Passwords policy

When collecting data, it is important that the tool of collection, the survey, is of a high standard. This section covers how Syno work with ensuring a high-quality data collection.

• All passwords are classified as confidential information;
• Passwords must not be transferred or shared with others unless authorized to do so;
• Passwords must be changed if they have been used, obtained or suspected to be obtained by anyone other than the account owner;
• Individual user passwords must not be written down, inserted into e-mail messages or other forms of electronic communications or stored in a file or computer system unless adequately secured;
• Passwords must have at least 8 (eight) characters;
• Passwords must use at least 3 (three) of the 4 (four) available character types: lowercase letters, uppercase letters, numbers, and symbols.
• These requirements are applicable to all passwords of Syno employees.
• When we ask you to set up a password to access parts of our sites, Syno systems and platforms, you must also comply with these requirements for passwords. But the biggest responsibility is for you. You are responsible for choosing a secure password. Syno recommends keeping your password confidential and you should choose a password that you do not use on any other site. You should not share your password with anyone else, including anyone who works for us. Unfortunately, sending information via the internet is not completely secure. Although we will do our best to protect your personal data once with us.
• If you suspect that passwords have been compromised, please inform about this immediately by e-mail info@synoint.com and / or data.protection@synoint.com.

Network-security

Syno ensures that network, systems, databases, applications, network components and other computing devices are protected from malicious activity and unauthorised access.

Syno has implemented the appropriate controls such as anti-virus, firewalls, login control and some intrusion prevention systems.

Anti-virus software and firewalls on all computer devices, servers and networks are updated in accordance with the software providers’ recommendations and our network provider ensures that access to sensitive data is limited to properly authorised requests.

Servers and backups

All Syno data and information are stored on encrypted and licensed servers.

We use third-party servers from Amazon (AWS).

For data recovery we use automatic database snapshots provided by Amazon.

Amazon (AWS) represents, warrants and covenants that according to Amazon (AWS) policies, security is the their highest priority and they comply with all applicable international laws and rules for personal and non-personal data protection and information security. You may also visit https://aws.amazon.com/ and https://aws.amazon.com/compliance/data-privacy-faq/ for details on Amazon (AWS) services and compliance with data privacy.

For some other data processing (storage) cases, Syno uses UAB Rakrejus server services. You may also visit https://www.rackray.com and https://www.rackray.com/lt/privatumo-politika for details on UAB Rakrejus services and compliance with data privacy.

Physical security

All the premises of the Syno provide the highest level of security.

The following security features are available on all premises of the Syno:

• Premises are locked;
• All premises are equipped with fire extinguishers, smoke and heat detectors;
• All premises are equipped with air conditioning system;
• Monitoring (CCTV), alarm and door access control (ID cards) systems are installed;
• All important documents (in papers) are stored in safes or in lockable cabinets;
• All electronic information is stored in Clouds;
• Also, Syno premises are insured.

E-mail security

Syno treats that all e-mails received and sent must be kept confidential and can only be accessed by the people indicated in the e-mails.

The e-mails services used by Syno meet the data security requirements of the business.

Syno connects to the electronic mailboxes with a secure and recognized SSL / TLS protocol that ensures reliable information encryption. Also, electronic mailboxes are protected against spam.

All outgoing and incoming e-mails are encrypted, so there is a very small probability that it could be taken over by third parties.

So, you can safely send e-mails to us and open e-mails where the sender is Syno.

Reliability of employees

Before recruiting, Syno investigates that candidates were not punished and/or suspected of any breach in the past for offenses of data protection, information security, confidential information and/or commercial secrets.

Syno strives that all employees of the Syno would be of impeccable reputations.

Also, all employees performing their tasks and working with software and/or personal data are educated about information security, proper use of software, and keeping the highest standards to protect personal data. Based on internal Syno rules and applicable legal requirements Syno employees are provided by special training on personal data protection and information security.

All employees’ actions with personal data in Syno systems and platforms are reviewed from time to time using the “log files”. Also, employees’ access to personal and non-personal data is provided through a special system that is called “System access management”.

Branding of security breaches

Syno is responsible for confidentiality and security from the moment the personal data is received. Despite best efforts, we cannot always guarantee absolute security because many aspects also depend on you.

