Privacy Policy

Last Updated: April 24, 2020

Preface

This privacy policy (“Policy”) applies to the Service operated by Servably, Inc. (“SyncroMSP” “Syncro” “we” or “us”) with mobile applications and a website located at www.syncromsp.com (the “Service”). The Policy is designed to tell you how we collect and use personally identifying information (“PII”) (as defined below) so you can make an informed decision about using our Service. Please read this statement before using our Service or submitting any PII to us. By using our Service, you represent that you are 14 years old or older and you consent to the information collection and use practices described herein. We reserve the right to change the provisions of this privacy policy at any time by posting a revised privacy policy on the Site and indicating on the privacy policy the date it was last updated. Your use of the Service following the posting of such changes or revised statement shall constitute your acceptance of any such changes. We encourage you to review our privacy policy whenever you use our Service to determine if any changes have been made and to make sure that you understand how any PII you provide will be used.

What is “PII”?

As used herein, the term “PII” generally means information that specifically identifies an individual (such as user’s name, address, telephone number, e-mail address, credit card or other account number or geophysical location) or that is associated with an identifiable person (such as demographic information or information about a person’s activities when such information is linked to personally identifying information). PII does not include “aggregate” information, which is data we collect about the use of the Service or categories of Service users, from which any PII has been removed. For example, information that forty-six percent of the Service’s registered users identify themselves as male, is aggregate information. We collect aggregate data for a number of purposes, including to help us understand trends and user needs. This policy in no way limits or restricts our collection of aggregate information.

What PII do we collect?

We do not collect any PII from mere visitors to the Site or Service. Your email address may be collected when you send us an email. If you register (as defined in the SyncroMSP User Access and License Agreement), we will collect your email address, name, organization information, address and credit card and/or other account information and possibly photos.

What other information do we collect?

When you visit our Site, some information is also automatically collected through the use of log files, such as your computer’s Internet Protocol (IP) address, your computer’s operating system, the browser type, hashed identifiers derived from email addresses for the purposes of cross-device tracking for targeting advertising, the address of a referring web Service and your activity on the Service. We use this information for purposes such as analyzing trends, administering the Service, improving customer service, diagnosing problems with our servers, tracking user movement, and gathering broad demographic information for aggregate use. We may also automatically collect certain information through the use of “cookies.” Cookies are small data files that are stored on a user’s hard drive at the request of a Web Service to enable the Service to recognize users who have previously visited them and retain certain information such as customer preferences and history. If we combine cookies with or link them to any of the PII, we would treat this information as PII. If you wish to block, erase, or be warned of cookies, please refer to your browser instructions or help screen to learn about these functions. However, if your browser is set not to accept cookies or if a user rejects a cookie, you will not be able to sign in to your SyncroMSP account and will not be able to access certain Service features or Services.

We may also use third parties to provide certain functionalities or to collect, track and analyze non-personally identifiable usage and statistical information from users, such as the user’s browser type, operating system, browsing behavior and demographic information. These third parties may collect PII from you in connection with the Services they provide and may place cookies, web beacons or other devices on your computer to collect nonpersonal information which may be used, among other things, to deliver advertising targeted to your interests and to better understand the usage and visitation of our Service and the other Services tracked by these third parties. We are not responsible for, and do not control, any actions or policies of any third party service providers.

Usage and Disclosure

We do not sell information to third parties. SyncroMSP only uses your PII to send you the communications noted below and as necessary to provide the Services, as described below.

PII may be used in one or more of the following ways:

• To publicly display information in a manner selected by our customers to their customers.
• To register a customer and process payments. Credit card processing is performed by a PCI compliant third party processor and such information is not processed or retained by SyncroMSP.
• To have a record of who posted content to the Service.
• To send periodic emails: The email address you provide may be used to send you information and updates pertaining to the Services, and, if you do not “opt out”, to send you occasional company news, updates, or related product or service information.

We do not sell, share, or rent any PII to others in ways different from what is disclosed in this Policy without first obtaining your consent, although we may provide aggregate information or other non-personal information to third parties without your authorization. We may share your contact information with third parties if you have indicated to us that you wish to receive information from such parties. In the event that we engage or partner with third party vendors, consultants or other service providers in connection with the operation of our business (“Service Providers”), we may share PII with such Service Providers who need access to such information to carry out their work for us. You should also note that information that you provide to us for posting to the Service will be posted for display in the manner you select. Your posting of such information to our Service constitutes your consent to display such information in such manner. We also may disclose personal information when we are required to or we believe it is appropriate to comply with the law (e.g., a lawful subpoena, warrant or court order); to enforce or apply this privacy policy or our other policies or agreements; to initiate, render, bill, and collect for amounts owed to us; to protect our or our customers’ rights, property or safety; to protect our customers from fraudulent, abusive, or unlawful use of our Service or Service; or if we believe that an emergency involving the danger of death or serious physical injury to any person requires disclosure of communications or justifies disclosure of personal information. In addition, information about our customers, including personal information, may be disclosed as part of any merger, acquisition, debt financing, sale of SyncroMSP assets, as well as in the event of an insolvency, bankruptcy or receivership in which personally identifiable information could be transferred to third parties as one of the business assets of the SyncroMSP.

