Privacy Policy

This Privacy Policy describes the ways in which BackOffice Associates, LLC d/b/a Syniti, on behalf of itself and its parent, subsidiary, and affiliated companies (“Syniti”, “we”, “our”, or “us”), may collect, process, use, and disclose information about you through websites, social media properties, applications, meetings, phone calls, contractual and precontractual business activities, your visit to our office, other online services operated by us, and Syniti-hosted or co-branded events, trainings, and contests (collectively, the “Services”), and the choices you can make about the way your information is collected and processed through the Services. By using any Service, you consent to the processing of your information as set forth in this Privacy Policy, now and as may be amended by us from time to time.

We enter into contracts with our customers (“Customers”) for Syniti products or services. The processing of personal information in the context of Customer applications (“Customer Application”) that are built on or incorporate Syniti software or cloud services is controlled by the Customer and is subject to the Customer’s privacy policy and practices, which may differ from this policy.

What Type of Information Do We Collect and Receive?

We and our service providers may collect and receive personal information and other information from a variety of sources that generally fall into the following three categories:

Direct Interactions: Data from your use of and interaction with us through any Service, social media channel, and/or other activity such as account creation, Customer support requests, interactions related to a pending or signed contract or testing, submissions of registrations and posting to forums, or sales inquiries and transactions.

Automated Interactions: Data from use of technologies, including, but not limited to, electronic communication protocols, cookies, embedded URLs or pixels, or widgets, buttons and tools.

Publicly Available Data or Data from Third Parties: Data from automated interactions on non-

Publicly Available Data or Data from Third Parties: Data from automated interactions on non-Syniti websites, or any other data you may have made publicly available, such as social media posts, or data provided by third party sources, such as marketing lists, alliance or partner referrals, or data aggregators.

1. Direct Interactions
   You, or the organization you work for, may submit data that includes your name, contact information such as a physical address, email address, phone number, username, password, employer and job title, activity logs, and registration information to us when using the Services. We also collect and receive information when you:
   • Create a Syniti account;
   • Participate in our message boards and discussion forums;
   • Interact with us on social media or the Services;
   • Apply for a job (our Candidate Privacy Policies can be found here: CCPA, GDPR);
   • Make a purchase (e.g. purchases of or related to Syniti Services);
   • Participate in polls and surveys;
   • Register for events, courses, and training;
   • Sign up to receive electronic newsletters and other materials;
   • Download or request software, product upgrades, reports, and other information;
   • Submit a partner or reseller questionnaire;
   • Submit an RFP or customer questionnaire;
   • Interact with us in relation to a pending or signed agreement;
   • Participate in the Syniti Virtual Summit or similar events;
   • Submit an application for Syniti alliances; or
   • Contact us with a question, comment, or request, including requests for technical support.

   The information that you provide us may include one or more of the following:

   • Your name, your photograph, your video image or biometric information, your voice recording or transcript of such recording, your title, your company, and contact information such as your physical address, email address, and phone number;
   • Username, password, and other registration information;
   • Transaction-related information;
   • Information you provide when submitting a support request;
   • Information you provide when submitting an employment application;
   • Information you provide when you make a request or otherwise contact us;
   • Information that you provide when attending a Syniti event, live or virtual or co-sponsored by Syniti;
   • Information about your business, business plans, and other items or materials contained in your application for Syniti alliance programs; and
   • Any other information you choose to make public on as part of the contractual or precontractual relationship or as related to the Services (e.g. information shared with other users on Syniti’s community boards, syniti.com, and other online communities (collectively, “Online Communities”).

   When you use a Service, we will collect and store information about your use of these Services, including contracts you negotiate and sign, RFPs and questionnaires you submit, Syniti events you attend, Syniti communities in which you participate, training and courses you register for, training and courses you complete, and certifications that you receive.

   We only collect sensitive personal information when you voluntarily provide us with this information or if you consent. Syniti will not use sensitive personal information unless you consent to use it for our business purposes, including carrying out and supporting human resources functions and activities. The definition of “sensitive personal information” may vary by law, and generally includes personal information regarding a person’s race, ethnicity, political beliefs, trade union membership, religious or similar beliefs, physical or mental health, disabilities, biometrics, precise geolocation, sexual orientation, or criminal record.

