Synerise | Privacy Policy

General information

This Privacy Policy contains general information regarding the use and processing by SYNERISE S.A. (hereinafter called “Synerise”) of the personal data of people visiting the Synerise’s websites or using services provided via the Synerise’s websites ("Users"). We respect the privacy of our Users and provide this Privacy Policy so that Users know how their personal data is processed, including the ability to independently, consciously and freely decide whether to use our website or services.

As part of this Privacy Policy, we decided to describe generally how and to what extent we collect the personal data of Users, for what purposes we use this data, with whom we share it and how we protect it. In the Privacy Policy, the User will also find information about the rights of Users under the applicable provisions on the protection of personal data.

This document is an expression of the Synerise's implementation of its information obligation under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016 - General Data Protection Regulation, hereinafter referred to as "GDPR".

‍

Who is the controller of data?

The controller of User’s data is SYNERISE S.A. with its registered office in Kraków at Zabłocie 43B, 30-701 Kraków, entered into the Register of Entrepreneurs of the National Court Register by the District Court for Kraków-Śródmieście in Kraków, 11th Commercial Division of the National Court Register under the number 0000468034, NIP: 679 309 32 92, Regon: 122880133.

Synerise has appointed the Data Protection Officer - contact details:

Marlena Danek
iod@synerise.com

‍

What type of data is processed?

While using our websites and services we may ask Users to provide us with certain personally identifiable information that can be used to identify or contact them (for example when User request information about our products or services, login to our services, subscribe to newsletter). These data may include, but is not limited to: email address, first name/last name, phone number, company name represented by the User.

We may also collect other data provided to us by Users in connection with their use of our websites or services.

Some data is collected automatically when using our websites and services. These data may include, but is not limited to: unique identifiers, IP address, browser type/version, type of device, device unique ID, operating system, data regarding activity of the User on our websites, such as: pages visited, time of first/last visit, length of session and number of sessions and other diagnostic data.

Providing personal data by Users is voluntary, but it may be necessary for the using of our websites or services.

In some cases, User can use Google account to log into our services. Synerise’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy , including the Limited Use requirements.

‍

For what purposes is data processed?

We process Users’ personal data for the following purposes:

use of our websites and services available through them - the legal basis for the processing of Users' data for this purpose is the necessity to conclude and perform a contract for the provision of a given service, which the User uses (art. 6 (1) (b) of the GDPR) and in some cases – User’s consent to process his/her personal data (art. 6 (1) (a) of the GDPR);
marketing of our products and services - the legal basis for the processing of Users' data for this purpose is our legitimate interest (art. 6 (1) (f) of the GDPR) in direct marketing of our products and services, and in some cases – User’s consent to process his/her personal data (art. 6 (1) (a) of the GDPR);
visiting our social media profiles - the legal basis for processing Users' data for this purpose is our legitimate interest (art. 6 (1) (f) of the GDPR), consisting in building positive relations with Users, as well as the possibility of informing about current activities undertaken by Synerise;
performance of legal obligations (e.g. tax and accounting) - the legal basis for processing Users' data for this purpose is the need to fulfill legal obligations incumbent on Synerise (art. 6 (1) (c) of the GDPR);
processing of requests and inquiries addressed to us, including through the contact form available on our website - the legal basis for processing Users' data for this purpose is our legitimate interest (art. 6 (1) (f) of the GDPR), consisting in the ability to handle received requests and inquiries, to improve the functioning of our services and to build positive relations with Users;
conducting statistical and analytical activities regarding the use of our websites and services available through them - the legal basis for processing Users' data for this purpose is our legitimate interest (art. 6 (1) (f) of the GDPR), consisting of the need to analyze traffic on our websites, the most frequently visited pages of the websites and user behaviour, and to improve the efficiency of services and website functionalities;
conducting internal audits, checks, explanatory proceedings (e.g. in relation to whistleblowing reports addressed to Synerise) – the legal basisfor processing Users' data for this purpose is our legitimate interest (art. 6 (1) (f) of the GDPR)which is to ensure compliance of the Synerise’s operations with the applicable law and the provisions of internal regulations adopted by Synerise;
ensuring the IT security of our websites and services - the legal basis for processing Users' data for this purpose is our legitimate interest (art. 6 (1) (f) of the GDPR), consisting of the need to prevent abuse and other unauthorized activities that could interfere with the safe use of our websites and services;
establishing, asserting and defending against claims, including claims related to the use of our websites and services - the legal basis for processing Users' data for this purpose is our legitimate interest (art. 6 (1) (f) of the GDPR) in providing legal security to our company, including in connection with pre-litigation proceedings, before courts or other public administration bodies.

