The protection and security of your personal data, sensitive (special categories) personal data and non-personal data are important to Syno. Therefore, Syno is committed to respecting and protecting the privacy of each person (i.e. data subject).
Data subjects trust us with their personal information, and we are responsible for ensuring that we justify that trust.
Below is information about how Syno works in the area of privacy, how it complies with the General Data Protection Regulation (GDPR) or the California Consumer Protection Act (CCPA) and other applicable international and local legal acts, and what essential information data subjects must know when using Syno platforms, solutions, systems, services and websites.
Definitions No. 1
● UAB Syno International, a private limited civil liability company, incorporated and operating pursuant to the legal acts of the Republic of Lithuania, under legal entity code 302748928;
● Syno Poland sp. z o. o. (Syno Poland), a company incorporated and operating pursuant to the legal acts of Poland, under registration code 0000667223;
● Syno International (UK) Limited (Syno UK), a company incorporated and operating pursuant to the legal acts of the United Kingdom, under registration code 11839775;
● Syno Japan Inc. (Syno Japan), a company incorporated and operating pursuant to the legal acts of Japan, under registration code 0110-01-109142;
● Asia Syno International PTE. LTD. (Syno Asia), a company incorporated and operating pursuant to the legal acts of Singapore, under registration code 201717773E;
● Syno International Inc. (Syno Korea), a company incorporated and operating pursuant to the legal acts of South Korea, under registration code 110111-6387941;
● Syno International Vietnam LLC. (Syno Vietnam), a company incorporated and operating pursuant to the legal acts of Vietnam, under registration code 0108379873;
● Syno International Danışmanlık Hizmetleri Limited Şirketi (Syno Turkey), a company incorporated and operating pursuant to the legal acts of Turkey, under registration code 0788092246100001;
● UAB Syno Mexico (Syno Mexico), a company incorporated and operating pursuant to the legal acts of Mexico, under code USI200206S97.
“Syno systems and platforms” means all the Syno systems and platforms and services which are provided by Syno, such as Syno Manager, Syno Tool, Syno Library, Syno Rewards, Surveyo24, etc. to natural or legal persons, i.e. clients, users, respondents, panellists, website visitors, other parties, third-parties and etc.
“Services” means services of Syno systems and platforms which are provided by Syno to natural or legal persons, i.e. clients, users, respondents, panellists, website visitors, other parties, third-parties, etc.
“Day” means any business day, which is not Saturday or Sunday or national holiday.
Definitions No. 2
“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Special categories of personal data” means sensitive personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
“Non-personal data” means any information and data which is not personal data, and from which it is not possible to identify a data subject.
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Data subject” means an individual person whose personal data and special categories of personal data was processed / is processed / will be processed by a data controller and / or data processor.
“Data controller” means:
● Syno or any of company which belongs to Syno indicated in Section “Definitions No. 1” in definition “Syno”;
● natural or legal person, which orders services of Syno systems and platforms, and which, alone or jointly with others, determines the purposes and means of the processing of personal data, and who receives and processes personal data in Syno systems and platforms in individual cases when Syno helps / doesn`t help to process personal data.
“Data processor” means:
● a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller (Syno). Currently Syno uses below indicated data processors which help to process personal data:
Amazon (AWS) https://aws.amazon.com/ (server provider)
Interneto vizija https://klientams.iv.lt/ (server provider)
UAB “Rakrejus” https://www.rackray.com/ (server provider)
Cint https://www.cint.com/ (service provider)
Pollfish https://www.pollfish.com (service provider)
InnovateMR https://www.innovatemr.com/(service provider)
Inbrain https://www.inbrain.ai/ (service provider)
Google https://www.google.com/ (service provider)
Huuray https://huuray.com/ (service provider)
Tango cards https://www.tangocard.com/(service provider)
Microsoft https://www.microsoft.com/ (service provider)
NeoCurrency https://neocurrency.com/ (service provider)
Zendesk https://www.zendesk.com/ (service provider)
● Syno or any of the company which belongs to Syno indicated in Section “Definitions No. 1” in definition “Syno” which processes personal data on behalf of the data controller, when the data controller orders services of Syno systems and platforms. Syno may use sub-processors, including affiliates of Syno as well as third party companies (included but not limited to the ones indicated above as Syno data processors), to provide, secure or improve the Services, and such sub-processors may have access to personal data.
“Consent of the Data subject” means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
“Personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
“General data protection regulation” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR).
“California Consumer Privacy Act” is a state statute intended to enhance privacy rights and consumer protection for residents of California, United States. In June 2018, the CCPA was signed into law, creating new privacy rights for Californians and significant new data protection obligations for businesses. The CCPA went into effect Jan. 1, 2020. California’s Office of the Attorney General has enforcement authority. (CCPA)
Information we collect
Use of information
Syno collects, stores and processes personal data, sensitive (special categories) personal data and non-personal data for these purposes:
– market research purposes (including market and public opinion research; customers and consumer’s insights; loyalty and rewards programs; provision of statistical information; provision of data collection, processing and reporting solutions; addition of the data received from third party about data subject to it’s profile information);
– submitting the best deals and get acquainted with Syno services;
– proper administration and management of agreements, orders, projects, other documents, services, etc.;
– implementation of the requirements and provisions of the legislation;
– quality control purposes of performed services by Syno.
