Content Experience Hub (“CXH”)
Effective on: 4/10/2020
Introduction and Scope
Syndigo LLC (“Syndigo”, “we”, “us”, “our”) takes the protection of personally identifiable information (“Personal Data”) very seriously. This Privacy Notice (the “Notice”) addresses data subjects whose Personal Data we may receive in our web-based software application Content Experience Hub (“CXH”).
In this circumstance, we act only as a storage and service provider, without any interest or knowledge about what is being stored, and in general shall only access such data at our customers’ request in connection with customer support or account administration matters, as is reasonably necessary in order to provide the services that our customers have directed us to provide, or as may be required by law.
Please read this Notice to learn more about the ways in which we collect, use, and otherwise process your Personal Data within CXH. This Notice also explains your rights under the General Data Protection Regulation (“GDPR”), the California Consumer Privacy Act of 2018 (“CCPA”) and other applicable privacy laws (“Applicable Laws”).
This Notice does not apply to Personal Data we collect by other means, such as Personal Data that we receive directly through Syndigo’s own publicly accessible website (www.syndigo.com) or as part of our sales and marketing efforts, or the Personal Data of our employees.
In the context of this Notice, Syndigo acts as a “data processor” or “service provider”, for the Personal Data we process for our customers through CXH. This means that our customers determine the type of Personal Data they provide to Syndigo to process on their behalf. We typically have no direct relationship with the individuals whose Personal Data we receive from our customers.
Basis of Processing
Within the scope of this Notice, we process Personal Data based on the documented instructions of our customers. To learn about our customers’ lawful bases for processing your Personal Data, please read their privacy policies.
How We Receive Personal Data
We may receive your Personal Data when:
- you provide it directly to us as part of using CXH;
- our customers (including their employees, contractors, and other representatives of the company) provide it to us; or
- we receive it from other companies within our corporate group.
Categories of Personal Data
We may process the following types of Personal Data:
- biographical information, such as first and last name;
- professional information, such as business email and company name;
- contact information, such as email address and, username; and
- any other type of Personal Data that CXH users may potentially submit at their own discretion using the “Product Feedback” functionality.
Purposes of Processing
We may process your Personal Data for the purposes of:
- enabling the use of CXH;
- improving CXH; and
- responding to your requests or questions.
We retain Personal Data for as long as instructed by the respective customer (who typically acts as a data controller).
Sharing Personal Data with Third Parties
We may share Personal Data with our subsidiaries and affiliates, as well as with our service providers, who process Personal Data on our behalf, and who agree to use the Personal Data only to assist us in operating CXH or as required by law. Our service providers may provide:
- application hosting services;
- cloud storage services;
- email software;
- analytics services; and
- CRM software.
Some of these third parties may be located outside of the United States. However, before transferring your Personal Data to these third parties, we will either ask for your explicit consent or require the third party to maintain at least the same level of privacy and security for your Personal Data that we do. We remain liable for the protection of your Personal Data within the scope of our Privacy Shield certification that we transfer to third parties, except to the extent that we are not responsible for the event that leads to any unauthorized or improper processing.
Other Disclosure of Your Personal Data
We may disclose your Personal Data to the extent required by law, or if we have a good-faith belief that we need to disclose it in order to comply with official investigations or legal proceedings (whether initiated by governmental/law enforcement officials, or private parties). We may also disclose your Personal Data if we sell or transfer all or some of our company’s business interests, assets, or both, or in connection with a corporate restructuring. Finally, we may disclose your Personal Data to our subsidiaries or affiliates, but only if necessary, for business purposes, as described in the section above.
We reserve the right to use aggregated, anonymous data about individuals whose Personal Data we process in our CXH application for any legal business purpose. Such data does not include any Personal Data. The purposes may include analyzing usage trends or seeking compatible advertisers, sponsors, and customers.
If we must disclose your Personal Data in order to comply with official investigation or legal processing initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of your Personal Data will maintain the privacy and security of your Personal Data.
A “cookie” is a small file stored on your device that contains information about your device. CXH contracts with a third-party data analytics company, Pendo, which utilizes cookies. We use these cookies to analyze use of CXH and improve the service.
If you would prefer not to accept cookies, you can alter the configuration of your browser to reject all cookies or some cookies. Note, if you reject certain cookies, you may not be able to access all of CXH’s features. For more information, please visit https://www.aboutcookies.org/
Data Integrity & Security
Syndigo has implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect Personal Data from unauthorized processing such as unauthorized access, disclosure, alteration, or destruction.
Your Privacy Rights
If we process your Personal Data, you may have the right to request access to (or to update, correct, or delete) such Personal Data. You may also have the right to ask that we limit our processing of such Personal Data, as well as the right to object to our processing of such Personal Data. You may also have the right to data portability.
