Effective date: November 28, 2017 Last updated: November 26, 2018

Privacy policy

Introduction

The protection and security of your personal data, sensitive (special categories) personal data and non-
personal data are important to SynoInt. Therefore, SynoInt is committed to respecting and protecting the privacy of each data subject.

Data subjects trust us with their personal information and we are responsible for ensuring that we work every day to justify that trust.

Below is information how SynoInt works in the area of privacy, how complies with the General data protection regulation and other applicable international and local legal acts, what essential information data subjects must know using SynoInt platforms, solutions, systems, services and websites.

Definitions No. 1

SynoInt group of companies” / “SynoInt” means and consists of:

  • UAB Syno International, a private limited civil liability company, incorporated and operating pursuant to the legal acts of the Republic of Lithuania, under legal entity code 302748928;
  • Syno Poland sp. z o. o. (Syno Poland), a company incorporated and operating pursuant to the legal acts of Poland, under registration code 0000667223;
  • Syno Japan Inc. (Syno Japan), a company incorporated and operating pursuant to the legal acts of Japan, under registration code 0110-01-109142;
  • Asia Syno International PTE. LTD. (Syno Asia), a company incorporated and operating pursuant to the legal acts of Singapore, under registration code 201717773E;
  • Syno International Inc. (Syno Korea), a company incorporated and operating pursuant to the legal acts of South Korea, under registration code 110111-6387941;
  • Syno International Vietnam LLC. (Syno Vietnam), a company incorporated and operating pursuant to the legal acts of Vietnam, under registration code 0108379873.

“SynoInt systems and platforms” means all the SynoInt systems and platforms and services which are provided by the SynoInt, such as SynoPanel, SynoTool, SynoScore, SynoAnswers, SynoAudience, SynoRewards, SynoLibrary, SynoManager, Surveyo24, SynoIndustry, etc. to data subjects such as clients, customers, purchasers, users, respondents, panellists, websites visitors, other parties and third-parties.

“Services” means services of SynoInt systems and platforms which are provided by the SynoInt to data subjects.

“Day” means any business day, which is not Saturday or Sunday or national holiday.

Definitions No. 2

“Personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Special categories of personal data” means sensitive personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

“Non-personal data” means any information and data which not personal data is, and from which can not identify data subject.

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Data subject” means individual person whose personal data and special categories of personal data was processed / is processed / will be processed by data controller and / or data processor.

“Data controller” means:

  • SynoInt or any of company which belongs to SynoInt indicated in Section “Definitions No. 1” in definition “SynoInt”;
  • data subject, which orders Services of SynoInt systems and platforms, and who receives and processes personal data in SynoInt systems and platforms in individual cases when SynoInt helps / doesn`t help to process personal data.

“Data processor” means:

  • a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Data controller (SynoInt). Currently SynoInt uses that data processors which help to process personal data:

               Amazon (AWS) https://aws.amazon.com/ (server provider)

               Interneto vizija https://klientams.iv.lt/  (server provider)

               Cint https://www.cint.com/ (service provider)

               Google https://www.google.com/ (service provider)

               Microsoft https://www.microsoft.com/ (service provider)

  • SynoInt or any of company which belongs to SynoInt indicated in Section “Definitions No. 1” in definition “SynoInt” which helps for data subjects to use Services of SynoInt systems and platforms, when data subject orders Services of SynoInt systems and platforms.

“Consent of the data subject” means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

“Personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

“General data protection regulation” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”).

