Software Privacy Policy

Synerion Privacy Policy

Last updated: June 10, 2021

Synerion is committed to protecting the confidentiality of our customer information and the personal information of our customers’ employees.  Hence, Synerion has implemented a Privacy Program built on commonly accepted privacy principles in order to meet or exceed privacy regulations in the jurisdictions in which we operate.

Our Privacy Policy is designed to help you understand how we collect and use personally identifiable information (“Personal Information”) that you provide us and to help you make informed decisions when using our website and services (collectively, “Synerion”, ”Company”, or “Website”).

By leveraging our web enabled workforce management software products, you agree to the terms of this Privacy Policy as they may be amended from time to time. This Privacy Policy may change, so please check for updates.

Accountability

This Privacy Policy is applicable to all information that Synerion processes under the direction of its customers when using our web enabled workforce management software products.

We do not trade, sell or lease personal information entrusted to us. Our products and services are not directed to children and we do not knowingly collect or maintain information from anyone under the age of 13.

Synerion acts as a data processor of the personal data it processes.  Customers control the data that is being processed and decide on whether or not personal or sensitive information is entered into free text fields.  We are not responsible for the content of free text fields entered by our customers except to the extent that it will be safeguarded in the same manner as other information we process.

Your Online Privacy Responsibilities

By using our web enabled workforce management software products, you agree to take basic steps to ensure your privacy online. You agree to log out of this site when you are finished, protecting your information from other users. You also agree not to share your password or login ID with anyone else. In addition, you agree to take reasonable precautions against malware and viruses by installing an anti-virus software to protect your online activities.

Collection of Personal Information

We take your privacy seriously and employ information protection controls in keeping with industry standards and practices to safeguard your information and protect your anonymity.  The information collected through our products is solely for the purpose of providing the service to our customers.  Synerion does not acquire any more information than what is necessary to provide a high level of service or if required by law.  Some of this information may be entered directly by our customer’s employees, however most information is collected by our customers on behalf of their employees, relating to the use of our products and services.

We may also gather information by observing how individuals interact with our website, products and services. We collect this information to continually improve and enhance the functionality of our products and services. We gather certain information automatically. This information may include IP addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data.

In addition, when you interact with our website, products and services, we may gather anonymous technical and navigational information, such as computer browser type, Internet protocol address, cookie information, pages visited, and average time spent on our Website. This information does not personally identify you and may be used, for example, to alert you to software compatibility issues, fulfill your requests for products and services, conduct research or analyze and improve our product functionality.

Consent

Customers are the data controllers and are responsible for obtaining consent from their employees, when they collect information in relation to our workforce management products.  Synerion processes information solely at the direction of its customers and has no direct relationship with the individuals whose information we process.

What Personal Information Do We Collect

Personal information processed by Synerion may be include contact information such as name and email address or unique identifiers such as employee number or biometric information (see definition below).  This information is used to create access to services on the product, to send processing related alerts or notifications and to contact users of the product at the direction of the customer.

Our products allow for other work-related information to be used and stored such as contact phone number, professional licenses, and union membership. Our customers determine which of these fields are necessary for their operations.

We do not knowingly collect nor process health information as part of our data processing responsibilities.

It is recommended to customers to avoid storing any sensitive employee information which is not necessary for the product to function, such as social insurance numbers, home addresses, home phone numbers, gender, health information and birthdates.

Collection of Biometric Information

As part of the Synerion system, customers may use biometric timeclocks to identify employees for timekeeping purposes.  In order to use such devices, the customer must collect employee biometric data.  Our customers collect such employee data through their use of the biometric timeclock devices and related software. Once captured, an employee’s Biometric Information is converted into an encrypted data string (i.e., biometric template). The biometric data is stored on the device itself at the customer-controlled site and the information is also securely stored by Synerion.  The data stored by Synerion consists solely of the encrypted data string created from mathematical algorithms, not the actual biometric data (fingerprints, facial images, handprints, etc.)

 

It is the sole responsibility of the Customer that collects, captures, stores, or otherwise uses Biometric Data relating to an individual, to:

  1. Inform the individual from whom Biometric Data will be collected, in writing and prior to collecting the individual’s Biometric Data, that Biometric Data is being collected, stored, and/or used;
  2. Indicate, in writing, the specific purpose(s) and length of time for which Biometric Data is being collected, stored, and/or used; and
  3. Receive a written release from the individual (or a legally authorized representative) authorizing the Customer and Synerion to collect, store, and/or use the Biometric Data and authorizing the Customer to disclose such Biometric Data to Synerion and any Customer third-party service providers.