If we have received your Personal Data in reliance on the Privacy Shield, you may also have the right to opt out of having your Personal Data shared with third parties and to revoke your consent to our sharing your Personal Data with third parties. You may also have the right to opt out if your Personal Data is used for any purpose that is materially different from the purpose(s) for which it was originally collected or which you originally authorized.
Please note that requests should generally be sent directly to the Syndigo customer who provided your Personal Data to us. Syndigo has limited rights to access Personal Data our customers submit to us. If sending the request directly to the Syndigo customer is not possible for any reason and you decide to contact us with such a request, please provide the name of the Syndigo customer who submitted your Personal Data to us. We will forward your request to that customer and provide any needed assistance as they respond to your request.
EU-U.S. and Swiss-U.S. Privacy Shield Frameworks
For Personal Data processed in the scope of this Notice, Syndigo complies with the EU-U.S. Privacy Shield Framework [and Swiss-U.S. Privacy Shield Framework] (the “Privacy Shield”), as adopted and set forth by the U.S. Department of Commerce regarding the processing of Personal Data transferred from the European Union, the European Economic Area, the United Kingdom[, or Switzerland] to the United States, or otherwise received in reliance on the Privacy Shield. We commit to adhere to the Privacy Shield Principles and have certified our adherence to the Department of Commerce.
To learn more about the Privacy Shield, and to view our certification, please visit https://www.privacyshield.gov and https://www.privacyshield.gov/list, respectively.
VeraSafe Privacy Program
Syndigo is a member of the VeraSafe Privacy Program. This means that VeraSafe has assessed our data governance and data security (regarding Personal Data processed within the scope of this Privacy Notice) for compliance with the VeraSafe Privacy Program Certification Criteria. The certification criteria require that participants maintain a high standard for data privacy. Participants must also implement specific best practices regarding notice, onward transfer, choice, access, data security, data quality, recourse, and enforcement.
Where a privacy complaint or dispute cannot be resolved through our internal processes, we have agreed to participate in the VeraSafe Privacy Shield Dispute Resolution Procedure. Subject to the terms of the VeraSafe Privacy Shield Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Privacy Shield Dispute Resolution Procedure, please submit the required information through the webform located here: https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/
If a complaint or dispute related to Personal Data cannot be resolved through Syndigo’s internal process, in addition to the VeraSafe Dispute Resolution Procedure Syndigo has agreed to cooperate with the EU data protection authorities and the Swiss Federal Data Protection and Information Commissioner and to participate in the dispute resolution procedures of the panel established by such data protection authorities.
If your dispute or complaint can’t be resolved by us, nor through the dispute resolution program established by VeraSafe, you may have the right to require that we enter into binding arbitration with you under the Privacy Shield’s “Recourse, Enforcement and Liability Principle” and Annex I of the Privacy Shield.
Syndigo is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
European Union Supervisory Authority Oversight
If you are a data subject whose Personal Data we process, you may also have the right to lodge a complaint with a data protection regulator in one or more of the European Union member states.
Privacy of Children
We do not knowingly collect Personal Data from anyone under 18. In the event that we learn that we process Personal Data from a child under age 13, we will delete the Personal Data we have stored as quickly as possible. If you believe that we might have any Personal Data from or about a child under 13, please contact us or the customer that has provided the child’s information to us.
Changes to this Notice
If we make any material change to this Notice, we will post the revised Notice to this web page. We will also update the “Effective” date. By continuing to use CXH after we post any of these changes, you accept the modified Notice.
If you have any questions about this Notice or our processing of your Personal Data, please write to our Senior Counsel by email at firstname.lastname@example.org or by postal mail at:
Attn: Debra Osborn, Senior Counsel
141 W. Jackson Blvd., Ste 1220
Chicago, IL 60604
Please allow up to four weeks for us to reply.
European Union Representative
We have appointed VeraSafe as our representative in the EU for data protection matters. While you may also contact us, VeraSafe can be contacted on matters related to the processing of Personal Data. To contact VeraSafe, please use this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative/ or via telephone at: +420 228 881 031.
Alternatively, VeraSafe can be contacted at:
VeraSafe Ireland Ltd
Unit 3D North Point House
North Point Business Park
New Mallow Road
VeraSafe Czech Republic s.r.o.
VeraSafe Netherlands BV
Keizersgracht 391 A
1016 EJ Amsterdam
Data Protection Officer
We have appointed VeraSafe as our Data Protection Officer (DPO). While you may contact us directly, VeraSafe can also be contacted on matters related to the processing of Personal Data. VeraSafe’s contact details are:
22 Essex Way #8203
Essex, VT 05451 USA