disclosed to the user at the time the user submits the information.
Disclosures to Third Parties
Syncro will not provide individuals’ personal data to third parties unless required by law enforcement or in the event of the acquisition of all of its business assets. In the latter event, prior to disclosing personal data to an acquirer, Syncro shall notify the individual of such disclosure and allow the individual the choice to opt out of such disclosure. Syncro shall ensure that any such acquirer subscribes to these principles or are subject to law providing the same level of privacy protection as is required by these principles and agree in writing to provide an adequate level of privacy protection. Syncro is liable under the Principles if, in the event of an onward transfer, its agent processes such personal information in a manner inconsistent with the Principles unless Syncro proves that it is not responsible for the event giving rise to the damage.
Syncro shall take reasonable steps to protect personal data from loss, misuse and unauthorized access, disclosure, alteration and destruction. Syncro has put in place appropriate physical, electronic and managerial procedures to safeguard and secure the information from loss, misuse, unauthorized access or disclosure, alteration or destruction. Syncro cannot guarantee the security of information on or transmitted via the Internet.
Syncro shall only process personal data in a way that is compatible with and relevant for the purpose for which it was collected or authorized by those who provided the information. To the extent necessary for those purposes, Syncro shall take reasonable steps to ensure that personal data is accurate, complete, current and reliable for its intended use.
In those instances in which Syncro collects personal data directly from individuals, Syncro shall allow those individuals access to their personal data and allow the individual to correct, amend or delete inaccurate information, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated.
Syncro is a part of Servably, Inc., any reference to Syncro is also a reference to Servably, Inc.
How can you correct and update your personal information, or obtain additional information?
If you have any questions or comments about this Policy or the practices relating to this Service, or you wish to verify, opt-out of, correct or delete any personal information we have collected, please contact us at firstname.lastname@example.org.
Please refer to our Knowledge Base article for GDPR Compliance information.