Information we collect

  • When data subject visits in SynoInt websites, SynoInt collects and stores information about data subject, data subject`s computer and / or device. More about this you can read in Cookies policy on https://www.synoint.com/cookies-policy/. Basically, SynoInt collects: IP address, the website from which you access our website, http answer code, data and time of access, etc.
  • Personal data about SynoInt employees: e-mail, telephones No., name, surname, postal code, date of birth, country, address, gender, bank account details, wage, CV (curriculum vitae), photos, payments details, education data, holidays, etc. Personal data about data subjects, who apply to open positions in SynoInt (https://www.synoint.com/job-career/): e-mail, telephones No., name, surname, postal code, date of birth, country, address, gender, CV (curriculum vitae), motivational letter, education data, experience data, hobbies, other skills, etc.
  • Non-personal data – metadata (data / information that provides information about other data), when data subject uses SynoInt websites or Services, such as: status, creation date and time, last modification date and time, files names, type, size, various identifiers, etc.
  • Personal data when data subject contacts SynoInt (for example by https://www.synoint.com/contact/): name, e-mail, request, message content, consents, etc.
  • When SynoInt conclude business (cooperation) agreements and contracts, SynoInt processes: company name, address, registration number, e-mail, bank account details, telephone No., VAT No., addresses of company`s websites, details of payments, data on services provided, signatures, etc.
  • When a data subject (if it is legal person) creates an account (including cases when SynoInt creates an account by data subject request) to use services of SynoInt systems and platforms or apply for the provision of other services, SynoInt might collect: e-mails, telephones No., user names, passwords, company`s name, addresses, registration number, bank account details, VAT No., addresses of company`s websites, details of payments, data on services provided, postal code, data about company`s employees, contact data of company`s data protection officer, contact data of company`s representative, signatures, etc.
  • When a data subject (if it is individual person) creates an account (including cases when SynoInt creates an account by data subject request) to use services of SynoInt systems and platforms or apply for the provision of other services, SynoInt might collect: e-mail, telephones No., user name, password, name, surname, postal code, date of birth, country, address, gender, bank account details, etc.
  • Personal data and special categories of personal data when data subjects (such as panellists, respondents and others) response to SynoInt questionnaires: region where work, type of work, shopping habits, travels, data about education, political view, religion view, health, languages, etc.
  • When data subject participates in rewards systems and intends to get rewards, SynoInt processes: e-mail, name, surname, bank details, user name, passwords, number of participated projects, etc.
  • Information about the operations and services performed with SynoInt systems and platforms and other SynoInt products, such as: what services have been used, how much time, for what purpose, etc.

Purposes for which we process information

SynoInt processes personal data, sensitive (special categories) personal data and non-personal data for purposes of:

1. Market and public opinion research;

2. Costumers and consumers insights;

3. Loyalty and rewards programs;

4. Provide statistical information;

5. Provide data collection, processing and reporting solutions;

6. Submitting the best deals and get acquainted with SynoInt services;

7. Administer and manage agreements, contracts, projects, other documents, services, etc.;

8. Implementation the requirements and provisions of the legislation.

Period of storage of information

SynoInt stores your personal data, sensitive (special categories) personal data and non-personal data for no longer than it is required by the data processing goals or is stated in legal regulations if there is a longer data duration provisioned. We aim not to store outdated or irrelevant information and ensure that personal data and other information would be updated consistently and correctly.

The term of data storage may be from 1 (one) to 10 (ten) years, unless the law specifies and / or is agreed otherwise.

For example:

  • SynoInt stores personal data about data subjects, who apply to open positions up to 1 (one) year, unless agreed otherwise;
  • SynoInt stores personal data about SynoInt employees up to 10 (ten) years, unless agreed otherwise;
  • When data subject creates an account to use services of SynoInt systems and platforms, SynoInt stores this data usually 3 (three) years, unless agreed otherwise, etc.

SynoInt periodically reviews all stored data and makes sure that inaccurate or out-of-date data is not processed.

Using children`s personal data

SynoInt websites, services of SynoInt systems and platform and other services, are not untended for minors.

SynoInt complies with General data protection regulation and also with Law on the legal protection of personal data of the Republic of Lithuania where indicated that persons under the age of 14 (fourteen) are considered to be minors.

In view of this, SynoInt takes the position, that minors can not visiting in SynoInt websites and using SynoInt Services.

SynoInt confirms that we do not collect information and data from / about data subjects who are minors. If there are any cases when children want to visit in SynoInt websites and use SynoInt services or other SynoInt activities, they have to submit consents and permissions from their parents and implement other requirements specified in the General data protection regulation and on the Law of the legal protection of personal data of the Republic of Lithuania.

If we learn that a child under age 14 (fourteen) has improperly provided us with information, we will notify the child’s parent or legal guardian and thereafter delete the child’s personal information from our records.