2. Automated Interactions
   Automated Interactions through our Services and the search terms you enter on the Services allow us to recognize you and personalize your experience if you return to a Service, to improve the Services and the products and services we provide, and to provide you with advertisements targeted to your interests (commonly referred to as “Targeted Advertisements”). We and our service providers may collect and store this information using “cookies,” which are small text files that many websites save on your computer when you visit and access when you return, or similar technologies. For more information about the use of cookies on the Services, please review your Cookie Preferences, available by clicking on the Cookie Preferences link on www.syniti.com.

   We and our service providers also use Google Analytics, which collects and processes certain technical information from your computer or mobile device such as the web address of the page that you are visiting and your Internet Protocol address. More information can be found at “How Google uses data when you use our partners’ sites or apps,” located at https://www.google.com/policies/privacy/partners. To opt out from collection of your information via Google Analytics, please visit https://tools.google.com/dlpage/gaoptout.

   To customize your experience, our mobile applications may collect precise information about the location of your mobile device, but only with your express consent. Once you have consented to the collection of the precise location of your mobile device, you may adjust this consent by managing your location services preferences through the settings of your mobile device.

3. Publicly Available Data or Data from Third Parties
   We may collect or receive business-related information about you from public sources and various third parties, including providers of marketing lists. Information from public sources may include business contact data obtained from search information providers (e.g. Google) or social media (e.g. LinkedIn). We may also occasionally purchase third party marketing lists of business contact data in order to send direct marketing communications.

How Do We Use this Information?

Personal data transferred to us by a Customer (“Customer Data”) will be processed in accordance with the Customer’s instructions as set forth in our contract with that Customer (“Customer Agreement”) and as required by applicable law. Customer may use our cloud services to grant and remove access to a Customer Application; assign roles and configure settings, access, modify, export, share and remove Customer Data; and otherwise apply its policies to the Customer Application. If your personal information is being processed as Customer Data and you wish to exercise any rights you may have to access, correct, update, port, or delete such personal information, please inquire directly with the Customer.

We may process and use your personal data and other information that we collect or receive for a number of purposes as necessary to fulfill contractual obligations and other lawful bases, including our legitimate interest in engaging in commerce; offering products and services; performing due diligence on Customers, prospects and business partners; preventing fraud; ensuring information and network security; conducting direct marketing; and complying with industry practices, including:

• Delivering and performing a Service;
• Providing you with the products, pricing, services, or information you request;
• Supporting your Customer or alliance relationship with us (e.g. notifying you of a product update or for billing, account management, and other administrative matters);
• Processing any transactions you have authorized;
• Processing an employment application;
• Verifying your identity;
• Evaluating your application for Syniti alliance programs;
• Providing you with information about a Service or required notices;
• Delivering Targeted Advertisements and other marketing communications, promotional materials, or advertisements that may be of interest to you (e.g. if you view a webpage about a particular product or service, we or a service provider of ours may later display an advertisement for a related product or service on a different webpage that you visit through a Service or on another website that has a relationship with the service provider);
• Allowing us to improve a Service and the products and services we provide (e.g. by improving the tailoring of our content to users’ needs and interests);
• Developing new products; facilitating product, software and applications development; and conducting research, analysis, studies or surveys and identifying usage trends;
• Generating and analyzing statistics about your use of a Service; and
• Detecting, preventing, and responding to fraud, intellectual property infringement, violations of our Terms of Use, violations of law, or other misuse of a Service.
• Complying with our legal obligations under applicable laws to protect our rights or enforce our agreements, pursuing remedies available to us, or complying with lawful requests or judicial proceedings; and
• Pursuing accounting, recordkeeping, security records and legal functions to meet our regulatory obligations.

We may use your personal information to interact with you on third party social networks. Our interactions with you on a third-party social network are subject to that network’s privacy policies and terms of use.

We also provide social computing tools on some of our websites to enable online sharing and collaboration among members who have registered to use them. These include forums, blogs, and other social media platforms. Information will be subject to and protected in accordance with this Privacy Policy, except for the information that is automatically made available to other participants as part of your profile or information you post on blogs and forums.

We may combine or aggregate any of the information we collect or receive through the Services or elsewhere (e.g. through telephone, email, social media interactions, personal contact with us or our employees, product registration, call centers, or public events such as trade shows or live events) for the purposes listed above.

When you make a purchase using a credit card on the Services, your credit card information is transmitted directly to our third-party payment processor. We do not store your credit card information, and the third-party payment processor does not share your credit card information with us.

