close
close

Syndigo Privacy Notice

Last updated: Nov 14, 2023

Introduction

Syndigo LLC and any affiliate entity controlled directly or indirectly by it (collectively, “Syndigo”, “we”, “us”, “our”) take the protection of your personal data (“Personal Data”) very seriously. Please read this Privacy Notice (the “Notice”) to learn what we’re doing with your Personal Data, how we protect it, and your privacy rights.

What Is Covered by this Privacy Notice?

This Notice is designed to assist you to understand how and why we process your Personal Data when:

  • You use our website, syndigo.com (“Website”).
  • You interact with us via our social media pages, or sign-up to our webinars.
  • We provide you with customer support services (“Services”).
  • You enroll in our Syndigo University training programs or other online training programs (“Training”)
  • You enquire about our products and services, or you place a product order with us.
  • You respond to a survey or fill out any forms from us.
  • We sell or market our products and Services to you.
  • You provide services or products to us as our service provider or supplier.

Within the scope of this Notice, Syndigo is the business that makes the decisions about the processing of your Personal Data (also known as the “data controller” or “business”), unless expressly specified otherwise.

This Notice does not cover:

Information collected by our customers who use our products: We host the data related to our customers’ clients for our customers (and for which we act as a “data processor” or “service provider”) via our product applications. The personal data submitted to us as a data processor or service provider, within Content Experience Suite (CES) is governed by the Content Experience Suite Privacy Notice. Refer to the applicable product notices for more information.

Information we collect about employees or job applicants: If you are a Syndigo employee, read the Global Employee Privacy Notice on Syndigo’s shared drive. If you are a job applicant, please read our Job Applicant Privacy Notice.

Information which does not constitute Personal Data: If we do not maintain information in a manner that identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular individual or household, such information is not considered Personal Data and this Notice will not apply to our processing of that information.

External websites or services: Our Website and products may contain links to websites of third parties. We are not responsible for the handling of your Personal Data by those third parties and recommend that you review their privacy notices.

What Can You Find in This Notice?

This Notice tells you, among other things:

What Personal Data We Process and How We Obtain It

The table below describes the categories of Personal Data we have collected about you in the last twelve months.

Personal Data We Collect, Process, or StoreHow We Obtain It
Identifiers
First and last name, email address, telephone number, Internet Protocol address, username, and password.We collect this information when you create your account or log into our products, and use the Services. We collect your IP address when you visit our Website. You provide it to us when you make an enquiry about our products and services, or otherwise communicate with us. You provide it to us when you sign up to our webinars. We obtain it from our third-party service providers that supply business-to-business sales databases and contacts to us.
Customers and Prospects Commercial Information
First and last name, email address, and telephone number, job title.   Our communication with customers and prospects (correspondence, call and video recordings, and transcriptions and analyses thereof), as well as any needs, preferences, attributes, and insights relevant to our potential engagement with prospects.We collect this information when you provide it to us when you use our products and Services.. We collect this from you when you make enquiries, requests, and otherwise communicate with us. We obtain it from our third-party service providers that conduct video recordings and transcriptions for us.
Internet or other similar network activity
Browsing history, search history, information on your interaction with our Website, application, or advertisement, device screen size, device type, unique identifiers, browser information, geographic location (country).We collect this information from your activity when you use our Website, or social media pages. We obtain this information from our third-party service providers who perform online analytics or online marketing for us.
Inferences drawn from other Personal Data
Profile reflecting your preferences, predispositions, behavior, attitudes.We collect this information by analyzing the information that you have provided to us by entering it into our applications, or when you use our Website.

We will not collect additional categories of Personal Data without informing you.

We use cookies and other online tracking technologies on our Website and in our applications. To learn about Syndigo’s use of cookies on the Website, please read our Cookie Notice. To learn about Syndigo’s use of cookies in CES, read the CES Cookie Notice.

For What Purposes Do We Use Your Personal Data?

We process your Personal Data for the following purposes:

  • To enable your use and access of our products, applications, and Services.
  • To improve our Services in order to better serve you.
  • To personalize your experience on our Website. We analyze your behavior on our Website (such as how much time you spend on which pages and which links you choose to click etc.) to improve the Website and better respond to you. We also use technology to translate certain English fields into other languages based on your preferences.
  • To respond to your requests or questions.
  • To receive product improvement feedback.
  • To administer contests, webinars, promotions, or surveys.
  • To process your transactions.
  • To develop and track sales leads.
  • To send periodic service emails to you regarding your orders or information related to the products and Services.
  • To personalize advertisements for you related to our products or Services.
  • To facilitate and optimizing our sales operations.
  • To maintain the security and integrity of our Website, products, applications, databases, and business operations.
  • To address legal issues. This may include processing your Personal Data for us to comply with our obligations to retain certain business records for minimum retention periods; to establish, exercise, defend legal claims; to detect, prevent, and respond to fraud, intellectual property infringements, or other violations of our contracts, or the law; to respond to lawful requests from law enforcement, national authorities, court orders.

