Privacy Policy

(last updated: October 22, 2020)

Syndigo LLC and any affiliate entity controlled directly or indirectly by it (collectively, “Syndigo”, “we”, “us”, “our”) take the protection of your personal data (“Personal Data”) very seriously. Please read this Privacy Notice (the “Notice”) to learn what we’re doing with your Personal Data, how we protect it, and your privacy rights under the European Union General Data Protection Regulation (“GDPR”), the California Consumer Privacy Act of 2018 (“CCPA”), and the Personal Information Protection and Electronic Documents Act (“PIPEDA”).

 

What Is Covered by this Privacy Notice?

This Notice is designed to assist you in understanding how we process your personal data when you use our website, web applications, or mobile applications (collectively, the “Services”), as well as in the course of providing you customer support services. In addition, it applies when you place an order with us, respond to a survey or fill out any forms from us, or when we process your Personal Data to sell or market our products and services.

Within the scope of this Policy, Syndigo is the business that makes the decisions about the processing of your Personal Data (also known as the “data controller”), unless expressly specified otherwise.

This Policy does not cover any other data collection or processing, including the data related to our customers’ clients which we host for our customers (and for which we act as a “data processor” or “service provider”) via the Content Experience Hub (“CXH”) application. The personal data submitted to us as a data processor or service provider within CXH is governed by the Content Experience Hub Privacy Notice (available at https://selfservice.syndigo.com/anon/home/privacypolicy) and applicable law.

 

What Can You Find in this Notice?

• what Personal Data we collect about you and how we obtain it;
• the legal bases for processing your Personal Data;
• for what purposes we use that Personal Data;
• how long we keep your Personal Data;
• with whom we share your Personal Data;
• your rights about the Personal Data we collect about you and how you can exercise those rights;
• how we protect your Personal Data; and
• how to contact us.

 

Lawful Bases for Processing

We must have a valid reason to use your Personal Data. This is called the “lawful basis for processing”. When operating as a data controller, we may process your Personal Data on the basis of:

• your consent;
• the need to perform a contract with you;
• our legitimate interests or those of a third party, such as our and our customers’ legitimate interest in accessing and distributing product data;
• the need to comply with the law; or
• any other ground, as required or permitted by law.

When we rely on legitimate interests as a lawful basis of processing, you have the right to ask us more about how we decided to choose this legal basis. To do so, please use the contact details provided below.

Where we process your Personal Data based on your consent, you may withdraw it at any time. However, this will not affect the lawfulness of our processing before you withdrew your consent. It will also not affect the validity of our processing of Personal Data performed on other lawful grounds.

Where we receive your Personal Data as part of providing our Services to you based on a contract, we require such Personal Data to be able to carry out the contract. Without that necessary Personal Data, we will not be able to provide the Services to you.

 

What Personal Data We Process and How We Obtain It

The table below describes the categories of Personal Data we have collected about you in the last twelve months.

Personal Data We Collect, Process, or StoreHow We Obtain It
Identifiers
First and last name, email address, phone number, Internet Protocol address, username and password
We collect this information when you create your account or log into and use the Services.
Customer Records Information
Name, physical characteristics or description, address, and telephone number. Some Personal Data included in this category may overlap with other categories.
We collect this information when you enter it into our Services, including from any photographs connected to your account.
Internet or other similar network activity
Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.
We collect this information from your activity when you use our Services or our website.
Inferences drawn from other Personal Data
Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
We collect this information by analyzing the information that you have provided to us by entering it into our Services and when using our Services, or when you use our website.


We will not collect additional categories of Personal Data without informing you.

 

Cookies

A “cookie” is a small file stored on your device that contains information about your device. We may use cookies to provide basic relevant ads, website functionality, authentication (session management), usage analytics (web analytics), and to remember your settings, and generally improve our websites and Services.

We use session and persistent cookies. Session cookies are deleted when you close your browser. Persistent cookies may remain even after you close your browser, but always have an expiration date. Most of the cookies placed on your device through our Services are first-party cookies, since they are placed directly by us. Other parties, such as Google, may also set their own (third-party) cookies through our Services. Please refer to the policies of these third parties to learn more about the way in which they collect and process information about you.