If you submit an application for Syniti alliance programs, we may use your application and all information and materials included in your application for conducting due diligence, evaluating potential business transactions, and tracking applicants, founders, investors, and companies.

To the extent that our processing of your personal data is subject to the General Data Protection Regulation (GDPR) or other privacy laws, we may rely on the legal bases described above to process your personal data. We may also process your personal data for direct marketing purposes and for administration of contractual and precontractual relationships. You have a right to object to our use of your personal data for this purpose at any time.

If you have questions about our legal basis for processing your data, please contact us at privacy@syniti.com

If you believe our processing of your personal data is inconsistent with applicable data protection laws, you may lodge a complaint with your local supervisory data protection authority.

Why Do We Collect This Information?

We use personal information from consumers, customers, suppliers and others (a) to respond to their requests, (b) to evaluate the quality of our products and services, (c) to communicate with them about our products, services and related issues, (d) to notify them of and administer offers, contests, sweepstakes and other promotions, and (e) for internal administrative and analytical purposes, and (f) to comply with our legal obligations, policies and procedures. We also collect or have access to personal data from our employees, including the following types: contact information, for example, name and personal email address and phone number; date of birth; gender; government-issued identification; information, visa or passport information; educational, employment or military service history; work eligibility and/or authorization; job performance and compensation information; bank account or other financial account information; and other information that an employee may provide.

With regards to personal information from our employees, we use such personal information to carry out and support human resources functions and activities, which may include: (i) recruiting and hiring job applicants; (ii) managing employee communications and relations; (iii) providing compensation and benefits; (iv) administering payroll; (v) processing corporate expenses and reimbursements; (vi) managing employee participation in human resources plans and programs; (vii) carrying out obligations under employment agreements; (viii) managing employee performance; (ix) conducting training and talent development; (x) facilitating employee relocations and international assignments; (xi) managing employee headcount and office allocation; (xii) managing the employee termination process; (xiii) managing information technology and communications systems, such as the corporate email system and company directory; (xiv) conducting ethics and disciplinary investigations; (xv) administering employee grievances and claims; (xvi) managing audit and compliance matters; (xvii) complying with applicable legal obligations, including government reporting and specific local law requirements; and (xviii) other general human resources purposes. We also may obtain and process personal information about our employees’ emergency contacts and other individuals (such as spouse, family members, dependents and beneficiaries), to the extent employees provide such information to us. We process this information to comply with its legal obligations and for benefits administration and other internal administrative purposes.

Under What Circumstances Do We Disclose This Information?

We may disclose the information we collect and receive about you to:

• Our affiliates and subsidiaries worldwide for business purposes, including Customer support, contractual and pre-contractual administration, marketing, technical operations, and account management purposes;
• Service providers and suppliers worldwide who work on our behalf and who have agreed to keep the information confidential and use the information solely to carry out the services that they are performing for us, including, but not limited to, hosting, storage, data analysis, implementation, and assisting us with reviewing your application for Syniti alliance programs;
• Third party and alliances worldwide for our marketing, advertising, events, promotions, or other similar purposes, including event sponsors and third party data enrichment providers who help us keep your business contact information (e.g. name, title, company, work email address; etc.) complete, current, and accurate;
• Your employer if it is our Customer or alliance;
• Other users of our Services consistent with your privacy settings;
• As required by law, such as to comply with a subpoena or other legal process, a court order, or government reporting obligations;
• Other third parties with your consent;
• When we believe in good faith that disclosure is necessary (a) to protect our rights, the integrity of any Service, or your safety or the safety of others, or (b) to detect, prevent, or respond to fraud, intellectual property infringement, violations of our Terms of Use, violations of law, or other misuse of any Service; and
• Service providers, advisors, and other third parties worldwide to the extent reasonably necessary to proceed with the negotiation or completion of a merger, acquisition, financing, public offering of securities, reorganization, or sale of all or a portion of our assets.
• In addition, we may share de-identified information, such as reports on user demographics and traffic patterns, with third parties. We will not sell information that can personally identify you to others and sharing with third parties is as set forth in this Privacy Policy.

We may enable you to post information to certain parts of the Services, such as the Online Communities. Information you disclose through any Online Communities may be publicly available. We urge you to exercise discretion and caution when deciding to disclose personal information, or any other information, through any Online Community. By using any Service, you agree to adhere to all applicable copyright laws.