It is the Customer’s sole responsibility to develop, maintain, and to inform all individuals about any Customer policies for Biometric Data collection. Customer must maintain its own data collection, disclosure, retention, and storage policies in compliance with all applicable laws. Where required by law, Customer agrees to adopt a privacy policy in alignment all applicable laws governing the collection, use, transfer and retention of Personal Data.

Who Sees Your Personal Information

Synerion customer support representatives have access to some transaction information in order to respond to customer questions related to our workforce management products.

At the direction of our customers, Synerion may provide information to designated third parties such as payment processors and banks.  Synerion may also share information with service providers that are directly related to services for which we have been contacted or contracted.

From time-to-time Synerion may also provide third parties with aggregate information that is not linked to any individual.

The only exception to any part of this section is if Synerion is compelled to do so by an appropriately empowered governmental authority.

Data Retention, Storage and Destruction

Our workforce management products require data to function effectively. The customer determines how long they wish to maintain employee records within the system.

Once a customer is no longer a customer, data is removed from Synerion systems within 90 days.

Synerion retains your information for business purposes, for as long as your account is active, and/or as long as is reasonably necessary to provide you with our products and services. Synerion will also retain your information as reasonably necessary to comply with our legal obligations, resolve disputes and enforce our agreements. We may also retain cached or archived copies of your information for a reasonable period of time. At any point in time, you can withdraw consent and we will immediately stop processing your data.

Security

We take reasonable and appropriate precautions, including administrative, technical, personnel, and physical measures, to safeguard Personal Data against loss, misuse, theft, and unauthorized access, disclosure, alteration, and destruction. We also use Secure Sockets Layer (SSL) encryption when transmitting sensitive information. Please keep in mind that due to the inherent nature of the Internet, there is no way to make the transmission of electronic data entirely safe from intrusion.

Your opt in/opt out choices

You may “opt in” and/or “opt out” of certain uses of your Personal Information. For example, you may have the opportunity to choose whether you would like to receive email correspondence from us. Your Personal Information will not be shared with third-party service providers unless you give consent. You will have the opportunity to opt out of Synerion marketing emails by clicking the “opt out” or “unsubscribe” link in the email you receive. You can also request this by filling out a web form via our Data Subject Access Request (DSAR) Portal. If the Synerion DSAR portal is unavailable, requests can be sent to privacy.na@synerion.com.

Please take note that if you opt out of receiving promotional correspondence from us, we may still contact you in connection with your relationship, activities, transactions and communications with us.

Your ability to access, correct, limit use and disclosure

You may request access to your personal data to update, correct or delete, or to limit the use or disclosure of, your personal data.

Individuals wishing to view, update, delete, or supplement their personal data may do so by contacting the business that provided Synerion your personal data directly to make your requests, or alternatively you can submit your request through our Data Subject Access Request (DSAR) Portal. If the Company DSAR portal is unavailable, requests can be sent to privacy.na@synerion.com.  Individuals outside the EU may also use our Data Subject Access Rights portal to submit complaints about your privacy and our collection or use of your personal information.

Use, Disclosure and Sharing of Personal Information

Synerion does not sell or otherwise disclose the Personal Information it holds to third parties, except for the following exceptional circumstances:

  • Third Parties: Synerion will not rent or sell your Personal Information to others but may disclose Personal Information with third-party vendors and service providers that work with Synerion (such as website or Infrastructure hosting companies, communications providers, email providers, analytics companies, credit card processing companies and other similar service providers that use such information on our behalf). We will only share Personal Information to these vendors and service providers to help us provide a product or service to you at your request and in accordance with our respective agreement.  We will ensure appropriate contractual clauses are in place to ensure compliance with data protection legislation.
  • Business Purposes: In a prospective business transaction, Synerion may disclose Personal Information where Synerion has entered into an agreement that restricts the use and disclosure of that data solely for purposes related to the transaction, protects the data by security safeguards appropriate to the sensitivity of the information, and if the transaction does not proceed, the data is returned to Synerion or destroyed within a reasonable time. With respect to employee data, Synerion may disclose Personal Information if it is necessary to establish, manage or terminate an employment relationship, as allowed by law.
  • Legal and Safety Reasons: Synerion may be required to disclose Personal Information to law enforcement agencies, government agencies, or legal entities. We may disclose information by law, litigation, or as a matter of national security to comply with a valid legal process including subpoenas, court orders or search warrants, and as otherwise authorized by law. We may also need to disclose Personal Information in the event of an emergency that threatens an individual’s life, health, or security. If the data requested is held on behalf of a customer, Synerion will consult the customer unless it is prohibited to do so by law. Synerion may be required to disclose information without your consent or knowledge if: (i) it is reasonable to expect that disclosure with your knowledge or consent would compromise an investigation of a breach of an agreement or a contravention of the law; (ii) it is reasonable for the purposes of preventing, detecting or suppressing fraud and it is reasonable to expect that the disclosure with your knowledge or consent would compromise the ability to prevent, detect or suppress the fraud; (iii) it is necessary to identify an individual who is injured, ill or deceased to a government institution or the individual’s next of kin or authorized representative and, if the individual is alive, with notification to the individual.
  • Via Links to Third-Party Websites, Services, and Applications: Using our website or services may link to third party web websites, services, and applications. Synerion is not responsible for any Personal Information collected through these means. Information collected is governed through the third party’s website’s privacy policy. Any interactions you have with these web websites, services, or applications are beyond the control of Synerion.

