July 2019 (v5)
This Policy relates to Personal Information (i.e., information that identifies a specific individual) and related data that Syntrio, Inc. (“Syntrio”) collects or otherwise receives, through its website, directly from customers and through other means. It does not include Syntrio Human Resources information.
Syntrio collects and otherwise receives the following types of Personal Information and related data:
• Customer Service: Syntrio receives directly from business customers Personal Information related to their employees and third parties through its learning management system (LMS) and online courses. This data may include: name, email, employee number, department, function, and other non-sensitive Personal Information pertaining to an employee’s demographic characteristics. In addition, Syntrio records certain education information such as employee course completion, course bookmark, course quiz score, course review, and other data that enables the customer to understand their employees’ performance and to help Syntrio improve its course quality.
• Marketing: Syntrio subscribes to various services that provide individuals’ names, titles, business email addresses and other contact information of prospective and current customers for marketing purposes. Syntrio gathers customer and prospect names, telephone numbers, email addresses and related contact information at trade shows and other events. Syntrio gathers the above contact information from visitors to our website when these individuals provide this data to us directly.
Onward Transfers of Data
Syntrio provides Personal Information to the following types of third parties for the identified purposes:
A. To business partners, serving as agents (or “processors”), to assist us in delivering our products and services to customers. These include organizations that process Personal Information on our behalf.
In transferring Personal Information to these parties as agents, we:
• Only transfer data for limited and specific purposes related to delivering our products and services or other Company operations;
• Ascertain that the agent’s policies maintain a commensurate level of compliance regarding this data.
• Take reasonable steps to ensure the agent effectively processes this data in a manner consistent with our duties under the Principles;
• Require the agent to notify us if it makes a determination that it can no longer meet obligation commensurate with the Principles; upon such notice, we take reasonable steps to stop and remediate unauthorized processing;
• Will provide a summary or a representative copy of relevant privacy provisions of our contract with that agent to the U.S. Department of Commerce upon request.
B. To business partners for co-marketing purposes (where we market to their customers and they market to our customers).
In transferring Personal Information to these parties as data controllers, we seek to:
• Only transfer data for limited and specified purpose;
• Determine that the organization is obligated to provide at least the same level of privacy protection as is required of Syntrio;
• Take reasonable steps to ensure the organization effectively processes Personal Information in a manner consistent with Syntrio’s data privacy duties;
• Expect the organization to notify us if it makes a determination that it can no longer meet its data protection obligation; upon notice, take reasonable steps to stop and remediate unauthorized processing;
• Provide a summary or a representative copy of relevant privacy provisions of our contract with that organization or our third-party partners’ policies to the U.S. Department of Commerce upon request.
Syntrio does not provide its third-party Processors with personal information. However, Syntrio remains liable under the Privacy Shield Principles if Syntrio’s third-party Processor onward transfer recipients process relevant Personal Data in a manner inconsistent with the Privacy Shield Principles, unless Syntrio proves that it is not responsible for the event giving rise to the damage.
Individuals from whom Syntrio collects and for whom it maintains Personal Information may limit use and disclosure of this Personal Information through the following:
• To be disclosed to a third party, other than as an agent, or
• To be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individuals.
Syntrio provides opt-out mechanisms in related communications that allows individuals to remove themselves from future or unrelated communications. Individuals can always contact us directly to exercise their choice regarding these communications. Specifically, we provide an opt-out mechanism where we intend to share an email address with a third-party for a purpose other than that for which the Personal Information was collected.
Note that Syntrio must process certain Personal Information to provide its products and services to its customers. For example, Syntrio may need to provide product/service update information to fulfill the terms of its service. In such situations, no opt-out mechanism is available, other than cancelling the product or service.
For Sensitive Personal Information: If Syntrio collects Sensitive Personal Information, such as personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual, we will provide an opt-in mechanism before using it or sharing it with third parties if such use would be for a purpose other than what it was intended for when initially collected.
Anonymous Website Data
Syntrio uses tracking technologies on its website to provide our visitors with certain features, to better understand how visitors use our website, and to advertise to visitors, sometimes through relationships with third parties, such as Google or Yahoo. Our website visitors are able to control certain tracking technologies through their own browsers they use to visit our website.
Syntrio’s website may provide links to other organizations’ websites. Syntrio is not responsible for these organizations’ privacy practices or their website content.
Syntrio takes reasonable and appropriate measures to protect Personal Information that it creates, maintains, uses or disseminates from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the personal data.
Data Integrity and Purpose Limitation
Personal Information is limited to the information that is relevant for the purposes of processing.
Syntrio strives not to process personal information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the individual. To the extent necessary for those purposes, Syntrio takes reasonable steps to ensure that Personal Information is reliable for its intended use, accurate, complete, and current. Syntrio adheres to the Principles for as long as it retains such information.
Syntrio retains Personal Information in a form identifying or making identifiable the individual only for as long as it serves a purpose of processing. Syntrio takes reasonable and appropriate measures in complying with this provision.
Syntrio seeks to maintain the accuracy, completeness and relevance of Personal Information it maintains. It provides individuals subject to this data with an opportunity to review their Personal Information, upon request, to ensure that it is accurate, complete, current, timely and reliable for its intended use. The Company will work with these individuals to ensure Personal Information meets these objectives.
Syntrio provides individuals with Personal Information that the Company maintains with an opportunity to review their Personal Information, upon request, to ensure that it is accurate, complete, current, timely and reliable for its intended use, and make corrections, as warranted. In certain instances, the Company may charge a fee for this service, provided that the fee is not excessive.
Individuals also can raise any complaints regarding the Company’s data privacy practices as follows. The Company will respond within a reasonable time to any request or complaint, not to exceed 45 days. Individuals can contact the following regarding any questions or complaints regarding their Personal Information:
Syntrio may change this policy to remain consistent with governing law and other good practices of data privacy protection. When changes are made to this Policy, the company will communicate these changes to all employees, update it on the Company’s website and maintain a copy of the previous privacy policies. The Company will also notify customers of any materials changes to this policy to allow them to make any choices of how we will use their Personal Information going forward.
Recourse, Enforcement and Liability
Syntrio uses Judicial Arbitration and Mediation Services, Inc. as its independent dispute resolution organization that individuals can contact for any disputes regarding with Syntrio their Personal Information. You can contact this organization at:
Syntrio may be required to disclose Personal Information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
Syntrio has further committed to refer unresolved privacy complaints to an independent dispute resolution mechanism provided above.
If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit the independent dispute resolution service provide listed above for more information and to file a complaint.
Syntrio will assess its adherence to its privacy policies annually. This assessment will include the following:
• A review of Syntrio privacy policies for ongoing conformance with applicable law.
• Review of the Personal Data that Syntrio collects and means of collecting this data.
• Inclusion of mechanisms, and related communications, that individuals can review their Personal Data, correct it, ask questions or file a complaint.
• Training for Syntrio employees, based on their degree of involvement with Personal Data.
If Syntrio should undergo a business transfer, such as a merger, acquisition, divestiture, or other such action, that will likely lead to Personal Information being transferred to a new entity, the Company will provide a notification on our website of any change in ownership or uses of this Personal Information, as well as any choices related parties may have regarding this Personal Information.