These Data processing terms (Data processing agreement) (hereinafter the “Terms”) determine that Syno group of companies (“Syno”) provides services to use Syno systems and platforms (such as SynoPanel, SynoTool, SynoScore, SynoAnswers, SynoAudience, SynoRewards, SynoLibrary, SynoManager, Surveyo24, SynoIndustry, etc.) to clients, customers, purchasers, other users and parties (“Client”), and Syno acts as the Data Processor on behalf of its Client acting as the Data Controller.
All other users (respondents, panellists, websites users, other users who don`t have agreements and contracts with Syno) of Syno services are describe as data subjects.
These Terms are made up of 2 (two) parts*.
All definitions are and mean the same as in the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter the “General data protection regulation”).
1. The Terms governs the rights and obligations of the Data controller and Data processor in the processing of personal data (including personal data of special categories).
2. In these Terms are described and specified the key provisions with that must be met by the Data controller and Data processor in order to achieve the best possible business relationship and cooperation and to comply with regulation of legal acts.
3. Under the Terms the Data controller undertakes:
3.1 to ensure that all personal data (including personal data of special categories) transferred to the Data processor are collected and processed lawfully by Data controller;
3.2 to ensure that Data controller processes personal data in Syno systems and platforms lawfully, safely, responsibly and honestly;
3.3 to implement the data subject’s rights;
3.4 to cooperate with the Data processor;
3.5 at the request of the Data processor, assist him in the processing of personal data and answer to any questions;
3.6 will not create additional obstacles and interruptions for the Data processor to carry out and implement his functions and obligations;
3.7 to implement the appropriate organizational and technical personal data protection measures.
4. The Data processor undertakes:
4.1 to select the technical and organizational measures for the protection of personal data in accordance with the nature of the data and the level of risk of processing and to ensure continuous operation;
4.2 to ensure that appropriate technical and organizational measures for the protection of personal data are implemented in such a way that the processing of data complies with the requirements of the legislation and ensures the protection of the rights of the data subject;
4.3 not to disclosed, transferred or made available personal data to any unauthorized persons;
4.4 not to use personal data for other purposes than agreed;
4.5 to take measures to prevent accidental or unlawful destruction, alteration, disclosure of personal data, as well as any other unlawful processing;
4.6 to inform the Data controller about breaches of personal data security;
4.7 to use the Data sub-processors specified in the Special Section of the Terms;
4.8 by using the Data sub-processors specified in the Special Section of the Terms, to ensure that all Data sub-processors will perform all obligations of the Data processor;
4.9 to provide for the Data controller all necessary information and assistance needed to implement the data subject’s rights under the data subject’s requests;
4.10 immediately to notify the Data controller if, in the opinion of the Data processor, the Data controller’s order and / or task violates the provisions of the legal acts.
5. The Data controller and the Data processor ensures:
5.1 to comply with General data protection regulation and other international and local legal acts related to protection of personal data and information security;
5.2 to guarantee confidentiality during the validity period of the Terms and cooperation between the Data controller and the Data processor, and after the expiration of the cooperation.
6. The Terms are governed by the law of the Republic of Lithuania.
7. If any provision of the Terms contradict the laws of Republic of Lithuania or due to any reason becomes partially or fully invalid, this shall not make other provisions of the Terms invalid, in such case the Data processor and the Data controller agree to change the invalid provision with the legally effective norm, which, as far as possible, would have the same legal and economic result as the changed norm.
8. Any dispute, controversy, disagreement or claim arising out of or in connection to the Terms as well as issues of the breach, termination or validity / invalidity hereof (the “Dispute”) shall be settled by mutual negotiations. If the Dispute is failed to mutually settle within 30 (thirty) calendar days starting from the receipt of one party`s request by the other party, such Dispute shall be settled in the competent court of the Republic of Lithuania.
9. Annex and 2nd (second) part to the Terms – Special part.
1. Purpose of personal data processing – to use services in the Syno systems and platforms and / or from the Syno systems and platforms (for example, to use polling platform, panel registration platform, perform data analysis, process data, get rewards, etc.).
2. Categories of personal data processed:
2.1 Personal data such as e-mail, telephones No., user name, password, name, surname, postal code, date of birth, country, address, gender, bank account details;
2.2 Special categories of personal data such as political view, religion view, health, etc.
2.3 Non-personal data and meta data such as IP address, the website from which you access our website, http answer code, data and time of access, files names, files type, files sizes, etc.
3. Data subject categories:
3.1 Data controller`s staff;
3.2 Data controller’s clients and their representatives;
3.3 Data subjects (respondents, panellists, websites visitors, etc.);
3.4 Other persons.
4. The country in which personal data and information are stored – the Republic of Lithuania.
5. Sub-processors (of the Data processor):
5.1 Amazon (AWS) https://aws.amazon.com/
5.2 Interneto vizija https://klientams.iv.lt/
5.3 Cint https://www.cint.com/
5.4 Google https://www.google.com/
5.5 Microsoft https://www.microsoft.com/
6. Information about the Data processor`s activities in the field of privacy, applicable security measures, cookies policy, appointed Data protection officers are on:
6.2 Security policy https://www.synointcdn.com/security-policy/
6.3 Cookies policy https://www.synointcdn.com/cookies-policy/
6.4 Data protection officers https://www.synointcdn.com/dpo/
* At the request of the Client, these Terms can be concluded in writing at the same format with the same provisions. Syno takes the position that after the Client’s confirmation** to use Syno services, these Terms shall enter into force and valid until all commitments and obligations will be fulfilled between the Data controller and the Data processor.
** Client`s confirmation to use Syno services means (at least 1 (one) of these ways):