If you would prefer not to accept cookies, you can change the setup of your browser to reject all or some cookies. Note, if you reject certain cookies, you may not be able to use all of our Services’ features. For more information, please visit https://www.aboutcookies.org/.

You may also set your browser to send a Do Not Track (DNT) signal. For more information, please visit https://allaboutdnt.com/. Please note that our Services do not have the capability to respond to “Do Not Track” signals received from web browsers.

 

For What Purposes Do We Use Your Personal Data?

We may process your Personal Data for the purposes of:

• enabling the use of our Services and website
• improving our Services and website in order to better serve you
• responding to your requests or questions
• administering contests, promotions, or surveys
• processing your transactions
• developing and track sales leads
• sending periodic emails regarding your orders or other products and services.

 

How Long We Keep Your Personal Data
When the purposes of processing are satisfied, we will delete the related Personal Data within thirty (30) days, or upon receipt of a verified request.

 

Sharing Personal Data with Third Parties
We share your personal data with certain third parties who assist us in operating our website, conducting our business, or servicing you. However, these third parties are required we enter strict data processing agreements with these third parties to ensure that they keep your Personal Data confidential, only use it for the services they provide to Syndigo, and treat your Personal Data with the same level of protection that we do. The categories of third parties to which we may disclose your Personal Data include:

• Infrastructure services providers
• customer service providers
• Internet service providers
• Cloud service providers
• Office tools providers
• Payment processing providers
• customer survey providers
• Email service providers
• Web analytics providers
• Enterprise open source solutions providers
• Project management tool providers
• Application hosting service providers

Note if you are located in the EU: some of these third parties may be located outside of the European Union or the European Economic Area. In some cases, the European Commission may have determined that in some countries, their data protection laws provide a level of protection equivalent to European Union law. You can see here the list of countries that the European Commission has recognized as providing an adequate level of protection to personal data. We will only transfer your Personal Data to third parties in countries not recognized as providing an adequate level of protection to personal data when there are appropriate safeguards in place. These may include the European-Commission-approved standard contractual data protection clauses under Article 46.2 of the GDPR, or transfers on the basis of the Privacy Shield Framework.

We do not sell your Personal Data to third parties.

 

Other Disclosures of Your Personal Data

We may disclose your Personal Data to the extent required by law, or if we have a good-faith belief that we need to disclose it in order to comply with official investigations or legal proceedings (whether initiated by governmental/law enforcement officials, or private parties). If we have to disclose your Personal Data to governmental/law enforcement officials, we may not be able to ensure that those officials will maintain the privacy and security of your Personal Data.

We may also disclose your Personal Data if we sell or transfer all or some of our company’s business interests, assets, or both, or in connection with a corporate restructuring. Finally, we may disclose your Personal Data to our subsidiaries or affiliates, but only if necessary for business purposes, as described in the section above.

We reserve the right to use, transfer, sell, and share aggregated, anonymous data for any legal purpose. Such data does not include any Personal Data. The purposes may include analyzing usage trends or seeking compatible advertisers, sponsors, and customers.

 

What Privacy Rights Do You Have?

You have specific rights regarding your Personal Data collected and processed by us. In this section, we first describe those rights and then we explain how you can exercise those rights.

Right to Know What Happens to Your Personal Data
This is called the “right to be informed”. It means that you have the right to obtain from us all information regarding our data processing activities that concern you, such as how we collect and use your Personal Data, how long we will keep it, and who it will be shared with, among other things.

We are informing you of how we process your Personal Data with this Notice.

Right to Know What Personal Data Syndigo Has About You
This is called the right of access. This right allows you to ask for full details of the Personal Data we hold about you.