Please note: The Service may contain links to other Services. Please be aware that although we may participate in or utilize such other Services, we are not responsible for the privacy practices of such other Services. We encourage you to be aware when you leave our Service and to read the privacy policies of any Web Service that collects personally identifiable information. Similarly, if you entered this Service through another Web Service, we are also not responsible for the privacy practices of that Service, and you should review the privacy policy of the originating Service before providing any personal information to that Service. This privacy policy applies solely to information collected by us.

Google. Our Services use Google Analytics to help analyze how users use the Services. The tool uses “cookies,” which are text files placed on mobile device, to collect standard Internet log information and visitor behavior information in an anonymous form. The information generated by the cookie about your use of the Services (including IP address) is transmitted to Google. This information is then used to evaluate visitors’ use of the Services and to compile statistical reports for SyncroMSP.

What steps do we take to protect your information online?

SyncroMSP endeavors to secure your personal information from unauthorized access, use or disclosure by putting into place physical, electronic and managerial procedures to safeguard the information we collect through this Service. Credit card information is encrypted during transmission and payment processing is performed by a PCI compliant third party processor and such information is not processed or retained by SyncroMSP. Other account information is accessible online only through the use of a password and data fields calling for personally identifying information are encrypted when in storage and in transmission. Please be aware, however, that despite our efforts, no security measures are perfect or impenetrable. To protect the confidentiality of your personal information, you must keep your password confidential and not disclose it to any other person. You are responsible for all uses of the Service by any person using your password. Please advise us immediately by emailing us at help@syncromsp.com if you believe your password has been misused. You should also note that email is not secure, and you should not send any confidential or sensitive information to us via an unsecured email.

Data Privacy for California Residents

This section applies solely to visitors and users of our Site and services who reside in the State of California. We have adopted this notice to comply with the California Consumer Privacy Act of 2018 (the “CCPA”) and the California Online Privacy Protection Act (“CalOPPA”), and any terms defined in the CCPA or CalOPPA have the same meaning when used in this notice.

For the purposes of this section “California Data Subject” shall mean: (1) an individual who is in the State of California for other than a temporary or transitory purpose, and (2) an individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose.

Information We Collect

Syncro collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California Data Subject or device (“personal information”). In particular, Syncro has collected the following categories of personal information from California Data Subjects within the last twelve (12) months:

Sources of Personal Information

Syncro obtains the personal information listed above from the following sources:

Use of Personal Information

We may use or disclose the personal information we collect for one or more of the following business purposes:

A.    To fulfill the purpose for which you provided the information. For example, if you share your name and contact information to request a price quote or ask a question about our products or services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may use personal information you provide us to provide technical support.  In addition, we may use the above information:

a. To provide, support, personalize, and develop our websites, products, and/or services;

b. To create, maintain, customize, and secure your account with us;

c. To process your requests, purchases, transactions, and payments and prevent transactional fraud;

d. To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses;

e. To help maintain the safety, security, and integrity of our Website, products and services, databases and other technology assets, and business;

f. To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations; and

g. As described to you when collecting your personal information or as otherwise set forth in the CCPA.

Syncro will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Your Rights and Choices

This section describes your CCPA rights and explains how to exercise those rights.

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and verify your request, we will disclose to you:

A. The categories of personal information we collected about you;

B. The categories of sources for the personal information we collected about you;

C. Our business or commercial purpose for collecting or selling that personal information;

D. The categories of third parties with whom we share that personal information;

E. The specific pieces of personal information we collected about you (also called a data portability request);

F. If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:

a. sales, identifying the personal information categories that each category of recipient purchased; and

b. disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and verify your request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service providers to:

A. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;

B. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;

C. Debug products to identify and repair errors that impair existing intended functionality;

D. Exercise free speech, ensure the right of another California Data Subject to exercise their free speech rights, or exercise another right provided for by law;

E. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.);

F. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent;

G. Enable solely internal uses that are reasonably aligned with California Data Subject expectations based on your relationship with us;

H. Comply with a legal obligation; and

I. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

To exercise the access, data portability, and deletion rights described above, please submit a verifiable California Data Subject request to us by sending us an email at help@syncromsp.com or calling us at +1 856-579-6276.

