Introduction and Scope
Syndigo LLC, including its subsidiaries and affiliates (“Syndigo,” “we,” “us,” “our”) takes the protection of personally identifiable information (“Personal Data”) very seriously.
We process Personal Data when providing our Master Data Management (MDM)/Product Information Management (PIM), services (the “Services”). This Privacy Notice (the “Notice”) addresses data subjects whose Personal Data we may process to provide the Services.
In connection with the Services, we act only as a storage and service provider, and in general shall only access Personal Data at our customers’ request in connection with customer support or account administration matters, as is reasonably necessary in order to provide the Services that our customers have directed us to provide, or as may be required by law.
Please read this Notice to learn more about the ways in which we collect, use, and otherwise process your Personal Data to provide the Services to you. This Notice also explains your rights under the General Data Protection Regulation (“GDPR”), the California Consumer Privacy Act of 2018 (“CCPA”), and other applicable privacy laws (“Applicable Laws”).
This Notice does not apply to Personal Data we collect by other means, such as Personal Data that we receive directly through Syndigo’s own publicly accessible website (www.syndigo.com) or as part of our sales and marketing efforts, or the Personal Data of our employees.
In the context of this Notice, Syndigo acts as a “data processor” or “service provider” for the Personal Data we process to provide the Services for our customers. This means that our customers determine the type of Personal Data they provide to Syndigo to process on their behalf and what Syndigo must do with it. We typically have no direct relationship with the individuals whose Personal Data we receive from our customers.
Basis of Processing
Within the scope of this Notice, we process Personal Data based on the documented instructions of our customers. To learn about our customers’ lawful bases for processing your Personal Data, please read their privacy notices.
How We Receive Personal Data
We may receive your Personal Data when:
- you provide it directly to us as part of using our Services;
- our customers (including their employees, contractors, and other representatives of the company) provide it to us;
- our customers’ clients provide it to us; or
- we receive it from other companies within our corporate group.
Categories of Personal Data
We may process the following types of Personal Data:
- identifiers, such as the username to access the Services;
- biographical information, such as first and last name;
- professional information, such as job title and company name;
- contact information, such as email address.
Purposes of Processing
We may process your Personal Data for the purposes of:
- enabling the use of the Services;
- improving the Services; and
- responding to your requests or questions.
We retain Personal Data for as long as instructed by the respective customer (who typically acts as a data controller). In the absence of any instruction by the customer, Personal Data used for a project shall be disposed once the project is complete, or as defined by Syndigo’s data retention and disposal policy. As a general rule, we will delete all Personal Data associated with the employees of our customers within thirty days from the day the account with our customer was cancelled.
Sharing Personal Data with Third Parties
We may share Personal Data with our subsidiaries and affiliates, as well as with our service providers, who process Personal Data on our behalf and who agree to use the Personal Data only to assist us in providing our Services or as required by law. Our service providers may provide:
- application hosting services;
- email software;
- cloud storage services;
- IT services;
- customer support services;
- analytics services;
- CRM software; and
- product content distribution platforms and solutions;
- cloud e-commerce software;
- product content integration, optimization and distribution in commerce software;
- software implementation services;
- low-code integration SaaS;
- data and security programming solutions;
- in-app guidance and performance support;
- response management software;
- testing platforms; and
- project management software;
Some of these third parties may be located outside of the United States of America. However, before transferring your Personal Data to these third parties, we will either ask for your explicit consent or require the third party to maintain at least the same level of privacy and security for your Personal Data that we do. We remain liable for the protection of your Personal Data that we transfer to third parties, except to the extent that we are not responsible for the event that leads to any unauthorized or improper processing.
In addition, some of these third parties may be located outside your jurisdiction (for example, outside of Canada, the European Economic Area, Switzerland or the United Kingdom). For example, some of these third parties are located in the United States of America and India. In some cases, the authorities of your jurisdiction may have determined that the countries’ data protection laws provide a level of protection equivalent to the laws of your jurisdiction. You can see here the list of countries that the European Commission has recognized as providing an adequate level of protection to Personal Data. We will only transfer your Personal Data to third parties in these countries when there are appropriate safeguards in place. These safeguards may include the Standard Contractual Clauses as approved by the European Commission under Article 46.2 of the GDPR.