In case a threat has been determined or justifiable suspicions arise for your personal data, Syno informs you about such an event.

Syno reserves the right to inform and notify law enforcement authorities about any security breaches.

However, you should note that Syno, to date have never had any security breach.

Business continuity and recovery plan

Despite all the efforts that organizations and companies devote to identifying and addressing external and internal problems related to security, protection of personal data, and business continuity, they are constantly faced with unexpected, emerging threats and incidents. The smallest threat / incident can pose a risk to the organization’s and company’s operations, threaten its reputation, ruin management structures, cause significant financial difficulties, or even compromise the company’s survival.

In view of this, Syno is in the final phases of preparation of a Business continuity and recovery plan.

Syno activities may be suspended, terminated, but only temporarily. Following the estimated Business continuity and recovery plan, Syno shall be able to ensure quick return and continuance of its operational activities. to. The main purpose of the Business continuity and recovery plan shall be to ensure uninterrupted activity of Syno and identify actions and responsibilities in order to protect against threats and if threats occur, how to eliminate the consequences of threats.

Chief information security officer (CISO)

In adherence to the best practises on information security, Syno has assigned the following Chief information security officer (CISO):

• Chief technology officer (CTO) Albertas Jurgelevičius (on IT side).

If you would like to contact Syno CISO, you have questions related to the information security or other matters related to information security, please contact by e-mail data.protection@synoint.com and in part “Subject” indicate “CISO”.

Compliance with ISO

Information security includes three main aspects:

• Confidentiality of information – protection of information against unauthorized disclosure;
• Integrity of the information – protection of information from unauthorized or accidental change;
• Availability of information – ensuring that information is available whenever it is needed.

In order to ensure the confidentiality, integrity and availability of information processed by the Syno, Syno is in the process of creating an information security management system.

Syno Management System conforms to the requirements of ISO 27001 standards in the scope of market research, opinion polls and data solution. Check the certificate here.

Measures of pseudonymisation and encryption of personal data

Measures of pseudonymisation and encryption of personal data

IP hashing is used for the purpose of pseudonymisation. Data at rest is encrypted using AES256 bit encryption. Data in transit is protected by Transport Layer Security (”TLS”).

Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services

Access to data necessary for the performance of the particular task is ensured within the systems and applications by a corresponding user role and authorisation concept.

Processes for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures in order to ensure the security of the processing

System security is audited yearly by an external company.

Measures for ensuring system configuration, including default configuration

System configuration is applied and maintained by software tools that ensure the system configurations do not deviate from the specifications.

Measures for internal IT and IT security governance and management

Employees are instructed to collect, process and use Personal Data only within the framework and for the purposes of their duties (e.g. service provision). At a technical level, multi-client capability includes separation of functions as well as appropriate separation of testing and production systems. The Controller’s Personal Data is stored in a way that logically separates it from other customer data.

Measures for ensuring data minimisation

If Personal Data is no longer required for the purposes for which it was processed, it is deleted promptly.

Measures for ensuring data quality

Data that we possess is provided either by the Controller or by data subjects. Collected data is being reviewed and evaluated by responsible departments of the the Processor. The Processor may provide reporting tools within its product to help the Controller or the data subject understand and validate the data that is stored.

Measures for ensuring limited data retention

The Processor uses a data classification scheme for all data that it stores and our retention policy specifies how each type of data is retained. When a record with Personal Data is deleted then it will be permanently evicted from the Processor’s active databases. The data is retained in the Processor’s backups until they are rotated out by more recent backups per the data retention policy.

Measures for ensuring accountability

All employees that handle sensitive data must acknowledge the information security policies. A disciplinary policy is in place for employees that do not adhere to information security policies.

Applicable law and changes

Syno is committed to protecting the privacy and security of all Personal Data collected or received by Syno. Syno strives to conform its privacy practices to applicable international, national and/or local laws and regulations.This Privacy policy is governed by the laws of the Republic of Lithuania.

The main and always updated version of this Security policy is posted in English on www.synoint.com/legal-and-quality

This Security policy might be used by the following sites: www.synoint.com, www.synorewards.com, www.surveyo24.com, https://app.synopanel.com/