Only you or a person registered with the California Secretary of State, that you authorize to act on your behalf, may make a verifiable California Data Subject request related to your personal information. You may also make a verifiable California Data Subject request on behalf of your minor child.

You may only make a verifiable California Data Subject request for access or data portability twice within a twelve (12) month period. The verifiable California Data Subject request must:

A.  Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and

B.    Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.  Making a verifiable California Data Subject request does not require you to create an account with us. We will only use personal information provided in a verifiable California Data Subject request to verify the requestor’s identity or authority to make the request.

We aspire to respond to a verifiable California Data Subject request within forty five (45) days of receipt of the request.  If we require more time (up to ninety (90) days) we will inform you of the reason(s) why an extension is needed and how long we anticipate the period to be.  Any disclosure we provide will only cover the twelve (12) month period preceding the receipt of your request. If applicable, the response may provide the reasons why we cannot comply with your request.  For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable California Data Subject request unless it is excessive, repetitive, or manifestly unfounded.  If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.  We reserve the right to refuse to respond to verifiable California Data Subject requests that are excessive, repetitive, or manifestly unfounded.

Right of Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. We will not take any of the following actions against you in response to an exercise of your rights:

A.  Deny you goods or services.

B.    Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.

C.    Provide you a different level or quality of goods or services.

D.    Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

California Do-Not-Track Disclosures

Syncro does not track its customers over time and across third party websites to provide targeted advertising and therefore does not respond to Do Not Track (DNT) signals.  Third parties that have content embedded on Syncro’s websites, software, or mobile applications (e.g. social features) may set cookies on a user’s browser and/or obtain information about the fact that a web browser visited a specific Syncro website from a certain IP address.  Third parties cannot collect any other personal identifiable information from Syncro’s websites unless you provide it to them directly.

Privacy Notice for EU Residents

This Section governs personal data, information relating to an identified or identifiable natural person, gathered from data subjects located in the EU only.

General Data Protection Regulation (“GDPR”) Information

The following information describes our commitments to you under EU General Data Protection Regulation (“GDPR”).

The GDPR makes a distinction between organizations that process personal data for their own purposes (known as “Data Controllers”) and organizations that process personal data on behalf of other organizations (known as “Data Processors”). Syncro only acts as a Data Controller for very limited types of data, such as the information you enter when you register an account on our website or the information you submit when purchasing our software.

When We Act as a Data Controller

When we process your data as a Data Controller, the following applies.

We collect, use, and share your personal data where we are satisfied that we have an appropriate legal basis to do this. This may be because:

• Consent:  Our use of your personal data is in accordance with your consent. If we process your personal data based on consent, you will be asked for said consent at or before the time of data collection. You may withdraw your consent at any time, and will not suffer any detriment for withdrawing your consent.
• Contract: Our use of your personal data is to fulfill a contract between us and you. 
• Legal Obligation: Our use of your personal data is necessary to comply with a relevant legal or regulatory obligation that we have (for example, where we are required to disclose personal data to a court); or
• Legitimate Interest: Our use of your personal data is for a legitimate interest of ours, such as fraud prevention and ensuring our network’s security.
  

Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, EU residents have certain rights in relation to their personal data:

• Right to Access: You have the right to access to your personal data that is being processed; specifically, you may request to view your personal data and obtain copies of your personal data.
• Right to Rectification: You have the right to request modifications to your personal data if it is out of date or inaccurate. In some circumstances, you may be able to exercise this right, in whole or in part, through your existing account with us.
• Right of Erasure: You have the right to ask that we delete your personal data.  However, we are not required to comply with your request to erase personal data if the processing of your personal data is necessary for compliance with a legal obligation, or for the establishment, exercise, or defense of legal claims.
• Right to Restriction of Processing: Under certain circumstances, you have the right to request we restrict processing your personal data You have the right to restrict the use of your personal data.  However, we can continue to use your personal data following a request for restriction (a) where we have your consent; (b) to establish, exercise or defend legal claims; or (c) to protect the rights of another natural or legal person.
• Right to Data Portability: To the extent that we process your information (i) based on your consent or under a contract; and (ii) through automated means, you have the right to receive such personal data in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller.
• Right to Object: You have the right to object to the processing of your personal data. However, we may still process your personal data if we demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
• Right to Object to Automated Processing:  You have the right to object to decisions based on automated processing, such as where a computer assesses factors in the data we collect about you and makes a determination.
  