Principles of data processing

SynoInt ensures that personal data, sensitive (special categories) personal data and non-personal data shall be:

  • processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
  • collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (‘purpose limitation’);
  • adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
  • accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
  • kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (‘storage limitation’);
  • processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

Implementation procedure of data subject rights

SynoInt ensures that according to the General data protection regulation would be implemented all rights of data subjects:

1. Right to be informed (General data protection regulation Art. 13 and 14);

2. Right to access (General data protection regulation Art. 15);

3. Right to rectification (General data protection regulation Art. 16);

4. Right to erasure (Right to be forgotten) (General data protection regulation Art. 17);

5. Right to restriction of processing (General data protection regulation Art. 18);

6. Notification obligation (General data protection regulation Art. 19);

7. Right to data portability (General data protection regulation Art. 20);

8. Right to object (General data protection regulation Art. 21);

9. Automated decision – making (General data protection regulation Art. 22).

If you would like to implement any of these rights, or if you think that we process incorrect personal data about you, or you have any other questions regarding your rights, please contact by e-mail data.protection@synoint.com.

We will deal with your request within 30 days. If your request is complicated or if you have a large number of requests, it may take us longer. We will let you know if we need longer than 30 days to respond. If you ask us to delete your personal data or restrict how it is used, there may be exceptions to the right to erasure for specific legal reasons which, if applicable, we will set out for you in response to your request. We also have to inform, that we need specific information from you to help us confirm your identity, so please fill in all required information about you and submit your request as clear and understandable as possible.

If you are unable to resolve the issues with SynoInt and if SynoInt engagement or a lack there of worries you that this privacy report or legal regulations requirements are not being adhered to, you have the right to contact State data protection inspectorate of the Republic of Lithuania (supervisory authority) or other institutions which are responsible for the supervision and control of legal acts which regulate personal data protection and implementation of data subjects rights.

Security of your personal data

SynoInt has implemented appropriate technical and organisational controls to protect your personal data against unauthorised processing and against accidental loss, damage or destruction.

But we must inform, that you are responsible for choosing a secure password when we ask you to set up a password to access parts of our sites, SynoInt systems and platforms. You should keep this password confidential and you should choose a password that you do not use on any other site.  You should not share your password with anyone else, including anyone who works for us. Unfortunately, sending information via the internet is not completely secure. Although we will do our best to protect your personal data once with us.

If you suspect that passwords has been compromised, please inform about this immediately by e-mail info@synoint.com and / or data.protection@synoint.com.

We also ask you to read more about the SynoInt security in Security policy on https://www.synoint.com/security-policy/.

International data transfers

Data we collect may be transferred to, stored and processed in any country or territory where any of SynoInt company exist or or service / servres providers (data processors) are based or have facilities. While other countries or territories may not have the same standards of data protection, SynoInt will continue to protect personal data that we transfer in line with this privacy policy and other procedures by SynoInt.

Whenever we transfer your personal data out of the European Economic Area (EEA), we ensure similar protection and put in place at least one of these safeguards:

  • We will only transfer your personal data to countries that have been found to provide an adequate level of protection for personal data;
  • We may also use specific approved contracts with our service providers, servers’ providers, data processors, data sub-processors, that are based in countries outside the EEA. These contracts give your personal data the same protection it has in the EEA;
  • We have informed the supervisory authorities about these transfers;
  • We have received all permissions and consents for transferring of personal data.

However, SynoInt informs you, that regardless of the fact that each SynoInt company is located in another country, your personal data can only be accessed by the SynoInt companies with which you have contracted, given permissions and consents, etc.

Typically, such personal data transfers from one country to another are usually just in exceptional cases.

In most cases, SynoInt only provide non-personal data to other countries.

Who we share your personal data with

Depending on where you live, we may share your personal data but just in exceptional cases. We do not share your personal data with other people or organisations that are not directly linked to us except under the following circumstances:

  • We may reveal your personal data to any law enforcement agency, court, regulator, government authority or other organisation if we are required to do so to meet a legal or regulatory obligation, or
    otherwise to protect our rights or the rights of anyone else;
  • We may reveal your personal data to any other organisation that buys, or to which we transfer all, or substantially all, of our assets and business. If this sale or transfer takes place, we will use reasonable efforts to try to make sure that the organisation we transfer your personal data to uses it in line with our privacy policy;
  • We may share your personal data in other specific cases, when we have the right to provide this data, and the other party has the right to receive this data;
  • We will not share your personal data with anyone else in other cases unless we have your permission / consent to do this.

