Last updated: 15 July 2022
We do not trade, sell or lease Personal Information entrusted to us.
Our Services are not directed to children and we do not knowingly collect or maintain information from anyone under the age of 14. If you are under the age of 14, do not use or provide personal information on the Sites. If we are notified or discover that a child under the age of 14 has submitted Personal Information to us, we will take reasonable steps to delete the information.
Synerion acts as a data processor of the Personal Information it processes on the behalf of its customers. Customers control the data that is being processed and decide on whether or not Personal Information (including sensitive information) is entered into free text fields. We are not responsible for the content of free text fields entered by our customers except to the extent that it will be safeguarded in the same manner as other information we process.
- Your Online Privacy Responsibilities
By using our Services and our Sites, you agree to take basic steps to ensure your privacy online. You agree to log out of the sites when you are finished and to protect your information from other users. You also agree not to share your password or login ID necessary to use our Services with anyone else. In addition, you agree to take reasonable precautions against malware and viruses by installing an anti-virus software to protect your online activities.
Some of this Personal Information may be entered directly by our customer’s employees, however most Personal Information is collected by our customers on behalf of their employees, relating to the use of our Services.
Some other Personal Information may be collected when you use the contact and subscription sections of our Sites or when you use our chatbot.
We may also gather information by observing how users interact with our Sites and Services. We collect this information to continually improve and enhance the functionality of our Services. We gather certain information automatically. This information may include IP addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data.
In addition, when you interact with our Sites and Services, we may gather anonymous technical and navigational information, such as computer browser type, cookie information, pages visited, and average time spent on our Sites. This information does not personally identify you and may be used, for example, to alert you to software compatibility issues, to fulfill your requests for Services, to conduct research or analyze and improve our product functionality.
Customers are the data controllers of their employees Personal Information and are responsible for obtaining consent from their employees, when they collect information in relation to our Services. Synerion processes Personal Information solely at the direction of its customers and has no direct relationship with the employees whose information we process.
- What Personal Information Do We Collect
5.1 Personal Information collected for our Services
Personal Information processed by Synerion on behalf of its customers may include contact information such as name, work phone number and work email address or unique identifiers such as employee number or biometric information (see section 6 below), as well as any other information you provide to us when entering information in the free text fields of our Services. This information is used to create access to functionalities of our Services, to send processing related alerts or notifications and to contact users of the Services at the direction of the customer.
Our Services allow for other work-related information to be used and stored such as contact phone number, professional licenses, and union membership. Our customers determine which of these fields are necessary for their operations and have the exclusive control on such information.
We do not knowingly collect nor process personal health information as part of our data processing responsibilities.
It is recommended to customers to avoid storing any sensitive information of their employees which is not necessary for the Services to function, such as social insurance numbers and personal health information, or other personal information such as gender, home addresses, home phone numbers and birthdates.
5.2 Personal Information collected when using our Sites
When using the contact section, subscription section and the chatbot of our Sites, we may collect your first name, last name, work email, phone number and any other information you provide to us when using our chatbot.
As part of the Synerion automated system Services, customers may use biometric timeclocks to identify employees for timekeeping purposes. In order to use such devices, the customer must collect its employees biometric data (for facial or fingerprints recognition). Our customers collect such employee data through their use of the biometric timeclock devices and related software. Once captured by the customer, an employee’s biometric information is converted into an encrypted data string (i.e., biometric template). The encrypted biometric data is stored on the device itself at the customer-controlled site and the information is also securely stored by Synerion on its servers. The encrypted biometric data stored by Synerion consists solely of the encrypted data string created from mathematical algorithms, not the actual biometric data (fingerprints, facial images, handprints, etc.).