To achieve the above purposes, we need to perform different types of processing activities on your Personal Data, such as storage, access, transmission, consultation, manipulation, and combination.

How Long We Keep Your Personal Data

When the purposes of processing are satisfied, we will delete the related Personal Data within thirty (30) days, or upon receipt of a verified request.

Automated Decision-Making

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making. There will always be human intervention into decisions based on automated processing, including automated analytics, testing, and profiling. If this position changes, or there is a need and lawful basis to do so, we will inform you.

Sharing Personal Data with Third Parties

We share your Personal Data with certain third parties who assist us in operating our Website, conducting our business, or servicing you. The categories of third parties to which we may disclose your Personal Data include:

  • Infrastructure services providers
  • Customer service providers
  • Internet service providers
  • Cloud service providers
  • Office tools providers
  • Payment processing providers
  • Customer survey providers
  • Email service providers
  • Email security services providers
  • Web analytics providers
  • Enterprise open-source solutions providers
  • Project management tool providers
  • Application hosting service providers
  • Sales conversations intelligence providers

We enter into agreements with our service providers (also known as “processors”) to ensure that they keep your Personal Data confidential, only use it for the services they provide to Syndigo and treat your Personal Data with the same level of protection that we do.

Syndigo does not sell your Personal Data in the conventional sense (for money). Like many companies, however, we use services that help deliver interest-based ads to you or analyze our Website traffic and we share your Personal Data with these business partners for this purpose and their use. Making Personal Data (such as online identifiers or browsing activity) available to these companies is considered a “sale” under applicable data protection and privacy laws. If you would like to opt out of the sale of your Personal Data that take place via cookies and other online tracking technologies, you can learn how below in the Privacy Rights section of this Notice.

We may disclose your Personal Data to the extent required by law or if we have a good-faith belief that we need to disclose it to comply with official investigations or legal proceedings (whether initiated by governmental/law enforcement officials, or private parties). If we have to disclose your Personal Data to governmental/law enforcement officials, we may not be able to ensure that those officials will maintain the privacy and security of your Personal Data.

We may also disclose your Personal Data if we sell or transfer all or some of our company’s business interests, assets, or both, or in connection with a corporate restructuring. Finally, we may disclose your Personal Data to our subsidiaries or affiliates, but only if necessary for business purposes, as described in the section above.

We reserve the right to use, transfer, sell, and share aggregated, anonymous data for any legal purpose. Such data does not include any Personal Data. The purposes may include analyzing usage trends or seeking compatible advertisers, sponsors, and customers.

Where Do We Store and Transfer Your Personal Data To

Syndigo is headquartered in the United States of America (“U.S.) and its data centers are primarily in the U.S. Syndigo also uses many U.S.-based services providers. This means that your Personal Data is primarily stored by us and our service providers in the U.S. However, we operate globally through our affiliates, subsidiaries, and services providers. This means that we may store and transfer your Personal Data to our affiliates, subsidiaries, and service providers who are in different countries if it is relevant for the delivery of our Services and products, or applicable for business operations.

Note if you are located in the EU: Some of our service providers and affiliates are located outside of the European Union or the European Economic Area. In some cases, the European Commission may have determined the data protection laws of some countries provide a level of protection equivalent to European Union law. You can see here the list of countries that the European Commission has recognized as providing an adequate level of protection to personal data. We will only transfer your Personal Data to third parties in countries not recognized as providing an adequate level of protection to personal data when there are appropriate safeguards in place. These safeguards include the European-Commission-approved standard contractual data protection clauses under Article 46.2 of the General Data Protection Regulation (“GDPR”), the Data Privacy Framework (to which Syndigo is certified), or other approved mechanisms.

Note if you are located in Brazil: Some of these third parties may be located outside of Brazil. In some cases, the Autoridade Nacional de Proteção de Dados (“ANPD”) may have determined that certain countries’ data protection laws provide an equivalent level of protection to the Lei Geral de Proteção de Dados (“LGPD”). Where this is not the case, we will only transfer your Personal Data to third parties located in other countries when there are appropriate safeguards in place which the ANPD has confirmed as acceptable.

