Privacy Shield

SYNOPTEK PRIVACY SHIELD POLICY
Synoptek complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce
regarding the collection, use, and retention of personal information transferred from the European Union to
The United States. Synoptek has certified to the Department of Commerce that it adheres to the Privacy Shield
Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the
Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our
certification, please visit https://www.privacyshield.gov/.

The Federal Trade Commission has jurisdiction over Synoptek’s compliance with the Privacy Shield.

Other or subsidiaries of the organization also adhering to the Principles are Synoptek Managed Services, LLC .

NOTIFICATION
Synoptek notifies Individual Customers about its adherence to the EU-US Privacy Shield principles through its
publicly posted website privacy policy, available at: https://www.synoptek.com/privacyshield and take Individual
customers approval and adherence to the current policy when they provide their information to us in the
transactional process.

COLLECTION AND USE OF PERSONAL DATA
Synoptek provides various solutions to its Individual Customers who purchase its products. Synoptek collects
Personal Data from Individual Customers when they purchase its services, register with our website, log-in to
their account, complete surveys, request information or otherwise communicate with us. For example, Synoptek
individual customers may choose to seek live support or post to a message board.

The Personal Data that we collect may vary based on the Individual Customer’s interaction with our website and
request for our services. As a general matter, Synoptek collects the following types of Personal Data from its
Individual Customers: contact information, including, a contact person’s name, work email address, work mailing
address, work telephone number, title, and company name, as well as payment information (which might
include credit card and/or bank account information). Individual customers have the option to log into their
accounts online and to request service online, including through a live support option; we will collect
information that they choose to provide to us through these portals.

When Individual Customers use our services online, we will collect their IP address and browser type. We may
associate IP address and browser type with a specific customer. We also may collect Personal Data from persons
who contact us through our website to request additional information; in such a situation, we would collect
contact information (as discussed above) and any other information that the person chooses to submit through
our website.

The information that we collect from Individual Customers is used for selling the products and services they buy
from us, managing transactions, reporting, invoicing, renewals, other operations related to providing services
and products to the Individual Customer.

For certain products, Synoptek serves as a service provider. In our capacity as a service provider, we will receive,
store, and/or process Personal Data. In such cases, we are acting as a data processor and will process the
personal information on behalf of and under the direction of our partners and/or agents. The information that
we collect from our Individual Customers in this capacity is used for managing transactions, reporting, invoicing,
renewals, other operations related to providing services to the Individual Customer, and as otherwise requested
by our partner and/or agent.

Synoptek uses Personal Data that it collects directly from its Individual Customers and for its partners indirectly
in its role as a service provider for the following business purposes, without limitation:

1. maintaining and supporting its products, delivering and providing the requested products/services, and
complying with its contractual obligations related thereto (including managing transactions, reporting,
invoices, renewals, and other operations related to providing services to a Individual Customer);
2. satisfying governmental reporting, tax, and other requirements (e.g., import/export);
3. storing and processing data, including Personal Data, in computer databases and servers located in the
United States;
4. verifying identity (e.g., for online access to accounts);
5. as requested by the Individual Customer;
6. for other business-related purposes permitted or required under applicable local law and regulation;
7. and as otherwise required by law.

DISCLOSURES / ONWARD TRANSFERS OF PERSONAL DATA
Except as otherwise provided herein, Synoptek discloses Personal Data only to Third Parties who reasonably
need to know such data only for the scope of the initial transaction and not for other purposes. Such recipients
must agree to abide by confidentiality obligations.

Synoptek may provide Personal Data to Third Parties that act as agents, consultants, and contractors to perform
tasks on behalf of and under our instructions. For example, Synoptek may store such Personal Data in the
facilities operated by Third Parties. Such Third Parties must agree to use such Personal Data only for the
purposes for which they have been engaged by Synoptek and they must either:

1. comply with the Privacy Shield principles or another mechanism permitted by the applicable EU data
protection law(s) for transfers and processing of Personal Data;
2. or agree to provide adequate protections for the Personal Data that are no less protective than those
set out in this Policy;

Synoptek also may disclose Personal Data for other purposes or to other Third Parties when a Data Subject has
consented to or requested such disclosure. Please be aware that Synoptek may be required to disclose an
individual’s personal information in response to a lawful request by public authorities, including to meet
national security or law enforcement requirements. Synoptek is liable for appropriate onward transfers of
personal data to third parties.