We do not sell your Personal Data.
Other Disclosures of Your Personal Data
We may disclose your Personal Data to the extent required by law, or if we have a good-faith belief that we need to disclose it in order to comply with official investigations or legal proceedings (whether initiated by governmental/law enforcement officials or private parties). We may also disclose your Personal Data if we sell or transfer all or some of our company’s business interests, assets, or both, or in connection with a corporate restructuring. Finally, we may disclose your Personal Data to our subsidiaries or affiliates for business purposes, if necessary and as described in the section above.
We reserve the right to use aggregated, anonymous data about individuals whose Personal Data we process for any legal business purpose. Such data does not include any Personal Data. The purposes may include analyzing usage trends or seeking compatible advertisers, sponsors, and customers.
If we must disclose your Personal Data in order to comply with official investigation or legal processing initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of your Personal Data will maintain the privacy and security of your Personal Data.
Data Integrity & Security
Syndigo has implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect Personal Data from unauthorized processing such as unauthorized access, disclosure, alteration, or destruction.
Risk of Harm
Whenever Personal Data is collected and processed, there is always a slight risk that the Personal Data may be breached, misused, or otherwise result in a harm to you. However, we take several measures to ensure that this risk is mitigated as much as possible. These measures include limiting the Personal Data about you that we collect and process to solely what is necessary, not collecting sensitive Personal Data about you, and implementing appropriate security measures, as described in this Notice.
Your Privacy Rights
If we process your Personal Data, you may have the right to request access to (or to update, correct, or delete) such Personal Data. You may also have the right to ask that we limit our processing of such Personal Data, as well as the right to object to our processing of such Personal Data. You may also have the right to data portability.
Please note that requests should generally be sent directly to the Syndigo customer who provided your Personal Data to us. Syndigo has limited rights to access Personal Data our customers submit to us. If sending the request directly to the Syndigo customer is not possible for any reason and you decide to contact us with such a request, please provide the name of the Syndigo customer who submitted your Personal Data to us. We will forward your request to that customer and provide any needed assistance as they respond to your request.
Privacy of Children
We do not knowingly collect Personal Data from anyone under the age of 13. In the event that we learn that we process Personal Data from a child under the age of 13, we will delete the Personal Data we have stored as quickly as possible. If you believe that we might have any Personal Data from or about a child under the age of 13, please contact us or the customer that has provided the child’s information to us.
Changes to this Notice
If we make any material change to this Notice, we will post the revised Notice to this web page. We will also update the “Effective” date. By continuing to use the Services after we post any of these changes, you accept the modified Notice.
If you have any questions about this Notice or our processing of your Personal Data, please contact us by email at or by postal mail at:
Attn: Debra Osborn, Senior Counsel
141 W. Jackson Blvd., Ste 1220
Chicago, IL 60604
Please allow up to four weeks for us to reply.
European Union Representative
We have appointed VeraSafe as our representative in the EU for data protection matters. While you may also contact us, VeraSafe can be contacted on matters related to the processing of Personal Data. To contact VeraSafe, please use this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +420 228 881 031.
Alternatively, VeraSafe can be contacted at:
|VeraSafe Ireland Ltd
Unit 3D North Point House
VeraSafe Netherlands BV
Keizersgracht 391 A
|VeraSafe Czech Republic s.r.o.
United Kingdom Representative
We have appointed VeraSafe as our representative in the United Kingdom for data protection matters. While you may also contact us, VeraSafe can be contacted on matters related to the processing of Personal Data. To contact VeraSafe, please use this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +44 (20) 4532 2003.
Alternatively, VeraSafe can be contacted at:
VeraSafe United Kingdom Ltd.
37 Albert Embankment
London SE1 7TL
Data Protection Officer
We have appointed VeraSafe as our Data Protection Officer (“DPO”). While you may contact us directly, VeraSafe can also be contacted on matters related to the processing of Personal Data. VeraSafe’s contact details are:
100 M Street S.E., Suite 600
Washington, D.C. 20003 USA