I. Confirm Eligibility. FTC Jurisdiction.
The United States Federal Trade Commission has jurisdiction over Syniti’s compliance with the Principles.
II. Types of Personal Data We Collect
Syniti collects personal data from individuals who visit the Websites, and individual representatives of its corporate customers who use and access the Syniti Services, as well as individual representatives of its suppliers and business partners.
From the Websites and the Syniti Services, Syniti may collect the following types of personal data:
· contact information, for example, name and email address;
· company information;
· Host Information; and
· Usage Information.
Syniti also collects or has access to personal data from Syniti Employees, including the following types:
· contact information, for example, name and personal email address and phone number;
· date of birth;
· government-issued identification information, visa or passport information;
· educational, employment or military service history
· work eligibility and/or authorization
· job performance and compensation information;
· bank account or other financial account information; and
· other information that an Employee may provide
III. Purposes of Collection and Use
Syniti uses this information in order to operate, improve, and optimize the Websites and the Syniti Services, as well as generate leads for its sales and marketing teams. Syniti also uses Host Information and Usage Information alone or in combination with users’ Personal Information to provide its users (“Users”) of the Websites and Syniti Services with personalized information about Syniti, to provide the Syniti Services that a User requested, prevent or address technical issues, respond to support issues and to improve the Syniti Services. Syniti personnel and its authorized third-party agents may only access and use Personal Information if such individuals are authorized to do so and only for the purpose for which such individuals are authorized.
IV. Sensitive Personal Information
The Websites and Syniti Services do not collect, store or use any Sensitive Personal Information.
V. Opting Out and Unsubscribing
· To review the user information that you have supplied to us;
· To request that we correct any errors, outdated information, or omissions in user information that you have supplied to us;
· To request that your user information not be used to contact you;
· To request that your user information be removed from any solicitation list that we use;
· To request that your user information be deleted from our records; and
· To opt out of being solicited by Syniti.
Each promotional email from Syniti or from our third-party service providers includes instructions on how you can unsubscribe from future promotional emails from Syniti. You may unsubscribe from our marketing communications by clicking on the “unsubscribe” link located on the bottom of our emails.
With respect to data that we collect when you use and access any Syniti products or services, we retain your data (including your Personal Information) according to the timeframes set forth in the relevant agreements with our customers or for as long as needed to provide services to you and your employer. Syniti will retain this Personal Information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
To exercise any of these rights or if you have any other question, please contact us at Privacy@Syniti.com or by mail to BackOffice Associates, LLC d/b/a Syniti 115 4th Ave, Suite 205, Needham, MA 02494, Attention: Privacy. We will respond to your request to change, correct, or delete your information within a reasonable timeframe (usually within sixty (60) days). Our Acceptable Use Policy applies to us and to our customers and, among other things, requires the inclusion in every marketing email sent an “opt-out” mechanism and other required information.
VI. Commitment to Comply with the Principles
Syniti is committed to the Principles with respect to all European and Swiss personal data that it receives from individuals or companies in the EU or Switzerland in reliance on the Privacy Shield. Syniti also receives some data in reliance on other compliance mechanisms, including data processing agreements based on the EU Standard Contractual Clauses. Syniti is further committed to cooperating with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.
VII. Transfer of Personal Information
Syniti is responsible for the processing of Personal Information it receives, under the Privacy Shield Framework, and any subsequent transfers to a third party acting as an agent on its behalf. Syniti complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
VIII. Right to Access
Each User has the right to access such User’s Personal Information covered by this Notice and to correct, amend, or delete such Personal Information if such User can demonstrate that such Personal Information is inaccurate or incomplete (except when the burden or expense of providing access, correction, amendment, or deletion would be disproportionate to the risks to such User’s privacy, or where the rights of persons other than a User would be violated).
IX. Responding to Legal Process; Required Disclosures
As required by law, Syniti may respond to subpoenas, court orders, or similar legal process by disclosing a User’s Personal Information and other related information, if necessary. Syniti also may choose to establish or exercise its legal rights or defend against legal claims. In certain situations, Syniti may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Syniti may collect and possibly share Personal Information and any other additional information available to it in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of Syniti’s terms of service, or as otherwise required by law.
X. Dispute Resolution
Syniti is committed to resolving complaints about its collection or use of a User’s Personal Information. EU and Swiss individuals with concerns or complaints about the use of their Personal Information should contact Syniti’s Privacy Officer at Privacy@Syniti.com. Syniti will attempt to resolve any such concerns in accordance with the principles of this Notice. In the event of an unresolved privacy or data use concern that Syniti has not addressed satisfactorily, please contact Syniti’s U.S.-based third-party dispute resolution provider (free of charge) at https://www.jamsadr.com/eu-us-privacy-shield.
Under certain conditions, more fully described on the Privacy Shield website [https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint], a User may invoke binding arbitration when other dispute resolution procedures have been exhausted.
XI. Contact Us
Please refer any questions or comments related to this Privacy Shield Notice to:
BackOffice Associates, LLC d/b/a Syniti
Attention: General Counsel
115 4th Ave, Suite 205
Needham, MA 02494
XII. Updates to this Privacy Shield Notice
Syniti may amend this Notice from time to time, and at any time to remain consistent with the Principles, each of the Frameworks and other applicable laws.
Effective: May 16, 2018
Last Updated: May 18, 2021
XIII. Other Syniti Entities also Adhering to Privacy Shield Principles
The following Syniti entities also adhere to the Principles: BackOffice Associates, LLC, d/b/a Syniti, BackOffice Associates National Security Services, LLC, CranSoft, LLC, Syniti DMR, LLC XIV. Definitions applicable to this Privacy Shield Notice
“Syniti Employee” means any current, former or prospective employee, temporary worker, intern or other non-permanent employee of any subsidiary or affiliate of Syniti, who is a resident of the EU.
“Syniti Services” means its products or services, including without limitation, its software, services, customer support services, software maintenance services, hosted services or cloud offerings. “Host Information” means certain information about a User’s computer, browser, and systems that Syniti collects when a User accesses the Websites or the Syniti Services, including IP address along with the network path, operating system type and version, and browser type, client version, the MAC address of a User’s internet connection, and geographical location.
“Personal Information” is any information about a visitor to Syniti’s Websites or a user of the Syniti Services (on behalf of its customers) that Syniti collects or a User submits that could, alone or together with other information, personally identify such User. Information such as name, a user name and password, an email address, physical address, phone number, a company name, and a photograph are examples of “Personal Information.” Personal Information can also include information about any transactions, both free and paid, that a User enters into on the Websites, and information about a User that is available on the internet, such as from Facebook, LinkedIn, Twitter and Google, or publicly available information that Syniti acquires from third party service providers.
“Sensitive Personal Information” means Personal Information that pertains to a person’s medical or health condition, race or ethnicity, political, religious or philosophical affiliations or opinions, sexuality or trade union membership.
“Usage Information” means the information Syniti records about a User’s usage of, and interactions with, the Websites or the Syniti Services, including actions taken, date and time, frequency, duration, quantity, quality, network connectivity, and performance information related to logins, clicks, and other feature usage information.
“Websites” means Syniti’s public websites and their associated content.