Period of storage of information
Syno stores your personal data, sensitive (special categories) personal data and non-personal data for no longer than it is required by the data processing goals or is stated in legal regulations if there is a longer data duration provisioned. We aim not to store outdated or irrelevant information and ensure that personal data and other information would be updated consistently and correctly.
The term of data storage may be from 1 (one) to 10 (ten) years, unless the law specifies and / or is agreed otherwise.
● Syno stores personal data about data subjects, who apply to open positions up to 1 (one) year, unless agreed otherwise;
● Syno stores personal data about Syno employees up to 10 (ten) years, unless agreed otherwise;
● When a data subject creates an account/profile to use services of Syno systems and platforms, and is active – Syno stores data subjects data at least 3 (three) years from last activity. If the data subject has not been active for the entire duration of the 3 years period Syno deletes the stored data about the data subject. In case the data subject submits the request to delete stored data about him – Syno obliges to delete it within 30 days after receiving the request.
Syno periodically reviews all stored data and makes sure that inaccurate or out-of-date data is not processed.
Using children`s personal data
Syno websites, services of Syno systems and platform and other services, are not intended for minors.
Syno complies with General data protection regulation and also with Law on the legal protection of personal data of the Republic of Lithuania where indicated that persons under the age of 14 (fourteen) are considered to be minors.
In view of this, Syno takes the position that minors should not visit Syno websites and use Syno Services.
Syno confirms that it does not collect information and data from / about data subjects who are minors. If there are any cases when children want to visit in Syno websites and use Syno services or other Syno activities, they have to submit consents and permissions from their parents and implement other requirements specified in the General data protection regulation and on the Law of the legal protection of personal data of the Republic of Lithuania.
If we learn that a child under age 14 (fourteen) has improperly provided us with information, we will notify the child’s parent or legal guardian and thereafter delete the child’s personal information from our records.
Legal grounds for using your personal data
Syno shall use your personal data only where we have a legal ground to do so. We determine the legal grounds based on the purposes for which we have collected and used your personal data. In every case, the legal ground will be one of the following:
● Consent by data subject: for example, where you have provided your consent to create an account to use services of Syno systems and platforms and create your profile. You can withdraw your consent at any time.
● Our legitimate interests: where it is necessary for us to understand the quality of our services, etc. For example:
○ we will rely on our legitimate interest when analyzing what services the data subject uses;
○ It is in our legitimate interest to determine what services may be relevant to the interests of our clients, customers;
○ as well we may record the voice and/or location of the data subject during face to face interviews for interviewer quality control purposes of performed Syno services;
○ Syno analyses what content has been viewed on our sites, so that we can understand how they are used, etc.
● Performance of a contract / agreement with you (or in order to take steps prior to entering into a contract with you): for example, Syno offers services and you are going to pay fees for services. For this we need to use your contact details, etc.
● Implementing other contracts and agreements under which personal data are processed.
● Compliance with law: in some cases, we may have a legal obligation to use or keep your personal data.
Principles of data processing
Syno ensures that personal data, sensitive (special categories) personal data and non-personal data shall be:
● processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
● collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (‘purpose limitation’);
● adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
● accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
● kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (‘storage limitation’);
● processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (‘integrity and confidentiality’).
IP hashing is used for the purpose of pseudonymisation. Data at rest is encrypted using AES256 bit encryption. Data in transit is protected by Transport Layer Security (”TLS”).
Access to data necessary for the performance of the particular task is ensured within the systems and applications by a corresponding user role and authorization concept.
Implementation procedure of data subject rights
Syno ensures that according to the General data protection regulation would be implemented all rights of data subjects:
– Right to be informed;
– Right to access;
– Right to rectification;
– Right to erasure (Right to be forgotten);
– Right to restriction of processing;
– Notification obligation;
– Right to data portability;
– Right to object;
– Right not to be discriminated against for exercising the rights available to you under applicable data protection laws.
If you would like to implement any of these rights, or if you think that we process incorrect personal data about you, or you have any other questions regarding your rights, please contact by e-mail email@example.com.
We will deal with your request within 30 days. If your request is complicated or if you have a large number of requests, it may take us longer. We will let you know if we need longer than 30 days to respond. If you ask us to delete your personal data or restrict how it is used, there may be exceptions to the right to erasure for specific legal reasons which, if applicable, we will set out for you in response to your request. We also have to inform, that we need specific information from you to help us confirm your identity, so please fill in all required information about you and submit your request as clearly and understandable as possible.
