Syndigo LLC, including its subsidiaries and affiliates (“Syndigo,” “we,” “us,” “our”) takes the protection of personally identifiable information (“Personal Data”) very seriously.
We process Personal Data when providing our Master Data Management (MDM)/Product Information Management (PIM), services (the “Services”). This Privacy Notice (the “Notice”) addresses data subjects whose Personal Data we may process to provide the Services.
In connection with the Services, we act only as a storage and service provider, and in general shall only access Personal Data at our customers’ request in connection with customer support or account administration matters, as is reasonably necessary in order to provide the Services that our customers have directed us to provide, or as may be required by law.
Please read this Notice to learn more about the ways in which we collect, use, and otherwise process your Personal Data to provide the Services to you. This Notice also explains your rights under the General Data Protection Regulation (“GDPR”), the California Consumer Privacy Act of 2018 (“CCPA”), and other applicable privacy laws (“Applicable Laws”).
This Notice does not apply to Personal Data we collect by other means, such as Personal Data that we receive directly through Syndigo’s own publicly accessible website (www.syndigo.com) or as part of our sales and marketing efforts, or the Personal Data of our employees.
In the context of this Notice, Syndigo acts as a “data processor” or “service provider” for the Personal Data we process to provide the Services for our customers. This means that our customers determine the type of Personal Data they provide to Syndigo to process on their behalf and what Syndigo must do with it. We typically have no direct relationship with the individuals whose Personal Data we receive from our customers.
Within the scope of this Notice, we process Personal Data based on the documented instructions of our customers. To learn about our customers’ lawful bases for processing your Personal Data, please read their privacy notices.
We may receive your Personal Data when:
We may process the following types of Personal Data:
We may process your Personal Data for the purposes of:
We retain Personal Data for as long as instructed by the respective customer (who typically acts as a data controller). In the absence of any instruction by the customer, Personal Data used for a project shall be disposed once the project is complete, or as defined by Syndigo’s data retention and disposal policy. As a general rule, we will delete all Personal Data associated with the employees of our customers within thirty days from the day the account with our customer was cancelled.
We may share Personal Data with our subsidiaries and affiliates, as well as with our service providers, who process Personal Data on our behalf and who agree to use the Personal Data only to assist us in providing our Services or as required by law. Our service providers may provide:
Some of these third parties may be located outside of the United States of America. However, before transferring your Personal Data to these third parties, we will either ask for your explicit consent or require the third party to maintain at least the same level of privacy and security for your Personal Data that we do. We remain liable for the protection of your Personal Data that we transfer to third parties, except to the extent that we are not responsible for the event that leads to any unauthorized or improper processing.
In addition, some of these third parties may be located outside your jurisdiction (for example, outside of Canada, the European Economic Area, Switzerland or the United Kingdom). For example, some of these third parties are located in the United States of America and India. In some cases, the authorities of your jurisdiction may have determined that the countries’ data protection laws provide a level of protection equivalent to the laws of your jurisdiction. You can see here the list of countries that the European Commission has recognized as providing an adequate level of protection to Personal Data. We will only transfer your Personal Data to third parties in these countries when there are appropriate safeguards in place. These safeguards may include the Standard Contractual Clauses as approved by the European Commission under Article 46.2 of the GDPR.
We do not sell your Personal Data.
We may disclose your Personal Data to the extent required by law, or if we have a good-faith belief that we need to disclose it in order to comply with official investigations or legal proceedings (whether initiated by governmental/law enforcement officials or private parties). We may also disclose your Personal Data if we sell or transfer all or some of our company’s business interests, assets, or both, or in connection with a corporate restructuring. Finally, we may disclose your Personal Data to our subsidiaries or affiliates for business purposes, if necessary and as described in the section above.
We reserve the right to use aggregated, anonymous data about individuals whose Personal Data we process for any legal business purpose. Such data does not include any Personal Data. The purposes may include analyzing usage trends or seeking compatible advertisers, sponsors, and customers.
If we must disclose your Personal Data in order to comply with official investigation or legal processing initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of your Personal Data will maintain the privacy and security of your Personal Data.
Syndigo does not use cookies to provide the Services. To learn about the use of cookies in relation to our website www.riversand.com, please review our Cookie Policy.
Syndigo has implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect Personal Data from unauthorized processing such as unauthorized access, disclosure, alteration, or destruction.
Whenever Personal Data is collected and processed, there is always a slight risk that the Personal Data may be breached, misused, or otherwise result in a harm to you. However, we take several measures to ensure that this risk is mitigated as much as possible. These measures include limiting the Personal Data about you that we collect and process to solely what is necessary, not collecting sensitive Personal Data about you, and implementing appropriate security measures, as described in this Notice.
If we process your Personal Data, you may have the right to request access to (or to update, correct, or delete) such Personal Data. You may also have the right to ask that we limit our processing of such Personal Data, as well as the right to object to our processing of such Personal Data. You may also have the right to data portability.
Please note that requests should generally be sent directly to the Syndigo customer who provided your Personal Data to us. Syndigo has limited rights to access Personal Data our customers submit to us. If sending the request directly to the Syndigo customer is not possible for any reason and you decide to contact us with such a request, please provide the name of the Syndigo customer who submitted your Personal Data to us. We will forward your request to that customer and provide any needed assistance as they respond to your request.
We do not knowingly collect Personal Data from anyone under the age of 13. In the event that we learn that we process Personal Data from a child under the age of 13, we will delete the Personal Data we have stored as quickly as possible. If you believe that we might have any Personal Data from or about a child under the age of 13, please contact us or the customer that has provided the child’s information to us.
If we make any material change to this Notice, we will post the revised Notice to this web page. We will also update the “Effective” date. By continuing to use the Services after we post any of these changes, you accept the modified Notice.
If you have any questions about this Notice or our processing of your Personal Data, please contact us by email at or by postal mail at:
Syndigo
Attn: Debra Osborn, Senior Counsel
141 W. Jackson Blvd., Ste 1220
Chicago, IL 60604
United States
Please allow up to four weeks for us to reply.
We have appointed VeraSafe as our representative in the EU for data protection matters. While you may also contact us, VeraSafe can be contacted on matters related to the processing of Personal Data. To contact VeraSafe, please use this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +420 228 881 031.
Alternatively, VeraSafe can be contacted at:
VeraSafe Ireland Ltd Unit 3D North Point House North Point Business Park New Mallow Road Cork T23AT2P Ireland VeraSafe Netherlands BV Keizersgracht 391 A 1016 EJ Amsterdam The Netherlands | VeraSafe Czech Republic s.r.o.Klimentská 46, Prague 1, 11002, Czech Republic |
United Kingdom Representative
We have appointed VeraSafe as our representative in the United Kingdom for data protection matters. While you may also contact us, VeraSafe can be contacted on matters related to the processing of Personal Data. To contact VeraSafe, please use this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +44 (20) 4532 2003.
Alternatively, VeraSafe can be contacted at:
VeraSafe United Kingdom Ltd.
37 Albert Embankment
London SE1 7TL
United Kingdom
We have appointed VeraSafe as our Data Protection Officer (“DPO”). While you may contact us directly, VeraSafe can also be contacted on matters related to the processing of Personal Data. VeraSafe’s contact details are:
VeraSafe, LLC
100 M Street S.E., Suite 600
Washington, D.C. 20003 USA
Email: experts@verasafe.com
Web: https://www.verasafe.com/about-verasafe/contact-us/