A Service also may contain links to third party websites and applications for your convenience and information. We do not control those third-party websites and applications or their privacy practices, which may differ from our own. You acknowledge and agree that we are not responsible for the collection and use of your information by third party websites and applications that are not under our control, and such information is not governed by this Privacy Policy.

How Is Your Information Secured?

We strive to maintain reasonable and appropriate administrative, technical, and physical safeguards designed to safeguard the information collected by the Services from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the information. However, no information system can be 100% secure, so we cannot guarantee the absolute security of your information. Moreover, we are not responsible for the security of information you transmit to the Services over networks that we do not control, including the Internet and wireless networks.

Where Is This Information Processed?

Information collected through the Services may be processed using resources and servers located in various countries around the world, including but not limited to the United States, Canada, Mexico, Brazil, United Kingdom, Germany, France, Spain, Poland, the Netherlands, Switzerland, Sweden, United Arab Emirates, India, Japan, Singapore, the Philippines, and Australia. Therefore, your personal information may be transferred, processed, and stored outside the country where your information was collected by using or attending a Service. By using a Service, you consent to such transfer to, and processing and storage in, the United States and other countries.

International Transfer from the European Union

We, our affiliates, and/or third parties may transfer your information outside the country in which you are located, including the United States. Such countries may not offer the same level of protection as in other parts of the world regarding data protection and privacy regulations. By providing us with your information and confirming your consent, you agree to such transfer and/or processing. We will take all steps reasonably necessary to ensure that your data is transferred and processed securely in accordance with the terms of this notice.

By providing us with your information and confirming your consent, you agree to such transfer and/or processing. When we transfer your data outside of EEA, the UK or Switzerland we will implement appropriate safeguards to protect your data in a manner which provides a degree of protection similar to the EU (or UK or Switzerland as applicable). To achieve this (i) we put in place intercompany agreements incorporating Standard Contractual Clauses with our affiliates outside of the EEA, (ii) we rely on Standard Contractual Clauses or other lawful transfer mechanisms approved by the European Commission with our third-party providers outside of the EEA (or UK or Switzerland as applicable), (iii) we also adopted certain supplementary measures such as technical measures, including, where applicable, government access procedures, data minimization, encryption, enhanced access controls, or sharing with protected recipients and updated policies for reviews of data requests.

We remain accountable for processing of the personal data in case of onward transfer.

Data Privacy Framework Notice

Syniti complies with  the EU-U.S., UK-U.S. and Swiss-U.S. Data Privacy Frameworks as set forth by the U.S. Department of Commerce with respect to personal information that is transferred from the European Economic Area, the United Kingdom and Switzerland to the United States. Syniti has certified to the the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regards to the processing of personal information received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. KPMG has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal information received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Statement and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework, and to view our certification, please visit https://www.dataprivacyframework.gov/.

To learn more, see our Data Privacy Framework Notice https://www.syniti.com/data-privacy-framework-notice/.

Controller of Data

Data protection laws in certain jurisdictions differentiate between the “controller” and “processor” of personal data. In general, our Customers are the controller of Customer Data and we are the processor of Customer Data. For other personal data, we may be the controller of such personal data. Different Syniti entities provide the Services in different parts of the world. For Customer Data, the processor is the entity with which the Customer has contracted to provide the Customer Application. Our contact information for Customers is contained in the relevant Customer Agreement. For other personal data, BackOffice Associates, LLC d/b/a Syniti is the controller, if applicable, and you may contact us as privacy@syniti.com.

Data Retention

We will retain Customer Data in accordance with the applicable terms in the Customer Agreement and as required by applicable law. The Customer may be able to customize its retention settings and apply those customized settings depending on the Syniti product.

We may retain other information pertaining to you for as long as necessary for the purpose described in this Privacy Policy. This may include keeping your personal data after you have deactivated your Syniti account for the period of time needed for us to pursue legitimate business, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes, and enforce our agreements.

Your Individual Rights

If you reside in certain states or in certain countries, including within the European Union, you may have one or more of the following rights available to you under the data protection laws in relation to your personal data: the right to access, update, correct, receive, port, object, delete, or restrict processing of your personal data.

Access – In certain jurisdictions, you have the right to request that we disclose certain information to you about our collection and use of your personal information. To require access to your personal data that we have collected, used, or disclosed, please contact privacy@syniti.com, or in states where this information can be requested by phone, by calling (833)769-1760.