If you are unable to resolve the issues with Syno and if Syno engagement or a lack there of worries you that this privacy report or legal regulations requirements are not being adhered to, you have the right to contact State data protection inspectorate of the Republic of Lithuania (supervisory authority) or other institutions which are responsible for the supervision and control of legal acts which regulate personal data protection and implementation of data subjects rights.
Security of your personal data
Syno has implemented appropriate technical and organizational controls to protect your personal data against unauthorized processing and against accidental loss, damage or destruction.
But we must inform, that you are responsible for choosing a secure password when we ask you to set up a password to access parts of our sites, Syno systems and platforms. You should keep this password confidential and you should choose a password that you do not use on any other site. You should not share your password with anyone else, including anyone who works for us. Unfortunately, sending information via the internet is not completely secure. Although we will do our best to protect your personal data once with us.
If you suspect that passwords have been compromised, please inform about this immediately by e-mail firstname.lastname@example.org and / or email@example.com.
We also ask you to read more about the Syno security in Security policy on https://www.synointcdn.com/security-policy/.
International data transfers
● We will only transfer your personal data to countries that have been found to provide an adequate level of protection for personal data;
● We may also use specific approved contracts with our service providers, servers’ providers, data processors, data sub-processors, that are based in countries outside the EEA using European Commission’s Standard Contractual Clauses. These contracts give your personal data the same protection it has in the EEA;
● We have informed the supervisory authorities about these transfers if applicable;
● We have received all necessary permissions and consents for transferring of personal data.
Syno informs you that for proper provision of services, your personal data may be accessed by the Syno companies having respective data processing agreements in place between the companies.
In most cases, Syno only provides non-personal data to other countries.
Who we share your personal data with
Depending on where you live, we may share your personal data but just in exceptional cases. We do not share your personal data with other people or organizations that are not directly linked to us, but Syno may disclose personal data, profiling data, or other data to third parties as follows:
● We may disclose your personal data to any law enforcement agency, court, regulator, government authority or other organization if we are required to do so to meet a legal or regulatory obligation, or otherwise to protect our rights or the rights of anyone else;
● with agents, consultants, contractors or partners of Syno in connection with services that these individuals or entities perform for, or with, Syno. These agents, contractors or partners are restricted from using this information in any way other than to provide services for Syno;
● We may share your personal data in other specific cases, when we have the right to provide this data, and the other party has the right to receive this data;
● when we believe that disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with suspected or actual illegal activity;
● We will not share your personal data with anyone else in other cases unless we have your permission / consent to do this.
CCPA Privacy notice
Concepts and meanings of your consents
In Syno systems and platforms and services, you can see the consents and permissions which we ask you to mark.
In below we provide a broader and more detailed explanation of these consents and permissions:
“I agree to participate in surveys and other market research activities” means that you freely and indecently agree to provide your opinion, personal data, answers to various questions which we ask in surveys and questionnaires, and you can get a reward for it.
“I agree to get newsletters and notifications” means you agree to get information from us on behalf of the panel owner about services, panel related offers, suggestions, news and changes.
“I agree to share my profile information with third-parties for market research purposes” means you agree to get more surveys from our partners, from other parties, and also it means that you might get more rewards for this. When profile data can be shared, then the surveys should be more relevant to you.
“I agree that third-party data is added to my profile for market research purposes” means you agree that information related to your personal data received from third-party would be added to your profile information.
“I agree to the collection and or sharing of my advertising identifiers or other identifiers” means you agree to help us analyze your information better, more detailed, clearly understand your answers and provide better services.
“I agree to share my sensitive data for market research purposes” means you agree that in surveys there could be questions about your special categories of personal data. In this case, surveys would be more adapted for you and more informative for us. It is likely that you will receive more surveys that are relevant to you.
Most of your consents can easily be revoked at any time by writing an email to firstname.lastname@example.org (if it is related to the processing of your personal data) or email@example.com (if it is related to other topics), or you can easily revoke most of your consents in Syno systems and platforms by yourself.
Data protection officers (DPO)
In adherence to the General Data protection regulation, Syno has assigned the following Data protection officers:
● General counsel Jurgita Sakalauskiene (on legal side)
● Senior IT Systems Developer Mindaugas Liubinas (on IT side).
You can read more about our Data protection officers on www.synoint.com/dpo.
If you would like to contact Syno Data protection officers, you have questions related to the processing of your personal data, the protection of personal data, or other matters related to personal data, please contact us by e-mail firstname.lastname@example.org.
● General data protection regulation (current version): https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=LT
● Law on the legal protection of personal data of the Republic of Lithuania (current version): https://www.e-tar.lt/portal/lt/legalAct/TAR.5368B592234C/VCRurdZydD
● International data transfers using model contracts: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en
● About General data protection regulation: https://eugdpr.org/
● Amazon (AWS) Privacy notice: https://aws.amazon.com/privacy/
● Cint Privacy notice: https://www.cint.com/participant-privacy-notice
Applicable law and changes
Effective date: 2018/05/18
Last revised version: 2022/09/01