GDPR

Your Privacy Matters to Us

At Syngency, ensuring the security and privacy of the data you’ve trusted us with is a top priority throughout the company. Those efforts include compliance with the European General Data Protection Regulation (GDPR) that went into effect on May 25th, 2018. The GDPR is a comprehensive European privacy law designed to ensure transparency, accountability, purpose limitation, accuracy, integrity and confidentiality and is core to the controls and processes we have in place to ensure we handle and process your data in accordance with your wishes.

Our Commitment to Data Security

Security and confidentiality of our customers’ data has been central to the design and operation of the Syngency Platform since inception. Our rigorous and ever-expanding compliance program includes 3rd party audits that enable us to provide our customers reports validating the security of the platform with industry standards.

Our Security & Privacy Features

The promises below have been part of Syngency from the beginning. Everyone at Syngency is committed to protecting our customers.

• Physical Security
  We are hosted on AWS who provides robust, physical data center security and environmental controls.
• Encryption
  We enable encryption of sensitive data both at rest and in transit over public networks.
• Data Usage
  We don't mine or access your data for advertising purposes.
• Data Privacy
  We only use customer data to provide the service; we don’t look into your account without your permission.
• Data Recovery
  We regularly back up your data and provide a maximum 24-hour RTO and RPO.
• Data Ownership
  Your data 100% belongs to you. We won't delete data in your account without giving you time to export it.
• Integrated Services
  We use OAuth2 to securely authorize other SaaS services and do not store your username or password for those services.

Syngency GDPR Efforts

We have numerous changes to our internal processes, policies and products currently underway to further strengthen our comprehensive data privacy and compliance programs. Our goal is to ensure that our customers feel confident with Syngency as a trusted data processor. Some of the major changes already done and which will be in place before May 25, 2018 include:

• Building a universal Data Governance service on the platform to ensure consent is captured globally across the platform and commercial sites.
• Company-wide and department-specific data protection training for all Syngency employees.
• Documenting all external services in use companywide and ensuring compliance and transparency where data is shared.
• Updates of our privacy policy and terms of service to reflect changes related to GDPR.
• Building internal policies covering requests for information, the ability to correct personal information and likewise, to delete it.

FAQ

1. Where does Syngency store customer data?

   Similar to many SaaS providers, we use a top-tier, third-party data hosting provider (Amazon Web Services) with servers located in the U.S., to host our online and mobile services. For more information about AWS’s approach to compliance with the GDPR, visit the AWS GDPR Center.

2. Will Syngency be storing EU customer data in the EU?

   Syngency has no short term plans to store data in the EU, and this isn’t required under GDPR. Instead, GDPR requires companies to implement appropriate safeguards when they export personal data out of the EU.

   Syngency ensures that it complies with EU data export restrictions when it exports data outside of the EU, and will be doing a full audit prior to May 2018 on the data export mechanisms it has in place to ensure they comply, and will continue to comply, with GDPR.

3. How does Syngency comply with EU data export restrictions?

   When personal data is hosted or processed outside of the European Economic Area by Syngency, GDPR requires that it remains protected by appropriate safeguards in line with EU law. There are a few ways that Syngency achieves this.

   First, some of our EU customers' data is processed in New Zealand (where our Headquarters are located). New Zealand is recognised by the EU as an 'adequate' country (i.e. safe country) to receive and process EU personal data, pursuant to European Commission Decision 2013/65/EU.

   When we process EU customer data in other territories, like the United States of America or Australia, we ensure "appropriate safeguards" are in place that are prescribed by GDPR – i.e., by entering into the European Commission's Standard Contractual Clauses with the entity the data is transferred to, or by ensuring the entity is Privacy Shield certified (for transfers to US based entities).

4. Who are Syngency's subprocessors?

   A full list of Syngency's subprocessors are available on our subprocessors page.

Summary

Syngency is constantly evolving and expanding our security and compliance offerings to ensure an ever greater level of comfort and assurance to all users. We look forward to being a strong partner as you manage your ever growing agency business. If you have additional questions about Syngency's privacy or security practices or want to obtain an update on our progress, please contact your sales representative for more information.