Synergos | Global management consulting
Privacy Notice
This privacy notice was last reviewed or revised on May 20, 2024.
We, SYNERGOS | Global management consulting, and its subsidiaries and affiliates (collectively, “SYNERGOS,” “us,” or “we”) understand that your privacy is important to you. We are committed to respecting your privacy and protecting your personal data. This privacy notice describes how we handle and protect your personal data (the “Privacy Notice”) when we collect it through SYNERGOS’s websites, applications, and digital assets (collectively, our “Sites”) and through our externally facing business activities, such as service offerings, events, surveys, and communications, when we interact with you and collect data from you for use by and on behalf of SYNERGOS (i.e., when SYNERGOS is acting as a data controller or similar term under applicable privacy law).
If you are an employee of a SYNERGOS client or a SYNERGOS service provider, we may receive your personal data from your employer. Our use of your personal data is governed by our agreement with your employer.
You are not required to share your personal data with us, but failing to do so may result in SYNERGOS being unable to properly provide you with our full range of services or a good user experience with our solutions, websites services or newsletters.
Please see our terms of use (below) for more information about other terms and policies applicable to the use of our Sites.
Contents
2. How do we collect your personal data?
3. Why and how are we using your personal data?
4. What do we not do when we collect and process your personal data?
5. Who has access to your personal data? Data recipients and international data transfers.
6. Security
7. How long do we keep your personal data?
8. Data collection from children
9. What are your data protection rights, and how can you exercise them?
9.1. Your data protection rights.
9.2. How do you exercise your data protection rights?
1. Data controller
When SYNERGOS collects and processes your personal data in accordance with this Privacy Notice, we do so as authorized under applicable data privacy laws, whether as data controller or joint controller (similar terms may be used under applicable law), which means that we determine and are responsible for how your personal data is collected, used, protected, disclosed, and disposed of.
Depending on the jurisdiction you are located in or made contact with SYNERGOS, the local SYNERGOS entity may be your main data controller.
2. How do we collect your personal data?
SYNERGOS collects personal data in the course of our business activities directly from you and from third parties:
- SYNERGOS collects personal data about you in the course of our routine business activities:
- When you interact with our Sites
- When you sign up for and participate in SYNERGOS conferences and events;
- When you participate in public content posting areas, such as bulletin boards, discussion forums, and SYNERGOS social media sites;
- When you participate in a survey, panel discussion, or individual discussion conducted by SYNERGOS; or
- When you interact with SYNERGOS or its employees on its Sites, by email, or telephone, to ask a question, request information, or otherwise seek a response from SYNERGOS.
- SYNERGOS may also receive personal data about you from third parties, including service providers and data vendors in the course of our business activities. When we collect personal information from third parties, the data consists primarily of publicly available personal information compiled from business websites, public-facing social media platforms, and other widely used public sources. We also acquire deidentified datasets from certain service providers that we maintain in deidentified form. In each instance, we do our best to confirm that the third party has lawfully collected the data from appropriate sources and is authorized to share the data with SYNERGOS for the uses intended by SYNERGOS in accordance with section three below.
Sensitive personal data – We may also collect sensitive personal data directly from you, for instance when you respond to a survey or panel discussion conducted by SYNERGOS and provide us with demographic or other personal data or when you provide information to permit us to accommodate your specific request at a conference or event. We use sensitive personal data only with your consent unless another legal basis exists (e.g., public health requirements). When we collect and use sensitive personal data for research, data analysis, and statistical purposes, we use it to produce reports and publications based on deidentified datasets.
We may combine personal data that we receive directly from you with personal data that we receive from third parties, to the extent that all such collection and use of personal data and sensitive personal data is consistent with this Privacy Notice and with the purposes and data access as described in section three below.
3. Why and how are we using your personal data?
SYNERGOS uses your personal data for different purposes and may combine data from multiple sources to accomplish those purposes. The table below summarizes the purposes for which we process your personal data, the categories of personal data that we use for each purpose, and the legal grounds on which each data processing activity is based, along with who has access to the personal data.
Managing our business relationship with you.-
Purpose: As an employee of a SYNERGOS client, you receive information regarding our services and solutions, including proposals, invoices, etc.
Categories of personal data: Name, pronouns, email, location, professional or employment related information like job title, position, or employer.
Legal basis for use: Legitimate interest for the provision of services
Data access: SYNERGOS subsidiaries and affiliates and third-party service providers as disclosed in section five of this Privacy Notice.
Newsletters and alerts.-
Purpose: If you register for SYNERGOS newsletters and alerts, you receive business, management, or industry-specific information.
Categories of personal data: User ID, pronouns, name and email address, phone number
Legal basis for use: Legitimate interest for the provision of our services
Data access: SYNERGOS subsidiaries and affiliates and third-party service providers as disclosed in section five of this Privacy Notice.