Update or Correct – To update or correct your personal data, please contact privacy@syniti.com.

Port – To request a copy of your personal data that we have collected about you in a commonly used and machine-readable format, please contact privacy@syniti.com.

Object – To object to processing of your personal data, please contact privacy@syniti.com.

Opt-Out, Delete or Restrict Processing – To opt-out, delete or change how we process your personal data for marketing purposes, please contact privacy@syniti.com or the unsubscribe instructions from Syniti marketing emails can be followed for Opt-Out. For all other processing purposes, to opt-out, delete or change how we process your personal data, please email privacy@syniti.com.

If your personal data is processed based on your consent, you may withdraw your consent any time, without affecting the lawfulness of our processing based on such consent before was withdrawn.

To exercise any of the above-listed rights (with the exception of the right to lodge a complaint with a Data Protection Authority (“DPA”), which you may do directly to a DPA), please follow the instructions above or contact us at privacy@syniti.com. We will process any requests in accordance with applicable laws and within a reasonable period of time (e.g., 30 days for certain requests under the GDPR). We may need to verify your identity before processing your request.

We may take reasonable steps to authenticate your request and request information to verify you identify, considering the context of your request and your reasonable expectations.

General Data Protection Regulation (“GDPR”)

The General Data Protection Regulation (EU) 2016/679 (“GDPR”) aims to protect the personal data and uphold data privacy rights of anyone in the European Union territory by requiring organizations to lawfully process and safeguard their personal data.

The processing of data by Syniti may include “Personal Information” of individuals from the European Union. Syniti is committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. Syniti has implemented this Privacy Policy that explain our measures to comply with GDPR.

Syniti has internal policies and organizational procedures for the security and protection of data and confidential information. Syniti enters into confidentiality and data protection agreements with its sub-processors that include standard contractual clauses for data transfers as applicable.

For more information on the measures that Syniti takes to comply with the GDPR, please refer to the applicable sections of this Privacy Policy. To review your individual data rights under the GDPR, please refer to the section of this Privacy Policy titled “Your Rights.”

US States (including California Consumer Privacy Act (“CCPA”)/California Privacy Rights Act (“CPRA”))

CCPA/CPRA

California law permits users who are California residents to request and obtain from us once a year, free of charge, a list of third parties to whom we have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year.

Effective January 1, 2020, the CCPA allows California residents, upon a verifiable consumer request, to request that a business which collects consumers’ personal information give consumers access in a portable and (if technically feasible) readily usable form, the specific pieces and categories of personal information that the business has collected about the consumer, the categories of sources for that information, the business or commercial purposes for collecting the information, and the categories of third parties with which the information was shared. California residents also have the right to submit a request for deletion of information under certain circumstances. Consistent with California law, if you choose to exercise your rights, we won’t charge you different prices or provide different quality of services unless those differences are related to your information.

We do not and will not sell your personal information to third parties. We do not sell the personal information of minors (see “Children’s’ Information” below). We describe how we use and shared your information in section “How do we use your information”.

Effective January 1, 2023, the CPRA expanded rights and regulations relating to California residents’ personal information. We strive to collect, store, and disclose personal information in compliance with the CPRA and administer our privacy program accordingly. These measures include requiring explicit consent for the collection and use of personal information for a purpose unrelated or incompatible with the purposes for collection or processing, providing for special treatment of sensitive personal information where applicable, and implementing contractual and due diligence safeguards in vendor relationships.

You or your authorized agent as defined under CCPA Section 999.326 (with proof that such agent has been authorized on your behalf) can exercise your rights related to the use, transfer and sharing of your data under CCPA using contact information given in section “Your Rights.”

Children’s Information

The Services are not directed to, nor do we knowingly collect information from, children under the age of 16. If you become aware that your child or any child under your care has provided us with information without your consent, please contact us through the means listed below.

Changes to this Privacy Policy

If we update this Privacy Policy, we will notify you by posting a new Privacy Policy on this page and updating the revision date below. If we make any revisions that materially change the ways in which we use or disclose the information previously collected from you through a Service, we will give you the opportunity to consent to such changes before applying them to that previously collected information.

Contact Us

If you have any questions about this Privacy Policy or our use of your information collected through the Services, please contact privacy@syniti.com. Our address is BackOffice Associates, LLC d/b/a Syniti, 115 4th Ave., Suite 205, Needham, MA 02492, Attn: Chief Compliance Officer.