You have the right to obtain from us confirmation as to whether or not we process Personal Data concerning you, and, where that is the case, a copy or access to the Personal Data and certain related information. Once we receive and confirm that the request comes from you or your authorized agent, we will disclose to you:

• The categories of Personal Data we collected about you;
• The categories of sources for the Personal Data we collected about you;
• Our purposes for processing that Personal Data;
• Where possible, the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine that period;
• The categories of third parties with whom we share that Personal Data;
• The specific pieces of Personal Data we collected about you;
• If we sold or disclosed your Personal Data for a business purpose, two separate lists laying out the:

• categories of Personal Data sold, and the categories of recipients who purchased the Personal Data; and

• categories of Personal Data disclosed for a business purpose, identifying the categories of recipients who obtained the Personal Data;

• If we rely on legitimate interests as a lawful basis to process your Personal Data, the legitimate interests pursued by us or by a third party; and
• The appropriate safeguards for transferring data from the EU to a third country, if applicable.

Please take into account that the GDPR allows us not to satisfy your access request when:

• you already have the information;
• providing such information proves impossible or would involve a disproportionate effort, or in so far providing such information is likely to render impossible or seriously impair the achievement of the objectives of that processing; and
• that Personal Data must remain confidential subject to an obligation of professional secrecy regulated by Union or Member State law, including a statutory obligation of secrecy.

The CCPA does not allow us to disclose account passwords or security questions and answers. We can inform you that we have this information generally, but we may not provide the specific items to you for security and legal reasons.

Right to Correct Your Personal Data
This is called the right to rectification. It gives you the right to ask us to correct anything that you think is wrong with the Personal Data we have on file about you and to complete any incomplete Personal Data.

Right to Delete Your Personal Data
This is called the right to erasure, right to deletion or the “right to be forgotten”. This right means you can ask for your Personal Data to be deleted.

You may be able to remove information from your account after logging in or even to entirely delete your account on our Services. If there is any other Personal Data you would like deleted, you can ask us to do so using the contact information listed in this Notice.

Sometimes we can delete your information, but other times it may not be possible, such as when the law tells us we cannot do so. If that is the case, we will consider if we can limit how we use it. There may also be circumstances where we deny your request to delete your information under applicable law, such as if we or our service providers need to retain the Personal Data to:

a) Complete the transaction for which we collected the Personal Data;
b) Provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
c) Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
d) Debug products to identify and repair errors that impair existing intended functionality;
e) Enable solely internal uses reasonably aligned with your expectations based on your relationship with us;
f) Comply with a legal obligation, including (but not limited to) obligations from the California Electronic Communications Privacy Act; or
g) Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Right to Ask us to Change How We Process Your Personal Data
This is called the right to restrict processing. It is the right to ask us to only use or store your Personal Data for certain purposes. You have this right in certain occasions, such as where you believe the data is inaccurate or the processing activity is unlawful. This right enables you to ask us to suspend the usage of Personal Data about you, for example if you want us to establish its accuracy or the reason for processing it.

Right to Ask Us to Stop Using Your Personal Data
This is called the right to object. This is your right to tell us to stop using your Personal Data. You have this right where we rely on a legitimate interest of ours (or of a third party). Also, you have the right to object at any time to the processing of your Personal Data for direct marketing purposes.

We will stop processing the relevant Personal Data unless: (i) we have compelling legitimate grounds for the processing that override your interests, rights, or freedoms; or (ii) we need to continue processing your Personal Data to establish, exercise, or defend a legal claim.

Right to Port or Move Your Personal Data
This is called the right to data portability. It is the right to ask for and download Personal Data about you that you have given us or that you have generated by virtue of the use of our services, so that you can:

• move it;
• copy it;
• keep it for yourself; or
• transfer it to another organization.

We will provide your Personal Data in a structured, commonly used, and machine-readable format. When you make a data portability request electronically, we will provide you a copy in electronic format.

Right to Withdraw Your Consent
Where we rely on your consent as the legal basis for processing your Personal Data, you may withdraw your consent at any time. If you withdraw your consent, our use of your Personal Data before you withdraw is still lawful.

If you have given consent for your details to be shared with a third party, and wish to withdraw this consent, please also contact the relevant third party in order to change your preferences.

Right Not to be Discriminated Against for Exercising your Privacy Rights
We will not discriminate against you for exercising any of your privacy rights, meaning we will not:

• deny you goods or services;
• charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties; or
• provide you a different level or quality of goods or services.