Concepts and meanings of your consents

In SynoInt systems and platforms and services, you can see the consents and permissions which we ask you to mark.

In below we provide a broader and more detailed explanation of these consents and permissions:

“I agree to the Privacy Policy, Security Policy, Cookies Policy, DPO, Quality documentation and Terms of Use” and “By clicking “Send” I agree to the Privacy Policy, Cookies Policy, DPO and Terms of Use and I confirm that before sending message with my personal data I have read all these documents“ means that you have read all these documents and you agree with that documents.

“I agree to participate in surveys and other market research activities” means that you freely and indecently agree to provide your opinion, personal data, answers to various questions which we ask in surveys and questionnaires and you can get a reward for it.

“I agree to the use of cookies for market research purposes” means you agree to get more special targeted and relevant surveys which should be more interesting for you.

“I agree to the collection and / or sharing my mobile advertising identifiers or other identifiers” means you agree to help us analysing your information better, more detailed, clear understand your answers and provide better services.

“I agree to the use of third-party cookies for market research purposes” means you agree to get more special targeted and relevant surveys which should be more interesting for you.

“I agree to share my profile information with third-parties for market research purposes” means you agree to get more surveys from our partners, from other parties, and also it means that you will get more rewards for this. High probability because the profile data can be shared, then the surveys should be more relevant to you.

“I agree to share my sensitive data for market research purposes” means you agree that in surveys could be questions about your special categories of personal data. In this case, also surveys would be more adapted for you and more informative for us. It is likely that you will receive more surveys that are relevant to you.

“I agree to receive rewards for participation in surveys and other market research activities” means you agree that you can earn points by completing surveys or other easy tasks through our partners. Each survey or task earns you points for completing it, so you can decide how much you want to do and earn. The points earned can then be exchanged for different attractive rewards available from our partners. Chosen rewards will be sent to your registration e-mail.

“I agree to get news and notifications about market research and other market research activities” means you agree to get information from us about our services, offers, suggestions, news and changes.

Most of your consents can easily be revoked at any time by writing an email to data.protection@synoint.com (if it is related to the processing of your personal data) or info@synoint.com (if it is related to other goals), or you can easily revoke most of your consents in SynoInt systems and platforms by yourself.

Data protection officers (DPO)

We would like to inform that in adherence to the General Data protection regulation, SynoInt has been assigned the following Data protection officers:

  • Lawyer Liudvikas Augutis (on legal side)
  • Senior IT Systems Developer Mindaugas Liubinas (on IT side).

More you can read in Data protection officers on www.synoint.com/dpo.

If you would like to contact SynoInt Data protection officers, you have questions related to the processing of your personal data, the protection of personal data, or other matters related to personal data, please contact by e-mail data.protection@synoint.com.

Actual and useful links under this Privacy policy:

  • General data protection regulation (current version):

          https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=LT

  • Law on the legal protection of personal data of the Republic of Lithuania (current version):

          https://www.e-tar.lt/portal/lt/legalAct/TAR.5368B592234C/VCRurdZydD

  • International data transfers using model contracts:

          https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en

  • About General data protection regulation:

          https://eugdpr.org/

  • Amazon (AWS) Privacy notice:

          https://aws.amazon.com/privacy/

  • Interneto vizija Privacy notice:

          https://sutartys.iv.lt/preview/privatumo_politika.php

  • Cint Privacy notice:

          https://www.cint.com/privacy-notice/

  • Google Privacy policy:

          https://policies.google.com/privacy?hl=en

Applicable law and changes

This Privacy policy is governed by the law of the Republic of Lithuania.

Any dispute, controversy, disagreement or claim arising out of or in connection with the Privacy policy, as well as issues of the violation, termination or validity / invalidity hereof shall be settled by mutual negotiations.

The main and always updated version of this Privacy policy is posted in English on www.synoint.com/legal.

This Privacy policy might be used by the following sites:

www.synoscore.com,
www.synoanswers.com ,
www.synopanel.com,
 www.synorewards.com,
www.surveyo24.com,
www.synokorea.com,
www.synojapan.com.

Get in touch

Would you like to find out more?

Get in touch

Please select your form