Synergi understands that being open and transparent about how we manage, use and process your data is of the utmost importance. We are committed to protecting your personal data.
How do we ensure your data is protected and what are your rights?
Privacy Notice – whether you’re a client, supplier or business partner this notice explains how and why we collect and use individuals’ data. It also outlines your rights on how to obtain, review or withdraw your data. We may change this Privacy Notice from time to time. Any such changes will be posted here and any material changes will be made prominent. We encourage you to review this page from time to time.
- This Privacy Notice is applicable to the processing of all personal data of Business Contacts of Synergi. ‘Business Contact’ or ‘you’ means each individual whose personal data is processed by Synergi in the scope of delivering services to clients, recipients of commercial messages or Synergi, receiving services from suppliers and providing services together with business partners. This includes people working at Synergi as consultants or employees of third parties providing services to Synergi. Employees of Synergi, including job applicants or former employees of Synergi, including temporary workers working under the direct supervision of Synergi (e.g. independent contractors and trainees) are referred to the Synergi Employee Privacy Notice. Synergi is the controller of your personal data as described in this Privacy Notice. The contact details of Synergi can be found on the Synergi website.
2.0 Purposes for which Synergi processes your personal data
- Synergi processes your personal data for the purposes as set out below. If Synergi processes personal data for other purposes than as listed in this Privacy Notice, you will be informed thereof separately where required and consent will be sought if applicable local law so requires.
- Assessment and acceptance of a client, conclusion and execution of agreements with clients, suppliers and business partners. This purpose includes processing of personal data that is necessary in connection with the assessment and acceptance of clients, suppliers and business partners, including confirming and verifying the identity of relevant Business Contacts (this may involve the use of a credit reference agency or other third parties), conducting due diligence and screening against publicly available government and/or law enforcement agency sanctions lists (e.g. for compliance requirements). This purpose also includes the processing of personal data necessary to conclude and execute agreements with clients, suppliers and business partners, including required screening activities (e.g. for access to Synergi’ premises or systems), delivery of customer services, and to record and financially settle delivered services to and from Synergi.
- Development and improvement of Synergi’s services. This purpose addresses the processing of personal data that is necessary for the development and improvement of Synergi services and for research and development. This includes processing of Business Contact personal data for surveys and reviews.
- Relationship management and marketing. This purpose includes processing of personal data that is necessary for activities such as maintaining and promoting contact with clients, suppliers and business partners via marketing communications, account management, customer services, execution and analysis of market surveys and marketing strategies.
- Business process execution, internal management and management reporting. This purpose includes processing of personal data that is necessary for the management of company assets, conducting audits and investigations, finance and accounting, implementing business controls, providing central processing facilities for efficiency purposes and managing mergers, acquisitions and divestitures. This purpose also includes processing personal data for management reporting and analysis, archiving and insurance, legal or business consulting and preventing, preparing for or engaging in dispute resolution.
- Health, safety, security and integrity purposes. This purpose includes the processing of personal data that is necessary for the protection of the rights, interests and assets of Synergi and its employees, clients, suppliers and business partners and activities such as those involving health and safety. It also includes the authentication of client, supplier or business partner status and access rights.
- Compliance with the law. This purpose includes the processing of personal data that is necessary for the performance of a task carried out to comply with a legal obligation to which Synergi is subject, including the disclosure of personal data to government institutions or supervisory authorities in relation thereto.
- Protection of the vital interests of Business Contacts. This purpose includes the processing of personal data that is necessary to protect the vital interests of you as our Business Contact.
3.0 Categories of personal data
- The below overview contains the categories of personal data processed by Synergi for the purposes described in this Privacy Notice. If Synergi processes other categories of personal data than as listed in this Privacy Notice, you will be informed separately thereof where required and consent will be sought if applicable local law so requires.
- Your personal details: including work e-mail address, work telephone number and work address; private email address, private telephone number, home address; job function or position; job history; picture or video.
- Your company and communication details: correspondence between you and Synergi; information to check your identity; your relationship with Synergi; your behaviour towards Synergi, its employees or clients, suppliers and business partners; credibility of your business; online available information (information on the processing of personal data that is collected via cookies or similar technologies, can be found in the cookie statements on the Synergi website).
- In the course of your business relationship with Synergi, Synergi may need to collect certain data viewed as ‘sensitive’ because they reveal intimate characteristics, such as religion, ethnicity, criminal acts or health. Such sensitive data shall only be used within the strict limits set out by applicable local law. Such sensitive data processing activities conducted by Synergi may, in accordance with applicable local requirements, include the following:
- Your image may be processed by Synergi in as far as necessary for identification or future reference purposes, for site access and security reasons and for the identification and authentication of clients, suppliers or business partners.