We retain your personal data for as long as necessary to provide you with our services, or for other important purposes such as complying with legal obligations, resolving disputes, and enforcing our agreements.

We ask that you please attempt to resolve any issues regarding your data protection or requests with us first before contacting the relevant supervisory authority.  If you would like to exercise any of the rights described above, please send a request to [help@syncromsp.com]. In your message, please indicate the right you would like to exercise and the information that you would like to access, review, correct, or delete.

We may ask you for additional information to confirm your identity and for security purposes, before disclosing the requested personal data.

We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.

When Syncro Acts as a Data Processor

Where we process your data in our capacity as a Data Processor, the processing of your data will not be governed by the foregoing provisions (“When We Act As Data Controller”), but you can contact the Data Controller directly to learn about their processing of your information and to exercise your rights, or we will forward your request directly to them at your request.

Syncro’s “privacy by design” approach requires that our default user data protection levels be at the highest setting by default. In the unlikely event of breach, Syncro will notify data subjects and Supervisory Authorities (SAs) in the EU according to procedures provided in GDPR Articles 33 and 34.

EU-U.S. Privacy Shield Framework

As Syncro is a global company, we may need to transfer your personal data outside of the country from which it was originally provided. This may be intra-group or to third parties that we work with who may be located in jurisdictions outside the EEA, Switzerland and the UK which have no data protection laws or laws that are less strict compared with those in Europe.

Whenever we transfer personal data outside of the EEA, Switzerland or the UK, we take legally required steps to make sure that appropriate safeguards are in place to protect your personal data. For example, Syncro is Privacy Shield certified which means that it self-certifies to protect

personal data from the EEA, Switzerland and the UK in accordance with established data privacy

principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. You can learn more here. Feel free to contact us as set forth below for more information about the safeguards we have put in place to protect your personal data and privacy rights in these circumstances.

This section governs information collected in reliance on the EU-U.S. Privacy Shield Framework Principles for transfers of personal data from the EU to the United States. Syncro adheres to the Privacy Shield Principles (“Principles”) and is committed to subject to the Principles all personal data received from the EU in reliance on the Privacy Shield. Individuals from whom Syncro collects personal data under the Privacy Shield have the right to access their personal data by contacting Syncro at help@syncromsp.com. As a result of certification to the Privacy Shield, Syncro is subject to the investigatory and enforcement powers of the FTC or any other U.S. authorized statutory body.

Contact information for Syncro: help@syncromsp.com

You may access the Privacy Shield List here: https://www.privacyshield.gov/list

Lawful Requests

Syncro may be required to disclose personal data pursuant to lawful requests made by public authorities, including to meet national security or law enforcement requirements.

Inquiries and Complaints

We take safeguarding your privacy very seriously. If you wish to verify, correct or delete any personal data we have collected, or if you have any questions or concerns, or if you have any complaints, please contact us at [help@syncromsp.com].

Dispute Resolution

If you filed a complaint with Syncro and it has not been properly addressed, JAMS is designated by Syncro as the independent dispute resolution body to address complaints regarding Syncro’s collection of personal data and provide appropriate recourse. JAMS will not charge the complaining party for its services.  Follow this link to the complaint submission form for the above referenced independent dispute resolution body:
https://www.jamsadr.com/file-an-eu-us-privacy-shield-claim

Binding Arbitration

If your claims as to data have not been remedied through dispute resolution directly with Syncro or through independent dispute resolution as described above, such “residual claims” may be heard by a “Privacy Shield Panel” composed of one or three arbitrators as agreed upon by the parties.  The Privacy Shield Panel may only award individual-specific, non-monetary equitable relief (e.g. access, correction, deletion of the individual’s data in question) necessary to remedy the violation of the Principles only with respect to the individual.  Damages, costs, fees and other remedies may not be awarded, and each party bears its own attorney’s fees.  This arbitration option is only available for an individual to determine for such “residual claims” whether Syncro has violated its obligations under the Principles as to that individual and whether any such violation remains fully or partially unremedied.

Notice

When Syncro collects personal data from individuals, it will inform the individual of the purpose for which it collects and uses the personal data and the types of non-agent third parties to which Syncro discloses or may disclose that information. Syncro shall provide the individual with the choice and means for limiting the use and disclosure of their personal data. Notice will be provided in clear and conspicuous language when individuals are first asked to provide personal data to Syncro, or as soon as practicable thereafter, and in any event before Syncro uses or discloses personal data for a purp