Update from December 15, 2025:
To benefit from the Syndigo LLC DPA, customers can request to sign the Syndigo LLC Data Processing Addendum Accession Agreement from privacy@syndigo.com, which will be countersigned by the relevant Syndigo entity.
This DPA has been updated including the changes listed below, however, these amendments do not contain material changes from the previous version:
- Added a definition for “Personal Data Recipient.”
- Clarified when Syndigo may be required by law to process client data outside of client instructions and what it will do in that case, and aligned the DPA’s wording with the GDPR.
- Confirmed that clients’ instructions must comply with data protection laws, and clarified the limits of client liability.
- Clarified language regarding deletion, backup, and return of data. Importantly, Syndigo has made no changes to underlying practices.
- Made audit rights more flexible, allowing additional audits in case of data breaches or material contract breaches.
- Reflected that 1WorldSync, Inc. is certified under the EU-U.S. and Swiss-U.S. Data Privacy Frameworks and the UK Extension to the EU-U.S. Data Privacy Framework; as well as reaffirmed Syndigo’s commitment to notify Clients if it determines it can no longer meet obligations under these frameworks, where applicable to the Services.
- Added processing details for PowerReviews and 1WorldSync products.
- Updated jurisdiction-specific terms, including:
- Collaboration on Brazilian standard contractual clauses
- New terms for New Zealand data protection law
- Updates for the UK Data (Use and Access) Act 2025
- Clarified coverage of U.S. state privacy laws
- Added a clause to the Supplementary terms to the Standard Contractual Clauses to clarify that Syndigo does not expect government access or disclosure requests for Client Personal Data, and that risk assessment and determination of whether a transfer provides adequate protection for Client Personal Data remains the sole responsibility of the data exporter.
