Syniti has self-certified to the Department of Commerce its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (collectively, the “Frameworks”) and by publishing this Notice, Syniti hereby publicly commits to comply with each of the Framework’s requirements by adopting and implementing the Privacy Shield Principals (the “Principals”). For more information, please visit the International Trade Administration of the United States Department of Commerce Privacy Shield Framework website located here. You may view Syniti’s certificate from the Department of Commerce here. By committing to comply with each of the Frameworks and the Principals, it is Syniti’s intent to meet and exceed the adequacy requirement for data protection under EU and Swiss law. If there is any conflict between the terms in this Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern.
I. Confirm Eligibility. FTC Jurisdiction.
The United States Federal Trade Commission has jurisdiction over Syniti’s compliance with the Principles.
II. Types of Personal Data We Collect.
Syniti collects personal data from individuals who visit the Websites, and individual representatives of its corporate customers who use and access the Syniti Services, as well as individual representatives of its suppliers and business partners.
From the Websites and the Syniti Services, Syniti may collect the following types of personal data:
- contact information, for example, name and email address;
- company information;
- Host Information; and
- Usage Information.
Syniti also collects or has access to personal data from Syniti Employees, including the following types:
- contact information, for example, name and personal email address and phone number;
- date of birth;
- government-issued identification information, visa or passport information;
- educational, employment or military service history
- work eligibility and/or authorization
- job performance and compensation information;
- bank account or other financial account information; and
- other information that an Employee may provide
III. Purposes of Collection and Use.
Syniti uses this information in order to operate, improve, and optimize the Websites and the Syniti Services, as well as generate leads for its sales and marketing teams. Syniti also uses Host Information and Usage Information alone or in combination with users’ Personal Information to provide its users (“Users”) of the Websites and Syniti Services with personalized information about Syniti, to provide the Syniti Services that a User requested, prevent or address technical issues, respond to support issues and to improve the Syniti Services. Syniti personnel and its authorized third-party agents may only access and use Personal Information if such individuals are authorized to do so and only for the purpose for which such individuals are authorized.
With regards to personal data from Syniti Employees, Syniti uses such personal data to carry out and support human resources functions and activities, which may include: (i) recruiting and hiring job applicants; (ii) managing Syniti Employee communications and relations; (iii) providing compensation and benefits; (iv) administering payroll; (v) processing corporate expenses and reimbursements; (vi) managing Syniti Employee participation in human resources plans and programs; (vii) carrying out obligations under employment agreements; (viii) managing Syniti Employee performance; (ix) conducting training and talent development; (x) facilitating Syniti Employee relocations and international assignments; (xi) managing Syniti Employee headcount and office allocation; (xii) managing the Syniti Employee termination process; (xiii) managing information technology and communications systems, such as the corporate email system and company directory; (xiv) conducting ethics and disciplinary investigations; (xv) administering Syniti Employee grievances and claims; (xvi) managing audit and compliance matters; (xvii) complying with applicable legal obligations, including government reporting and specific local law requirements; and (xviii) other general human resources purposes. Syniti also may obtain and process Personal Data about Syniti Employees’ emergency contacts and other individuals (such as spouse, family members, dependents and beneficiaries) to the extent Employees provide such information to Syniti. Syniti processes this information to comply with its legal obligations and for benefits administration and other internal administrative purposes.
IV. Sensitive Personal Information
The Websites and Syniti Services do not collect, store or use any Sensitive Personal Information.
V. Opting Out and Unsubscribing
Upon request Syniti will provide you with information about whether we hold any of your Personal Information. If you provide us with your Personal Information, you have the following rights with respect to that information:
- To review the user information that you have supplied to us;
- To request that we correct any errors, outdated information, or omissions in user information that you have supplied to us;
- To request that your user information not be used to contact you;
- To request that your user information be removed from any solicitation list that we use;
- To request that your user information be deleted from our records; and
- To opt out of being solicited by Syniti.
Each promotional email from Syniti or from our third-party service providers includes instructions on how you can unsubscribe from future promotional emails from Syniti. You may unsubscribe from our marketing communications by clicking on the “unsubscribe” link located on the bottom of our emails.
With respect to data that we collect when you use and access any Syniti products or services, we retain your data (including your Personal Information) according to the timeframes set forth in the relevant agreements with our customers or for as long as needed to provide services to you and your employer. Syniti will retain this Personal Information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
To exercise any of these rights or if you have any other question, please contact us at firstname.lastname@example.org or by mail to Syniti, LLC 75 Perseverance Way Hyannis, MA 02601, Attention: Privacy. We will respond to your request to change, correct, or delete your information within a reasonable timeframe (usually within sixty (60) days).
