Services Privacy Policy
Syntax endeavors to protect your privacy and the confidentiality, integrity and availability of data and information entrusted to it. This Services Privacy Policy (the “Policy”) explains the privacy practices that We employ when providing support, consulting, hosting or other services (the “Services”) to its clients (“You”) pursuant to our Services Agreement. Syntax has created this Services Privacy Policy in order to clarify that the use of information to which it may be provided access in order to provide Services is more limited than the use of information covered by Syntax’s Privacy Policy.
SERVICES DATA
Services Data is data and/or any information, including personally identifiable or personal information, which is stored on Syntax, client or third party systems to which Syntax is provided access in order to perform Services under an agreement executed by Syntax and its client(s).
Syntax handles Services Data according to the terms of this Policy, the agreement executed by Syntax and its client, and in compliance with any other applicable law, regulation, control or privacy policy referenced in the agreement between Syntax and its client(s).
The difference between Services Data provided by a client and personal or other information collected by Syntax is as follows: When a client contracts with Syntax for Services, the client provides information about itself, including its name, address, billing information, and some employee contact information; this information is handled according to the terms of Syntax’s Privacy Policy, where applicable. In contrast, if, having contracted with Syntax for Services, a client provides Syntax with access to its Production, development or test environment(s), which may contain personal information about its employees, customers, or vendors (collectively “End Users”), this information is Services Data and is handled according to the terms of this Services Privacy Policy.
HOW SERVICES DATA IS COLLECTED AND USED
Syntax may access, collect and/or use Services Data in order to provide Services and to correct problems. Services Data may be accessed and used to perform support, consulting, and/or other services including, but not limited to, testing and applying new product or system versions, patches, updates and upgrades; monitoring and testing system use and performance; and resolving bugs and other issues.
Any copies of Services Data created for these purposes are only maintained for time periods relevant to those purposes and treated as confidential under an applicable Syntax agreement with its client. Additionally, in certain circumstances, a law, court order, or other judicial or administrative process may require Syntax to provide access to Services Data to a government authority or a party to a private lawsuit.
Syntax may transfer and access Services Data as required for the purposes specified above, in compliance with applicable law and the agreement executed by Syntax and its client.
We may share Services Data with third parties who provide services to Syntax, including but not limited to information technology and related infrastructure provisioning, customer service, email delivery, auditing, and other similar services. When Syntax shares Services Data with third party service providers, We require that they use your Services Data only for the purpose of providing services to us and subject to terms consistent with this Policy and an agreement executed by Syntax and such third party.
Syntax employees and any subcontractors or agents acting on our behalf in order to provide Services are required to sign formal agreements protecting the strict confidentiality of Services Data and any/all client and Syntax confidential or proprietary information, their access is limited to that which is required for them to perform the service for which they have been employed or engaged and all Syntax personnel are required to attend annual security, confidentiality, and privacy training.
Syntax does not use Services Data except for the purposes stated above and those purposes stated in a client’s contract with Syntax. Syntax may process Services Data, but Syntax does not control Services Data and is not a data controller for this data. Syntax has no control over how its clients collect or use personal data or information, or even the nature or type of data or information a client may store on servers hosted or managed by Syntax, and Syntax does not own Services Data. All Syntax clients are required by contract to comply with all applicable laws, regulations, and the terms and conditions of their contracts with Syntax. If You provide any Services Data to Syntax, You are responsible for providing any notices and/or obtaining any consents necessary for Syntax to access, use, process, retain and transfer Services Data as specified in this Policy and in your contract with Syntax.
ACCESS CONTROLS
Syntax’s access to Services Data is based on its specific contract with each of its clients and Syntax’s security policies. Services Data that is stored in Syntax-hosted or managed systems is controlled via an access control list mechanism, as well as the use of an account management framework.
You control access to Services Data by your End Users; End Users should direct any requests related to their personally identifiable information to You; however, if End Users contact Syntax directly, Syntax will take reasonable steps to facilitate communication between You and the affected End User.
You and your end users shall take reasonable steps to maintain the privacy of usernames and passwords to prevent unauthorized access to or disclosure of usernames and passwords. You and your end users are entirely responsible to maintain the confidentiality of usernames and passwords.
SECURITY AND NOTIFICATION OF BREACH
Security. Syntax employs reasonable and appropriate physical, administrative and technical measures to maintain the confidentiality, integrity, and availability of Services Data under its control or in its possession. Syntax security policies cover the management of security for both its internal operations as well as the Services. These policies govern security applicable to Services and apply to all Syntax employees, subcontractors and agents. Syntax’s security policies and procedures are continually reviewed and overseen by Syntax management who are responsible for security oversight, compliance and enforcement, and for conducting information security assessments.
Syntax takes reasonable and appropriate steps to reduce the risks of human error, theft, fraud, and misuse of its facilities. Syntax requires that all employees, subcontractors, and agents read and acknowledge its security policies. Syntax employees, subcontractors, and agents are required to maintain the confidentiality of Services Data. Employees’, subcontractors’, and agents’ confidentiality obligations include written confidentiality agreements, training on data protection, and compliance with all company policies relevant to the protection of confidential information. Notwithstanding, no system for safeguarding personal or other information is 100% secure and we cannot fully eliminate security risks associated with Services Data.
Notification of Breach. Syntax continually evaluates potential vulnerabilities and risks to Services Data under its control or in its possession and promptly responds to all known data security incident reports. Syntax’s Management review such incidents to determine appropriate escalation paths based on the specific details of each circumstance and put response teams in place to address the incidents. If Syntax determines that Services Data has been subject to unauthorized access or acquisition that affects the confidentiality, integrity, or availability of such data, Syntax will promptly inform You.
PRIVACY CERTIFICATIONS
Syntax Systems USA LP is a wholly owned subsidiary of Syntax. To mark its commitment to privacy, Syntax Systems USA LP is certified under the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce. To view the certification of Syntax Systems USA LP, please visit https://www.privacyshield.gov/.
CROSS BORDER TRANSFERS
As relates to personal data subject to the EU General Data Protection Regulation, Syntax Systems USA LP may transfer such data out of the European Economic Area (EEA) in performance of the Services. When we transfer such data out of the EEA, we endeavor to ensure it receives a similar degree of protection as provided by the data protection laws of your jurisdiction. To obtain additional information on the mechanism we use to transfer EEA personal data, please contact us at [email protected].
When processing and/or transferring personal data subject to the GDPR on behalf of its EEA customers, Syntax Systems USA LP does so as a data processor, at the direction of the client as data controller.
ENFORCEMENT
Syntax Systems USA LP has appointed a Chief Compliance Officer and regularly reviews compliance with this Policy. If at any time You believe Service Data, including personal data has been processed or disclosed in violation of this Policy, please address written details concerning the unauthorized processing or disclosure to:
Syntax Systems USA LP
601 Keystone Park Drive, Suite 600, Morrisville NC 27560
Attention: Head of Legal, DPO and Chief Compliance Officer
You may also contact us at [email protected], if You have questions or complaints regarding our Policy or practices.
CHANGES IN THESE TERMS
The Effective Date of this Policy is October 2016. This Policy was last updated on February 28, 2022. We may change this Policy from time to time and will post notices on the Website at the time of any material changes to this Policy.