It is the sole responsibility of the customer that collects, captures, stores, or otherwise uses biometric information relating to an individual, to:
- Inform the employee from whom biometric information will be collected, in writing and prior to collecting the employee’s biometric information, that such sensitive Personal Information is being collected, stored, and/or used;
- Indicate, in writing, the specific purpose(s) and length of time for which the biometric information is being collected, stored, and/or used; and
- Receive a written consent from the employee (or a legally authorized representative) authorizing the customer and Synerion to collect, store, and/or use the biometric information and authorizing the customer to disclose such biometric information (encrypted) to Synerion, or to any other customer third-party service providers.
Synerion customer support representatives and development and implementation personnel have access to some transaction information in order to respond to customer questions related to our Services.
At the direction of our customers, Synerion may provide Personal Information to designated third parties such as payment processors and banks. Synerion may also share information with service providers that are directly related to Services for which we have been contacted or contracted.
From time-to-time Synerion may also provide third parties with aggregate information that is not linked to any individual.
The only exception to any part of this section is if Synerion is compelled to do so by an appropriately empowered governmental authority and by the applicable laws.
Your personal information are stored in data centers which locations depend on your jurisdiction, details of which are specified in our Hosting Policy accessible at [https://www.synerion.com/hosting-delivery-policies/].
Our Services require data, including Personal Information, to function effectively. Only the customer determines how long they wish to maintain employee records within the system.
Once a customer is no longer a customer of Synerion, data and Personal Information is removed from Synerion systems within 60 days.
Otherwise, Synerion retains your Personal Information for business purposes, for as long as your account is active, and/or as long as is reasonably necessary to provide you with our Services. Synerion will also retain your Personal Information as reasonably necessary to comply with our legal obligations, resolve disputes and enforce our agreements. We may also retain cached or archived copies of your Personal Information for a reasonable period of time. At any point in time, you can withdraw consent and we will immediately stop processing your data, subject to your jurisdiction and to our legal or contractual obligations.
We take reasonable and appropriate precautions, including administrative, technical, personnel, and physical measures, to safeguard Personal Information against loss, misuse, theft, and unauthorized access, use, disclosure, alteration, and destruction. We also use Secure Sockets Layer (SSL) encryption when transmitting sensitive Personal Information. Please keep in mind that due to the inherent nature of the Internet, there is no way to make the transmission of electronic data entirely safe from intrusion.
You may “opt in” and/or “opt out” of certain uses of your Personal Information. For example, you may have the opportunity to choose whether you would like to receive email correspondence from us. Your Personal Information will not be shared with third-party service providers unless you give prior written consent. You will have the opportunity to opt out of Synerion commercial electronic messages by clicking the “opt out” or “unsubscribe” link in the emails you receive. You can also request this by filling out a privacy web form via our Data Subject Access Request (DSAR) Portal. If the Synerion DSAR portal is unavailable, requests can be sent to email@example.com
Please take note that if you opt out of receiving commercial electronic messages from us, we may still contact you in connection with your relationship, activities, transactions and communications with us.
We encourage our Sites users to access, update and edit their personal information and keep it current.
You may request access to your Personal Information to update, correct or delete, de-index or to limit the use or disclosure of, your Personal Information, or request of a copy of your Personal Information.
When relating to the use Services, employees wishing to view, update, delete, de-index or supplement their Personal Information may do so by contacting directly their employer that provided Synerion the Personal Information to make the requests, or alternatively you can submit your request through our Data Subject Access Request (DSAR) Portal.
When relating to the use of the Sites, users wishing to view, update, delete, de-index or request a copy their Personal Information may do so by submitting a request through our Data Subject Access Request (DSAR) Portal.
If our DSAR portal is unavailable, requests can be sent to firstname.lastname@example.org
Individuals outside the EU may also use our Data Subject Access Rights portal to submit complaints about your privacy and our collection or use of your personal information.