Conferences and events.-
Purpose: Sign up for and process your requests to participate in conferences and events, including webcasts.
Categories of personal data: Name, pronouns, email, location, professional or employment-related information like job title, position, employer, dietary information, or health-related information to accommodate for any special requirements, including disabilities, or authorizations for audio and video material if we are taking pictures or videos
Legal basis for use: Legitimate interest to provision you access to our conferences and events and based on your consent, where legally required, when signing up for conferences and events with regards to participating in audio or video, webcasts or other media events
Data access: SYNERGOS subsidiaries and affiliates and third-party service providers as disclosed in section five of this Privacy Notice.
Public user posts and surveys.-
Purpose: Participate in public user posting areas, including bulletin boards and discussion forums, and participate in surveys for research or other business-related purposes. For each survey, we provide you with specific information concerning which personal data is collected and how the processing activity is carried out.
Categories of personal data: Your personal preferences and information you provide about you, comments, statements, or posts
Legal basis for use: Your consent provided when posting in such forums and participating in surveys
Data access: SYNERGOS subsidiaries and affiliates and third-party service providers as disclosed in section five of this Privacy Notice.
Benchmarking and analytics.-
Purpose: Conduct benchmark and data analytics activities, such as analysis of recruiting practices across an industry, detecting fraud patterns in connection with financial transactions, and consumer traffic in retail environments.
Categories of personal data: Specific business information related to you, location, behavioral data, etc.
Legal basis for use: Our legitimate interest in doing research and analytics activities as part of our business and, when needed, your consent to SYNERGOS or the third parties that provide us with the information
Data access: SYNERGOS subsidiaries and affiliates and third-party service providers as disclosed in section five of this Privacy Notice.
Maintain and provide SYNERGOS’s services
Purpose: Provide our services or products to our clients, including benchmarking products.
Categories of personal data: Access data, email, and your name for communication with you, preferences on website or app use, etc.
Legal basis for use: Legitimate interest in promoting and protecting SYNERGOS, provision of our services and building and maintaining relationships
Data access: SYNERGOS subsidiaries and affiliates and third-party service providers as disclosed in section five of this Privacy Notice.
Legal compliance and legal actions
Purpose: Comply with all applicable regulations, exercise legal actions and legal defense at courts, prevent fraud, and enforce SYNERGOS’s agreements, this Privacy Notice, the Cookie Notice, and our terms of use, as well as complying with corporate reporting obligations.
Categories of personal data: Data will depend upon specific legal requirement.
Legal basis for use: Compliance with all applicable laws and regulations
Data access: SYNERGOS subsidiaries and affiliates and third-party service providers as disclosed in section five of this Privacy Notice.
Marketing communications
Purpose: Based on your preferences and opt in when you sign up for newsletters, events, and similar activities, we may send you newsfeeds or updates about SYNERGOS in relation to your interests. You can opt out of those communications at any time.
Categories of personal data: Name, email address, title, company
Legal basis for use: Your consent when signing up for newsletters, events, and similar activities
Data access: SYNERGOS subsidiaries and affiliates and third-party service providers, as disclosed in section five of this Privacy Notice.
Whenever the legal ground is our legitimate interest, SYNERGOS only processes your personal data after assessing the adequacy, proportionality, and legitimacy of the data-processing activity.
If consent as a legal basis for processing has been relied upon and you have withdrawn it, we may not be able to properly provide you with our full range of services and a good user experience.
SYNERGOS does not use automated decision making to make decisions that have legal impact on you or that significantly affect your rights and liberties. All automated processing activities are conducted with appropriate human supervision and review.
4. What do we not do when we collect and process your personal data?
We do not acquire, use, or allow others to use deidentified data with the intent of identifying or reidentifying individuals. When we receive deidentified data or transform personal data that we have collected into deidentified data, we make the following commitments:
- SYNERGOS will maintain deidentified data in deidentified form.
- Except to the extent necessary to confirm that personal data has been transformed into deidentified data, SYNERGOS will not attempt to identify or reidentify specific individuals within a deidentified dataset or otherwise use deidentified data to attempt to associate specific individuals with individual characteristics and will not permit any entity or individual acting on SYNERGOS’s behalf to do so.
- To the extent, if any, that SYNERGOS provides access to or otherwise discloses a deidentified dataset to a non-SYNERGOS recipient, for example, a service provider or a client, it will require each such recipient to agree to maintain the deidentified data in its deidentified form and not attempt, or permit others to attempt, to identify or reidentify specific individuals within the deidentified dataset or otherwise use deidentified data to attempt to associate specific individuals with individual characteristics.