User’s personal data may be subject to profiling to achieve the purposes for which it was collected. However, this data will not be used by Synerise for automatic decision making.

Below in this document, you will find additional information regarding the processing of personal data of our customers, partners, and their representatives, we cooperate with, as well as persons applying for employment or internship in our company. We have also included detailed information on the processing of personal data of whistleblowers in a separate document.

‍

How is data protected?

Synerise takes appropriate technical and organizational measures to protect personal data against unauthorized or inappropriate access or use, as well as against accidental destruction, loss or violation of integrity. The principle of ensuring security guided us during the design of our IT infrastructure, designing standards and business practice. Our security procedures include, in particular: security of access, backup system, monitoring, review and maintenance, management of security incidents. As part of ensuring the security of personal data processed, we take into account:

As part of ensuring the security of personal data processed, we take into account:

confidentiality - we will protect your data from accidental disclosure to third parties
integrity - we will protect your data against unauthorized modification;
availability - we will provide authorized persons access to your data if necessary.

Your personal data may be processed by third parties only if such entities undertake to provide the appropriate technical and organizational measures to ensure the security of personal data processing and to keep such data confidential. Each employee of Synerise with access to personal data has the appropriate authorization and is obliged to maintain confidentiality.

‍

For how long data is processed?

Synerise makes every effort to ensure that all personal data is stored for the time necessary to achieve the purposes for which the data was collected.

In particular, Users' personal data processed in connection with the use of the services provided via the Synerise’s websites will be kept for the period of their provision, and thereafter for the period and to the extent required by law (e.g. for tax purposes) or until the statute of limitations for claims.

In the case of processing carried out on the basis of the legitimate interest of Synerise or the consent expressed by the User, Synerise will cease its continuation in the event of the User's effective objection or withdrawal of the User's consent to processing.

‍

Who is the recipient of data?

The recipients of Users’ personal data are entities providing specific services for Synerise, when their performance requires data processing, e.g.: providers of IT tools, IT infrastructure, legal, auditing or accounting services.

In some cases, Users’ personal data may also be shared with public authorities. This will only be done in cases when we are required to do so by applicable law.

Users’ personal data, to the necessary extent, may be transferred outside the European Economic Area when Synerise uses the services (e.g., IT solutions) provided by data processors in the third countries. In case the transfer of data will be carried out to a third country that is not covered by a decision of the European Commission to ensure an adequate level of data protection, the transfer will take place with an adequate level of data protection, in particular through the so-called standard contractual clauses issued by the European Commission. For more information on the safeguards adopted, please contact the Data Protection Officer at Synerise (iod@synerise.com).

‍

What are the rights of Users?

Synerise acts in accordance with User rights related to the processing of their personal data. These rights result from applicable law in the field of personal data, in particular the GDPR (Articles 15-21).

In connection with the processing of personal data, Users have the following rights:

Right of access to the data:

You have the right to obtain from the controller confirmation as to whether or not your personal data are being processed, and, where that is the case, access to the personal data and to the information related to such processing;

Right to rectification of data:

If you believe that your personal data is inaccurate or incomplete, you can request that appropriate changes be made to your personal data;

Right to to erasure (‘right to be forgotten’):

You have the right to obtain from the controller the erasure of your personal data and the controller shall have the obligation to erase personal data without undue delay where certain grounds applies;

Right to restriction of processing of data:

You can request limits to the processing of your personal data in cases specified by law;

Right to data portability:

If it is lawful, you can request that personal data provided to us be returned to you or transferred to another controller indicated by you;

Right to object to the processing of data:

You can object to the processing of your personal data for reasons related to your particular situation. You have the right to object to the processing of your personal data for direct marketing purposes, including profiling related to direct marketing.

Right to withdraw consent:

If you have consented to the processing of your personal data, you can withdraw that consent at any time, and the withdrawal of the consent will not affect the lawfulness of the processing based on consent before its withdrawal;

The right to file a complaint:

We want to provide you with the most complete protection of your personal data in accordance with all applicable law. If you still decide that we are processing your personal data unlawfully, you have the right to lodge a complaint with the relevant supervisory authority, which in Poland is the President of the Office for Personal Data Protection (ul. Stawki 2, 00-193 Warsaw).

‍