At Syngency, ensuring the security and privacy of the data you’ve trusted us with is a top priority throughout the company. Those efforts include compliance with the European General Data Protection Regulation (GDPR) that went into effect on May 25th, 2018. The GDPR is a comprehensive European privacy law designed to ensure transparency, accountability, purpose limitation, accuracy, integrity and confidentiality and is core to the controls and processes we have in place to ensure we handle and process your data in accordance with your wishes.
Security and confidentiality of our customers’ data has been central to the design and operation of the Syngency Platform since inception. Our rigorous and ever-expanding compliance program includes 3rd party audits that enable us to provide our customers reports validating the security of the platform with industry standards.
We have numerous changes to our internal processes, policies and products currently underway to further strengthen our comprehensive data privacy and compliance programs. Our goal is to ensure that our customers feel confident with Syngency as a trusted data processor. Some of the major changes already done and which will be in place before May 25, 2018 include:
Similar to many SaaS providers, we use a top-tier, third-party data hosting provider (Amazon Web Services) with servers located in the U.S., to host our online and mobile services. For more information about AWS’s approach to compliance with the GDPR, visit the AWS GDPR Center.
Syngency has no short term plans to store data in the EU, and this isn’t required under GDPR. Instead, GDPR requires companies to implement appropriate safeguards when they export personal data out of the EU.
Syngency ensures that it complies with EU data export restrictions when it exports data outside of the EU, and will be doing a full audit prior to May 2018 on the data export mechanisms it has in place to ensure they comply, and will continue to comply, with GDPR.
When personal data is hosted or processed outside of the European Economic Area by Syngency, GDPR requires that it remains protected by appropriate safeguards in line with EU law. There are a few ways that Syngency achieves this.
First, some of our EU customers' data is processed in New Zealand (where our Headquarters are located). New Zealand is recognised by the EU as an 'adequate' country (i.e. safe country) to receive and process EU personal data, pursuant to European Commission Decision 2013/65/EU.
When we process EU customer data in other territories, like the United States of America or Australia, we ensure "appropriate safeguards" are in place that are prescribed by GDPR – i.e., by entering into the European Commission's Standard Contractual Clauses with the entity the data is transferred to, or by ensuring the entity is Privacy Shield certified (for transfers to US based entities).
A full list of Syngency's subprocessors are available on our subprocessors page.
Syngency is constantly evolving and expanding our security and compliance offerings to ensure an ever greater level of comfort and assurance to all users. We look forward to being a strong partner as you manage your ever growing agency business. If you have additional questions about Syngency's privacy or security practices or want to obtain an update on our progress, please contact your sales representative for more information.
One of our team members will reply to your message as soon as possible.
2190 Beach Street
San Francisco, CA
+1 (650) 560-4580
One of our team will reply to your message as soon as possible