Risk of Harm

Whenever Personal Data is collected and processed, there is always a slight risk that the Personal Data may be breached, misused, or otherwise result in a harm to you. However, we take several measures to ensure that this risk is mitigated as much as possible. These measures include limiting the Personal Data about you that we collect and process to solely what is necessary, not collecting sensitive Personal Data about you, and implementing appropriate security measures, as described in this Notice.

Lawful Bases for Processing

The GDPR and other applicable data protection laws require that we have a valid reason to use your Personal Data. This is called the “lawful basis for processing.” When operating as a data controller, we may process your Personal Data:

  • Because you gave your consent.
  • Because we need to perform a contract with you.
  • Because we have a legitimate interest in processing your Personal Data and it is not overridden by your rights. Some of those interests include: (1) Identifying and preventing fraud; and (2) enhancing the security of our network and information systems.
  • Because we need to comply with the law.
  • On another ground, as required or permitted by law.

When we rely on legitimate interests as a lawful basis of processing, you have the right to ask us more about how we decided to choose this legal basis. To do so, please use the contact details provided at the end of this Notice.

Where we process your Personal Data based on your consent, you may withdraw it at any time. However, this will not affect the lawfulness of our processing before you withdrew your consent. It will also not affect the validity of our processing of Personal Data performed on other lawful grounds.

Where we receive your Personal Data as part of providing our Services to you based on a contract, we require such Personal Data to be able to carry out the contract. Without that necessary Personal Data, we will not be able to provide the Services to you.

What Privacy Rights Do You Have?

You have specific rights regarding your Personal Data collected and processed by us. Please note that you can only exercise these rights with respect to Personal Data that we process about you when we act as a data controller or as a “business”. To exercise your rights with respect to information processed by us on behalf of one of our customers, please read the privacy notice of that customer.

In this section, we first describe those rights and then we explain how you can exercise those rights.

Right to Know What Happens to Your Personal Data

This is called the right to be informed. It means that you have the right to obtain from us all information regarding our data processing activities that concern you, such as how we collect and use your Personal Data, how long we will keep it, and who it will be shared with, among other things.

We are informing you of how we process your Personal Data with this Notice.

Right to Know What Personal Data Syndigo Has About You

This is called the right of access. This right allows you to ask for full details of the Personal Data we hold about you.

You have the right to obtain from us confirmation as to whether or not we process Personal Data concerning you, and, where that is the case, a copy or access to the Personal Data and certain related information. Once we receive and confirm that the request comes from you or your authorized agent, we will disclose to you:

  • The categories of Personal Data we collected about you;
  • The categories of sources for the Personal Data we collected about you;
  • Our purposes for processing that Personal Data;
  • Where possible, the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine that period;
  • The categories of third parties with whom we share that Personal Data;
  • The specific pieces of Personal Data we collected about you;
  • If we sold or disclosed your Personal Data for a business purpose, two separate lists laying out the:
    • categories of Personal Data sold, and the categories of recipients who purchased the Personal Data; and
    • categories of Personal Data disclosed for a business purpose, identifying the categories of recipients who obtained the Personal Data;
  • If we rely on legitimate interests as a lawful basis to process your Personal Data, the legitimate interests pursued by us or by a third party; and
  • The appropriate safeguards for transferring data from one country to a third country, if applicable.

Please take into account that certain data protection laws allows us not to satisfy your access request when:

  • you already have the information;
  • providing such information proves impossible or would involve a disproportionate effort, or in so far providing such information is likely to render impossible or seriously impair the achievement of the objectives of that processing; and
  • that Personal Data must remain confidential subject to an obligation of professional secrecy regulated by applicable law, including a statutory obligation of secrecy.

Certain data protection laws do not allow us to disclose account passwords or security questions and answers. We can inform you that we have this information generally, but we may not provide the specific items to you for security and legal reasons.

Right to Correct Your Personal Data

This is called the right to rectification. It gives you the right to ask us to correct anything that you think is wrong with the Personal Data we have on file about you and to complete any incomplete Personal Data.

Right to Delete Your Personal Data

This is called the right to erasure, right to deletion or the “right to be forgotten”. This right means you can ask for your Personal Data to be deleted.

You may be able to remove information from your account after logging in or even to entirely delete your account on our Services. If there is any other Personal Data you would like deleted, you can ask us to do so using the contact information listed in this Notice.

Sometimes we can delete your information, but other times it may not be possible, such as when the law tells us we cannot do so. If that is the case, we will consider if we can limit how we use it. There may also be circumstances where we deny your request to delete your information under applicable law, such as if we or our service providers need to retain the Personal Data to:

  • Complete the transaction for which we collected the Personal Data;
  • Provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
  • Debug products to identify and repair errors that impair existing intended functionality;
  • Enable solely internal uses reasonably aligned with your expectations based on your relationship with us;
  • Comply with a legal obligation; or
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Right to Ask Us to Change How We Process Your Personal Data

This is called the right to restrict processing. It is the right to ask us to only use or store your Personal Data for certain purposes.