Right to Lodge a Complaint with a Supervisory Authority
If the GDPR applies to the processing of your Personal Data with us, the GDPR grants you the right to lodge a complaint with a supervisory authority if you are not satisfied with how we process your Personal Data.

In particular, you can lodge a complaint in the Member State of the European Union of your habitual residence, place of work, or of the alleged violation of the GDPR.

 

How Can You Exercise Your Privacy Rights?

To exercise any of the rights described above, please submit a request by either:

• Calling us at 1-877-847-5467; or
• Contacting us by email as privacy@syndigo.com

 

Verification of Your Identity

Bear in mind that to evaluate your privacy rights requests, we need to be sure it was you who made the request. Consequently, we may need some information to confirm that you are who you say you are.

For requests submitted via password-protected accounts, your identity is already verified.

For requests sent by other means, you will need to provide us with sufficient information that allows us to reasonably verify you are the person about whom we collected personal data. Generally, we will request only information that we may have about you to confirm your identity, but under some circumstances we may require additional information or documentation to complete your request. We cannot respond to your request or provide you with personal data if we cannot verify your identity or authority to make the request. Making a request does not require you to create an account with us.

We will only use the Personal Data you provide us in a request to verify your identity or authority to make the request.

Please note that you may only make a consumer request to know or data portability twice within a 12-month period under the CCPA.

 

Response Timing and Format of Our Responses

We will confirm the receipt of your request within ten (10) days and, in that communication, we will also describe our identity verification process (if needed) and when you should expect a response, unless we have already granted or denied the request.

Please allow us up to thirty (30) days to reply to your from the day we received your request. If we need more time (up to 90 days in total), we will inform you of the reason why, and the extension period, in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will send our written response by mail or electronically, at your option.

If we cannot satisfy a request from you, we will also explain why in our response.

We will not charge a fee for processing or responding to your requests unless we determine that your request is excessive, repetitive, or manifestly unfounded. In those cases, we will tell you why we made that determination and provide you with a cost estimate before completing your request.

 

Privacy of Children

The Services are not directed at, or intended for use by, children under the age of 13.

 

Data Integrity & Security
We are strongly committed to keeping your Personal Data safe. We have implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect your Personal Data from unauthorized processing. Unauthorized processing includes unauthorized access, exfiltration, theft, disclosure, alteration, or destruction.

 

European Union Supervisory Authority Oversight

If you are a data subject whose Personal Data we process, you may also have the right to lodge a complaint with a data protection regulator in one or more of the European Union member states.

 

Changes to this Notice

If we make any material change to this Notice, we will post the revised Notice to this web page. We will also update the “Effective” date. By continuing to use our Services after we post any of these changes, you accept the modified Notice.

Contact Us:

If you have any questions about this Notice or our processing of your Personal Data, or want to submit a verifiable consumer request, please write to the Syndigo privacy team by email at privacy@syndigo.com or call at 1-877-847-5467 or by postal mail at:

Syndigo LLC
Attn: Debra Osborn, Senior Counsel
141 W. Jackson Blvd., Ste 1220
Chicago, IL 60604
United States

Please allow up to four weeks for us to reply.

 

European Union Representative

We have appointed VeraSafe as our representative in the EU for data protection matters. While you may also contact us, VeraSafe can be contacted on matters related to the processing of Personal Data. To contact VeraSafe, please use this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative/ or via telephone at: +420 228 881 031.

Alternatively, VeraSafe can be contacted at:

VeraSafe Ireland Ltd
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork T23AT2P
Ireland
VeraSafe Czech Republic s.r.o.
Klimentská 46,
Prague 1,
11002,
Czech Republic

 

Data Protection Officer
We have appointed VeraSafe as our Data Protection Officer (DPO). While you may contact us directly, VeraSafe can also be contacted on matters related to the processing of Personal Data. VeraSafe’s contact details are:

 

VeraSafe
22 Essex Way #8203
Essex, VT 05451 USA
Email: experts@verasafe.com
Web: https://www.verasafe.com/about-verasafe/contact-us/