5. Who has access to your personal data? Data recipients and international data transfers
Personal data collected in the course of SYNERGOS business activities may be transferred and made available to SYNERGOS entities, service providers, and third parties as necessary to accomplish the specific business purposes for which the personal data were collected and to support our interactions with you, and otherwise as required to comply with applicable law. The SYNERGOS entity that collects your personal data may provide access to and transfer your data to the following categories of data recipients, for the business purposes described in section three, above:
- To SYNERGOS’s subsidiaries and affiliates and personnel across our global organization;
- To SYNERGOS’s service providers and personnel;
- To SYNERGOS’s legal and professional advisors;
- To third parties in the following circumstances;
- If we are required to do so by law or legal process;
- To law enforcement authorities or other government officials pursuant to lawful request;
- When we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity;
- If disclosure is necessary to protect the vital interests of a person;
- To enforce our terms of use
- To protect our property, services, and legal rights;
- To prevent fraud against SYNERGOS, our subsidiaries, affiliates and/or business partners;
- To aid in SYNERGOS’s investigation of an actual or suspected security incident, such as a breach involving confidential information or personal information or a violation of SYNERGOS policy;
- To support auditing, compliance, and corporate governance functions;
- To comply with any and all applicable laws.
- To a successor or different business entity in the event of a reorganization, merger, sale, joint venture, assignment, or other transfer or disposition of all or any portion of our business.
To protect personal data that is transferred internationally, SYNERGOS complies with all applicable data transfer laws, including incorporating required data transfer terms into our agreements with SYNERGOS affiliates, subsidiaries, service providers, and third parties.
6. Security
SYNERGOS protects and safeguards your personal data globally, in accordance with applicable law, our privacy and data security policies, and this Privacy Notice. We use generally accepted standards of technical and operational security to protect your personal data against accidental or unlawful loss, misuse, alteration, or destruction, in consideration of the risks associated with the personal data and its processing, and we require the same level of protection and safeguarding from our subsidiaries and affiliates, our service providers, and third parties. Only authorized personnel of SYNERGOS and of our service providers are permitted to access personal data, and these employees and service providers are required to treat this information as confidential. Despite these precautions however, SYNERGOS cannot guarantee that unauthorized persons will not obtain access to your personal data.
7. How long do we keep your personal data?
SYNERGOS keeps your personal data only as long as necessary to accomplish the business purposes for which it was collected to meet our legal or contractual obligations and in compliance with SYNERGOS’s data-retention policy. We will securely delete your personal data promptly after the purposes described above cease to apply in accordance with the prevailing market practice for such destruction.
If you request that we delete your personal data, SYNERGOS will comply with applicable law and will make reasonable attempts to delete all instances of the personal data, subject to our right to keep a copy of such data for the purposes mentioned above. For requests for access, corrections, or deletion, especially where the processing is based on your consent, please refer to section nine of this Privacy Notice.
8. Data collection from children
SYNERGOS does not intentionally use its Sites and business content to collect or maintain personal data from individuals under the age of 16. To the extent that any of our non-site business activities may involve collecting or maintaining personal data from or about individuals under the age of 16, we would do so only with the required legal consent from the parent, guardian, or individual and in accordance with applicable law.
9. What are your data protection rights, and how can you exercise them?
9.1. Your data protection rights.
Subject to applicable law, including exceptions, you have the following rights with regard to the personal data that we collect about you:
- Right to request information about the personal data that we hold about you, including information about how we use your personal data, who has access to it, and the terms under which third parties have access to your personal data;
- Right to request a copy of the personal data that we hold about you;
- Right to request portability of your data to permit you to provide a copy of your personal data in a structured, commonly used, and machine-readable format and to transmit that personal data to another controller;
- Right to request that we correct or otherwise amend your personal data if it is not correct or otherwise not complete, timely, and accurate for the purposes for which we are using it;
- Right to request deletion of your personal data;
- Right to request that we cease processing or restrict or limit the processing of your personal data;
- Right to withdraw your consent to our processing of your personal data where the basis of our processing is your consent;
- Right to not be discriminated against for exercising your individual rights regarding your personal data;
9.2. How do you exercise your data protection rights?
You can contact the Data Protection Officer for your jurisdiction at contact@synergos.biz.
If you would like to exercise your data protection rights regarding your personal data, you can do so by emailing your request to us at: contact@synergos.biz
Upon receipt of your request to exercise your data-protection rights, we will acknowledge receipt within the time period required by applicable law and provide you with information about the next steps in the process and the timing. To help protect your privacy and security, we may take reasonable steps to verify your identity before acting on certain data protection rights, in accordance with applicable law. If you are using an authorized agent to exercise your data protection rights and that agent does not provide a power of attorney with the initial request, we may request further evidence of the agent’s right to act on your behalf, including valid written authorization or contacting you to verify the request.
Please note that applicable laws include exceptions to assertions of data protection rights that may prevent us from providing access to your personal data or otherwise fully complying with your request. If we believe exceptions apply, we will respond to your request to the extent we are able to do so, and we will provide an explanation of the basis for not complying wholly or partially with your request.