- Data relating to criminal behaviour, criminal records or proceedings regarding criminal or unlawful behaviour may be processed by Synergi in as far as necessary for assessment and acceptance of clients, suppliers or business partners, for the protection of the rights, interests and assets of Synergi, its employees and clients, suppliers and business partners and to comply with applicable legal obligations.
- Physical or mental health data may be processed by Synergi in as far as necessary for the assessment and acceptance of a client, supplier or business partner, the execution of an agreement with a client, supplier and business partner, compliance with Synergi’s duty of care towards clients, suppliers and business partners and for the protection of your vital interests.
- Personal data on religion or beliefs may be processed by Synergi in as far as necessary to accommodate specific services for a client, including dietary requirements or religious holidays.
- Synergi will usually obtain personal data from you directly or via the relevant client, supplier or business partner. Your personal data may also be obtained by Synergi via public sources, including sanction lists, trade registers and online social media like LinkedIn.
4.0 For what period does Synergi retain your personal data?
- In general, Synergi will retain your personal data for the duration of your business relationship with Synergi (e.g. during the time Synergi services are delivered to your employer and you are our Business Contact or during the time that Synergi sends you commercial messages you are interested in, such as newsletters) and with a maximum of 24 months thereafter.
- Synergi deviates from these retention periods if your personal data is relevant for legal obligations. In such cases, Synergi will retain your personal data for the period as required by that legal obligation (e.g. for the time Synergi needs to keep a record of its financial transactions based on tax legislation or for the time Synergi needs to keep record of its activities in scope of screening against publicly available sanction lists).
- Synergi will also deviate from these retention periods if Synergi has a pressing interest to keep your personal data longer (e.g. in case of ongoing or expected litigation).
5.0 Personal data access and transfer
- Access to your personal data is only authorised to the extent such access is necessary to serve the intended purpose and for the respective staff to perform their job. Those that are authorised to access your personal data may include the Synergi point of contact, and Synergi personnel such as within Finance, Reporting, Internal Audit, IT, Marketing and Legal.
- From time to time, Synergi may need to make personal data available to unaffiliated third parties, such as service providers (companies that provide products and services to Synergi such as payment providers, IT systems suppliers), professional advisors (such as accountants, auditors, or lawyers), public and governmental authorities (entities that regulate or have jurisdiction over Synergi such as regulatory authorities, law enforcement, public bodies and judicial bodies), or in the context of corporate transactions (in connection with any proposed or actual reorganisation, merger or sale). Synergi will put in place agreements with third-party service providers and professional advisors to protect your data protection interests.
- In case the recipient of the personal data is based outside the EEA in a country that is not considered to have a level of data protection adequate to the EU, Synergi will ensure that this transfer is based on appropriate safeguards including EU Model Clauses or Binding Corporate Rules. Information on such safeguards can be obtained via the Synergi Privacy Officers at email@example.com.
- Synergi will take appropriate technical, physical and organisational measures to protect personal data from misuse or accidental, unlawful, or unauthorised destruction, loss, alteration, disclosure acquisition or access, that are consistent with applicable privacy and data security laws and regulations. This will include requiring service providers to use appropriate measures to protect the confidentiality and security of personal data.
7.0 Access and correction requests, questions and complaints
- You have the right to request an overview of your personal data processed by or on behalf of Synergi. If the personal data is incorrect, incomplete, or not processed in compliance with applicable law, you have the right to have this personal data rectified, deleted or restricted (all as appropriate). You also have the right to object to the processing of your personal data (as appropriate). You can exercise your right by contacting the Synergi Privacy Officers at firstname.lastname@example.org. If you currently receive marketing emails from us, you can manage your subscription by clicking on the “Manage Communication Preferences” links contained within our emails. Alternatively, please contact email@example.com with your request.
- For data protection or privacy-related complaints, you also have the right to file a complaint with the applicable supervisory authority.
- If the processing of your personal data was based on consent, you have the right to withdraw such consent at any time. Such withdrawal will not affect the lawfulness of the processing based on consent before the withdrawal.
- If you are based in the EU, you also have the right to data portability, meaning that a copy of your personal data provided by you to Synergi will, at your request, be transferred to you in a common machine-readable format or transmitted to a third party without hindrance.