SENSITIVE DATA
Synoptek does not collect Sensitive Data from its Individual Customers.

DATA INTEGRITY AND SECURITY
Synoptek uses reasonable efforts to maintain the accuracy and integrity of Personal Data and to update it as
appropriate. Synoptek has implemented physical and technical safeguards to protect Personal Data from loss,
misuse, and unauthorized access, disclosure, alternation, or destruction. For example, electronically stored
Personal Data is stored on a secure network with firewall protection, and access to Synoptek’s electronic
information systems requires user authentication via password or similar means. Synoptek also employs access
restrictions, limiting the scope of employees who have access to Individual Customer Personal Data.
Further, Synoptek uses secure encryption technology to protect certain categories of personal data. Despite
these precautions, no data security safeguards guarantee 100% security all of the time.

ACCESSING PERSONAL DATA
Synoptek personnel may access and use Personal Data only if they are authorized to do so and only for the
purpose for which they are authorized.

RIGHT TO ACCESS, CHANGE OR DELETE PERSONAL DATA

A. Right to Access. Individual Customers have the right to know what Personal Data about them is included
in the databases and to ensure that such Personal Data is accurate and relevant for the purposes for
which Synoptek collected it. Individual Customers may review their own Personal Data stored in the
databases and correct, erase, or block any data that is incorrect, as permitted by applicable law and
Synoptek policies. Upon reasonable request and as required by the Privacy Shield principles, Synoptek
allows Individual Customers access to their Personal Data, in order to correct or amend such data where
inaccurate. Individual Customers may edit their Personal Data by contacting Synoptek by phone or
email. In making modifications to their Personal Data, Data Subjects must provide only truthful,
complete, and accurate information. To request erasure of Personal Data, Individual Customers should
submit a written request to local Synoptek office.
B. Requests for Personal Data. Synoptek will track each of the following and will provide notice to the
appropriate parties under law and contract when either of the following circumstances arise: (a) legally
binding request for disclosure of the Personal Data by a law enforcement authority unless prohibited by
law or regulation; or (b) requests received from the Data Subject. If Synoptek receives a request for
access to his/her Personal Data from an Individual Customer, then, unless otherwise required under law
or by contract with such Individual Customer, Synoptek will refer such Data Subject to the Individual
Customer.
C. Satisfying Requests for Access, Modifications, and Corrections. Synoptek will endeavor to respond in a
timely manner to all reasonable written requests to view, modify, or inactivate Personal Data.

CHANGES TO THIS POLICY
This Policy may be amended from time to time, consistent with the Privacy Shield Principles and applicable data
protection and privacy laws and principles. We will make employees available of changes to this policy either by
posting to our intranet, through email, or other means. We will notify Customers if we make changes that
materially affect the way we handle Personal Data previously collected, and we will allow them to choose
whether their Personal Data may be used in any materially different manner.

ENFORCEMENT AND DISPUTE RESOLUTION
In compliance with the US-EU Privacy Shield Principles, Synoptek commits to resolve complaints about your
privacy and our collection or use of your personal information. EU individuals with questions or concerns about
the use of their Personal Data should contact us at: privacyshield@synoptek.com

If you do not receive timely acknowledgement of your complaint, or if your complaint is not satisfactorily addressed by Synoptek, EU individuals may bring a complaint before JAMS, an alternate Dispute resolution provider.  Information about how to file a complaint before the JAMS Privacy Shield program can be found at: https://www.jamsadr.com/eu-us-privacy-shield.  The services of JAMS are provided at no cost to you.  More information about JAMS is available at http://www.jamsadr.com.

 

Finally, as a last resort and in limited situations, EU individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism provided by Annex I:   https://www.privacyshield.gov/article?id=ANNEX-I-introduction

 

Effective: December 30, 2016 – Version 1.1

[getstarted]
STAGING