Our Acceptable Use Policy applies to us and to our customers and, among other things, requires the inclusion in every marketing email sent an “opt-out” mechanism and other required information.
VI. Commitment to Comply with the Principles.
Syniti is committed to the Principles with respect to all European and Swiss personal data that it receives from individuals or companies in the EU or Switzerland in reliance on the Privacy Shield. Syniti also receives some data in reliance on other compliance mechanisms, including data processing agreements based on the EU Standard Contractual Clauses. Syniti is further committed to cooperating with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.
VII. Transfer of Personal Information
Syniti is responsible for the processing of Personal Information it receives, under the Privacy Shield Framework, and any subsequent transfers to a third party acting as an agent on its behalf. Syniti complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
VIII. Right to Access.
Each User has the right to access such User’s Personal Information covered by this Notice and to correct, amend, or delete such Personal Information if such User can demonstrate that such Personal Information is inaccurate or incomplete (except when the burden or expense of providing access, correction, amendment, or deletion would be disproportionate to the risks to such User’s privacy, or where the rights of persons other than a User would be violated).
IX. Responding to Legal Process; Required Disclosures.
As required by law, Syniti may respond to subpoenas, court orders, or similar legal process by disclosing a User’s Personal Information and other related information, if necessary. Syniti also may choose to establish or exercise its legal rights or defend against legal claims. In certain situations, Syniti may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Syniti may collect and possibly share Personal Information and any other additional information available to it in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of Syniti’s terms of service, or as otherwise required by law.
X. Dispute Resolution
Syniti is committed to resolving complaints about its collection or use of a User’s Personal Information. EU and Swiss individuals with concerns or complaints about the use of their Personal Information should contact Syniti’s Privacy Officer at email@example.com. Syniti will attempt to resolve any such concerns in accordance with the principles of this Notice. In the event of an unresolved privacy or data use concern that Syniti has not addressed satisfactorily, please contact Syniti’s U.S.-based third-party dispute resolution provider (free of charge) at https://www.jamsadr.com/eu-us-privacy-shield.
Under certain conditions, more fully described on the Privacy Shield website [https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint], a User may invoke binding arbitration when other dispute resolution procedures have been exhausted.
XI. Contact Us
Please refer and questions or comments related to this Privacy Shield Notice to:
Attention: Privacy Officer
75 Perseverance Way
Hyannis, MA 02601
XII. Updates to this Privacy Shield Notice
Syniti may amend this Notice from time to time, and at any time to remain consistent with the Principles, each of the Frameworks and other applicable laws.
Effective: May 16, 2018
Last Updated: August 28, 2018
XIII. Other Syniti Entities also Adhering to Privacy Shield Principles
The following Syniti entities also adhere to the Principles: Syniti, LLC; CranSoft LLC; and HiT Software, Inc.
XIV. Definitions applicable to this Privacy Shield Notice
“Syniti Employee” means any current, former or prospective employee, temporary worker, intern or other non-permanent employee of any subsidiary or affiliate of Syniti, who is a resident of the EU.
“Syniti Services” means its products or services, including without limitation, its software, services, customer support services, software maintenance services, hosted services or cloud offerings. “Host Information” means certain information about a User’s computer, browser, and systems that Syniti collects when a User accesses the Websites or the Syniti Services, including IP address along with the network path, operating system type and version, and browser type, client version, the MAC address of a User’s internet connection, and geographical location.
“Personal Information” is any information about a visitor to Syniti’s Websites or a user of the Syniti Services (on behalf of its customers) that Syniti collects or a User submits that could, alone or together with other information, personally identify such User. Information such as name, a user name and password, an email address, physical address, phone number, a company name, and a photograph are examples of “Personal Information.” Personal Information can also include information about any transactions, both free and paid, that a User enters into on the Websites, and information about a User that is available on the internet, such as from Facebook, LinkedIn, Twitter and Google, or publicly available information that Syniti acquires from third party service providers.
“Sensitive Personal Information” means Personal Information that pertains to a person’s medical or health condition, race or ethnicity, political, religious or philosophical affiliations or opinions, sexuality or trade union membership.
“Usage Information” means the information Syniti records about a User’s usage of, and interactions with, the Websites or the Syniti Services, including actions taken, date and time, frequency, duration, quantity, quality, network connectivity, and performance information related to logins, clicks, and other feature usage information.
“Websites” means Syniti’s public websites and their associated content.