International Transfer of Personal Information

Synerion may share customer information within our family of companies for a variety of purposes, for example, to provide you with the latest information about our products and services and offer you our latest promotions. To facilitate our global operations, Synerion may transfer Personal Information from your home country to other Synerion locations across the world. To protect your Personal Information, we will only transfer data to countries who provide an “adequate” level of Personal Information protection. If the data is transferred to countries without ‘adequate’ protection as determined by the European Parliament, we will use additional safeguards to ensure your data is protected.  In instances where GDPR is in scope, we will rely on the standard contractual clauses as the legal transfer mechanism that will be defined in the Data Processing Agreement signed with the customer.

Third Parties who may receive personal data (Onward Transfer)

Synerion may employ and contract with third-party service providers and other entities to assist in providing our services to customers by performing certain tasks on our behalf. These third-party providers may offer customer support, data storage services (data centers), or technical operations. Synerion maintains contracts with these third parties restricting their access, use and disclosure of personal data in compliance with our Privacy Shield obligations. These third parties may access, process, or store personal data in the course of providing their services. Unless we tell you differently, our Agents do not have any right to use Personal Information or other information we share with them beyond what is necessary to assist us. You hereby consent to our sharing of Personal Information with our Agents. We may be liable for the appropriate onward transfer of EU and Swiss personal data to third parties.

Your Right to Access Your Data

Under the General Data Protection Regulation (GDPR), we acknowledge the right of EU, Swiss, and United Kingdom individuals to access their personal data.  Please reference “Your ability to access, limit use and disclosure” for specific instructions on how you can access this right.

Your Ability to Choose How Your Data Is To Be Used

Pursuant to the General Data Protection Regulation (GDPR), EU, Swiss, and United Kingdom individuals may “opt in” and/or “opt out” of certain uses of your Personal Information. For details on how you can exercise your choices please refer to the, “Your opt/in opt/out choices” section of this privacy policy.

California Consumer Privacy Act

On January 1, 2020, the California Consumer Privacy Act of 2018 (CCPA) took effect, and sets new requirements and rights relating to personal information of California consumers. Click here  for more details on Synerion and the California Consumer Privacy Act.

Contact Us

If you have any questions or comments about this Privacy Policy, or if you would like to review, delete or update information we have about you or your preferences, requests should be submitted through our Data Subject Access Request (DSAR) Portal. If the Synerion DSAR portal is unavailable, requests can be sent to privacy.na@synerion.com

Updates to this Policy

We may need to change, modify and/or update this Privacy Policy from time to time and we reserve the right to may do so without prior notice and at any time.  If we do make changes in the way personal information is used or managed, any updates will be posted here, so you should also revisit this Privacy Policy periodically.  Your continued use of the Site and any Services following the posting of any such changes shall automatically be deemed your acceptance of all changes.

Contact Information

For questions or comments regarding this Policy, the Privacy program in general, or to file a complaint about how personal information has been handled, please contact:

Privacy Office

Synerion North America

10 Carlson Court, Suite 302

Toronto, ON, Canada, M9W 6L2

1-877-816-8463

 

If Synerion receives a complaint, we will investigate it and respond to the individual filing the complaint within 45 days of receiving it.  If an individual is not satisfied with the response, they may file a formal response with the appropriate authority.

 

CANADA:  Privacy Commissioner in their province or the Privacy Commissioner of Canada at:

 

Office of the Privacy Commissioner of Canada

30 Victoria Street

Gatineau, Quebec,

K1A 1H3

1-800-282-1376

 

UNITED STATES:  The Attorney General in the appropriate State