- Use, Disclosure and Sharing of Personal Information
Synerion does not disclose the Personal Information it holds to third parties, except for the following exceptional circumstances:
- Third Parties: Synerion will not lease or sell your Personal Information to others but may disclose Personal Information with third-party vendors and service providers that work with Synerion (such as website or infrastructure hosting companies, communications providers, email providers, analytics companies, credit card processing companies and other similar service providers that use such information on our behalf). We will only share Personal Information to these vendors and service providers to help us provide the Services to you at your request and in accordance with our respective agreement. We will ensure appropriate contractual clauses are in place to ensure compliance with the applicable data privacy laws.
- Business Purposes: In a prospective business transaction, Synerion may disclose Personal Information where Synerion has entered into an agreement that restricts the use and disclosure of that data solely for purposes related to the transaction, protects the data by security safeguards appropriate to the sensitivity of the Personal Information, and if the transaction does not proceed, the data is returned to Synerion or destroyed within a reasonable time. With respect to employee Personal Information, Synerion may disclose Personal Information if it is necessary to establish, manage or terminate an employment relationship, as allowed by applicable laws.
- Legal and Safety Reasons: Synerion may be required to disclose Personal Information to law enforcement agencies, government agencies, or other legal entities. We may disclose information required by law, litigation, or as a matter of national security to comply with a valid legal process including subpoenas, court orders or search warrants, and as otherwise authorized by applicable laws. We may also need to disclose Personal Information in the event of an emergency that threatens an individual’s life, health, or security. If the data requested is held on behalf of a customer, Synerion will consult the customer unless it is prohibited to do so by law. Synerion may notably be required to disclose information without your consent or knowledge if: (i) it is reasonable to expect that disclosure with your knowledge or consent would compromise an investigation of a breach of an agreement or a contravention of the law; (ii) it is reasonable for the purposes of preventing, detecting or suppressing fraud and it is reasonable to expect that the disclosure with your knowledge or consent would compromise the ability to prevent, detect or suppress the fraud; (iii) it is necessary to identify an individual who is injured, ill or deceased to a government institution or the individual’s next of kin or authorized representative and, if the individual is alive, with notification to the individual.
Synerion may share customer information within our family of companies for a variety of purposes, for example, to provide you with the latest information about our Services and offer you our latest promotions. To facilitate our global operations, Synerion may transfer Personal Information from your home country to other Synerion locations across the world. To protect your Personal Information, we will only transfer data to countries who provide an “adequate” level of Personal Information protection. If the data is transferred to countries without ‘adequate’ protection as determined by the European Parliament, or the Act respecting the protection of personal information in the private sector (province of Quebec, Canada), we will use additional safeguards to ensure your data is protected. In instances where General Data Protection Regulation (GDPR) is in scope, we will rely on the standard contractual clauses as the legal transfer mechanism that will be defined in the Data Processing Agreement signed with the customer.
- Third Parties who may receive personal data (Onward Transfer)
Synerion may employ and contract with third-party service providers and other entities to assist in providing our Services to customers by performing certain tasks on our behalf. These third-party providers may offer customer support, data storage services (data centers), or technical operations. Synerion maintains contracts with these third parties restricting their access, use and disclosure of personal data in compliance with our Privacy Shield obligations and the applicable privacy laws. These third parties may access, process, or store personal data in the course of providing their services. Unless we tell you differently, our agents do not have any right to use Personal Information or other information we share with them beyond what is necessary to assist us. You hereby consent to our sharing of Personal Information with our agents. We may be liable for the appropriate onward transfer of EU and Swiss personal data to third parties.
Under the General Data Protection Regulation (GDPR), we acknowledge the right of EU, Swiss, and United Kingdom individuals to access their personal data. Please reference “Your data protection rights” for specific instructions on how you can access this right.
On January 1, 2020, the California Consumer Privacy Act of 2018 (CCPA) took effect, and sets new requirements and rights relating to personal information of California consumers. Click here for more details on Synerion and the California Consumer Privacy Act.
Lee Lipes, Vice President of Product Management
Synerion North America
10 Carlson Court, Suite 302
Toronto, ON, Canada, M9W 6L2