You have this right in certain occasions, such as where you believe the data is inaccurate or the processing activity is unlawful. This right enables you to ask us to suspend the usage of Personal Data about you, for example if you want us to establish its accuracy or the reason for processing it.

Right to Ask Us to Stop Using Your Personal Data

This is called the right to object. This is your right to tell us to stop using your Personal Data. You have this right where we rely on a legitimate interest of ours (or of a third party). Also, you have the right to object at any time to the processing of your Personal Data for direct marketing purposes.

We will stop processing the relevant Personal Data unless: (i) we have compelling legitimate grounds for the processing that override your interests, rights, or freedoms; or (ii) we need to continue processing your Personal Data to establish, exercise, or defend a legal claim.

Right to Port or Move Your Personal Data

This is called the right to data portability. It is the right to ask for and download Personal Data about you that you have given us or that you have generated by virtue of the use of our services, so that you can:

  • move it;
  • copy it;
  • keep it for yourself; or
  • transfer it to another organization.

We will provide your Personal Data in a structured, commonly used, and machine-readable format. When you make a data portability request electronically, we will provide you a copy in electronic format.

Right to Withdraw Your Consent

Where we rely on your consent as the legal basis for processing your Personal Data, you may withdraw your consent at any time. If you withdraw your consent, our use of your Personal Data before you withdraw is still lawful.

If you have given consent for your details to be shared with a third party, and wish to withdraw this consent, please also contact the relevant third party in order to change your preferences.

Right Not to be Discriminated Against for Exercising your Privacy Rights

We will not discriminate against you for exercising any of your privacy rights, meaning we will not:

  • deny you goods or services;
  • charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties; or
  • provide you a different level or quality of goods or services.

Right to Lodge a Complaint with a Supervisory Authority

If the GDPR applies to the processing of your Personal Data with us, the GDPR grants you the right to lodge a complaint with a supervisory authority if you are not satisfied with how we process your Personal Data. In particular, you can lodge a complaint in the Member State of the European Union of your habitual residence, place of work, or of the alleged violation of the GDPR.

If the LGPD applies to the processing of your Personal Data with us, the LGPD grants you the right to lodge a complaint with the ANPD if you are not satisfied with how we process your Personal Data.

Right to Opt Out of the Sale or Share of Your Personal Data

Depending on the region where you are located, you have the “right to opt out” of the “sale” or “share” of your Personal Data, which means you have the right to ask us to not sell or share your Personal Data at any time for specified purposes.

A “sale” includes disclosing or making available Personal Data to a third party (other than a service provider) in exchange for monetary or other valuable consideration. Under certain data protection laws, “sharing” includes disclosing or making available personal information to a third party for cross-context behavioral advertising. Our use of some online tracking technologies for statistical and marketing purposes is the only sale or share of your Personal Data by Syndigo. To opt out of the sale or share of Personal Data, change your consent through our cookie consent management platform. In particular, you need to choose not to allow the following categories of cookies: Statistics; and marketing.

Please consider that the preferences you submit through the cookie consent management platform, including your requests to opt out from the sale of personal information, may be stored in cookies or similar technologies that are specific to your browser. If this browser is configured to block cookies or similar technologies, our tool may not be able to store your preferences. In addition, deleting cookies on this browser may result in your preferences being removed. If your preferences are removed after you delete cookies from this browser, you will have to update these preferences again. Also, remember that private browsing technologies (such as incognito mode) automatically delete all local storage and cookies when the browsing session ends, preventing us from recording your choice made during the session; and prevent us from accessing any local storage created outside of the current session, which does not enable us to access the choice you made during a normal or previous private browsing session.

We’ll only store your preferences only in this browser. Because some companies may not connect information about this browser with other web browsers or devices you may use (such as a web browser on another computer you may use, or one on a mobile device), you need update your preferences through the cookie consent management platform to set your preferences separately for other browsers or devices you may use.

You can also alter the configuration of your browser to reject certain types of online tracking technologies. You can set up Do Not Track (“DNT”) or Global Privacy Control (“GPC”), or manage cookies using your browser settings.  For more information on GPC, please visit: https://globalprivacycontrol.org/#download. We will respond to your GPC signals. For information about how to turn on DNT in Chrome, read here: https://support.google.com/chrome/answer/2790761?hl=en&co=GENIE.Platform%3DDesktop. For more information about how to manage and delete cookies in your browser, please visit https://www.aboutcookies.org/how-to-manage-and-delete-cookies.

Your Right to Opt In to the Sale of Your Personal Data

As our use of some of the cookies that we use for statistical purposes and marketing purposes is the only sale of your Personal Data that Syndigo may be engaging in, the only way to opt in to sales of Personal Data is to change your cookie preferences through our cookie consent management platform In particular, you need to choose to allow the following categories of cookies:  Statistics and Marketing

How Can You Exercise Your Privacy Rights?

To exercise any of the rights described above, please submit a request by either:

Calling us at 1-877-847-5467; or
Contacting us by email at privacy@syndigo.com (Preferred method)

Verification of Your Identity

Bear in mind that to evaluate your privacy rights requests, we need to be sure it was you who made the request. Consequently, we may need some information to confirm that you are who you say you are.

For requests submitted via password-protected accounts, your identity is already verified.

For requests sent by other means, you will need to provide us with sufficient information that allows us to reasonably verify you are the person about whom we collected personal data. Generally, we will request only information that we may have about you to confirm your identity, but under some circumstances we may require additional information or documentation to complete your request. We cannot respond to your request or provide you with personal data if we cannot verify your identity or authority to make the request. Making a request does not require you to create an account with us.

We will only use the Personal Data you provide us in a request to verify your identity or authority to make the request.

Please note that you may only make a consumer request to know or data portability twice within a 12-month period under the CCPA.

Verification of Authority

If you are submitting a request on behalf of somebody else, we will need to verify your authority to act on behalf of that individual. When contacting us, please provide us with proof that the individual gave you signed permission to submit this request, a valid power of attorney on behalf of the individual.

Alternatively, you may ask the individual to directly contact us by using the contact details above to verify their identity with us and confirm with us that they gave you permission to submit this request.

We will only use the Personal Data you provide us in a request to verify your authority.

Response Timing and Format of Our Responses

We will confirm receipt of your request within ten (10) days and, in that communication, we will also describe our identity verification process (if needed) and when you should expect a response, unless we have already granted or denied the request.

Please allow us up to thirty (30) days to reply to your from the day we received your request. If we need more time (up to 90 days in total), we will inform you of the reason why, and the extension period, in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will send our written response by mail or electronically, at your option. 

If we cannot satisfy a request from you, we will also explain why in our response. 

We will not charge a fee for processing or responding to your requests unless we determine that your request is excessive, repetitive, or manifestly unfounded. In those cases, we will tell you why we made that determination and provide you with a cost estimate before completing your request.

Privacy of Children

Syndigo provides business to business products and Services. The Website and Services are not directed at, or intended for use by, children.

Data Integrity & Security

We are strongly committed to keeping your Personal Data safe. We have implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect your Personal Data from unauthorized processing. Unauthorized processing includes unauthorized access, exfiltration, theft, disclosure, alteration, or destruction.

Changes to This Notice

If we make any material change to this Notice, we will post the revised Notice to this web page. We will also update the “Effective” date.

Contact Us

If you have any questions about this Notice or our processing of your Personal Data, or want to submit a verifiable consumer request, please write to the Syndigo privacy team by email at privacy@syndigo.com or call at 1-877-847-5467 or by postal mail at:

Syndigo LLC
Attn: Debra Osborn, Senior Counsel
141 W. Jackson Blvd., Suite 1375
Chicago, IL 60604
United States

Please allow up to four weeks for us to reply.

European Union Representative

We have appointed VeraSafe as our representative in the EU for data protection matters. While you may also contact us, VeraSafe can be contacted on matters related to the processing of Personal Data. To contact VeraSafe, please use this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +420 228 881 031.

Alternatively, VeraSafe can be contacted at:
VeraSafe Ireland Ltd
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork, T23AT2P
Ireland

United Kingdom Representative

We have appointed VeraSafe as our representative in the UK for data protection matters. While you may also contact us, VeraSafe can be contacted on matters related to the processing of Personal Data. To contact VeraSafe, please use this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at +44 (20) 4532 2003.

Alternatively, VeraSafe can be contacted at:
VeraSafe United Kingdom Ltd.
37 Albert Embankment
London SE1 7TL
United Kingdom

Data Protection Officer

We have appointed VeraSafe as our Data Protection Officer (“DPO”). While you may contact us directly, VeraSafe can also be contacted on matters related to the processing of Personal Data.

VeraSafe’s contact details are:
VeraSafe, LLC
100 M Street S.E., Suite 600
Washington, D.C. 20003
USA

Email: experts@verasafe.com
Web: https://www.verasafe.com/about-verasafe/contact-us/