HOW SERVICES DATA IS COLLECTED AND USED
Syntax may access, collect and/or use Services Data in order to provide Services and to correct problems. Services Data may be accessed and used to perform support, consulting, and/or other services including, but not limited to, testing and applying new product or system versions, patches, updates and upgrades; monitoring and testing system use and performance; and resolving bugs and other issues. Any copies of Services Data created for these purposes are only maintained for time periods relevant to those purposes and treated as confidential under an applicable Syntax agreement with its client. Additionally, in certain circumstances, a law, court order, or other judicial or administrative process may require Syntax to provide access to Services Data to a government authority or a party to a private lawsuit.
Syntax may transfer and access Services Data as required for the purposes specified above, in compliance with applicable law and the agreement executed by Syntax and its client. We may share Services Data with third parties who provide services to Syntax, including but not limited to information technology and related infrastructure provisioning, customer service, email delivery, auditing, and other similar services. When Syntax shares Services Data with third party service providers, We require that they use your Services Data only for the purpose of providing services to us and subject to terms consistent with this Policy and an agreement executed by Syntax and such third party. Syntax employees and any subcontractors or agents acting on our behalf in order to provide Services are required to sign formal agreements protecting the strict confidentiality of Services Data and any/all client and Syntax confidential or proprietary information, their access is limited to that which is required for them to perform the service for which they have been employed or engaged and all Syntax personnel are required to attend annual security, confidentiality, and privacy training. Syntax is responsible for its agents’ and subcontractors’ compliance with the terms of this Policy.
Syntax does not use Services Data except for the purposes stated above and those purposes stated in a client’s contract with Syntax. Syntax may process Services Data, but Syntax does not control Services Data. Syntax has no control over how its clients collect or use personal data or information, or even the nature or type of data or information a client may store on servers hosted or managed by Syntax, and Syntax does not own Services Data but all clients are required by contract to comply with all applicable laws, regulations, including the Privacy Shield Principles, if applicable, and the terms and conditions of their contracts with Syntax. If You provide any Services Data to Syntax, You are responsible for providing any notices and/or obtaining any consents necessary for Syntax to access, use, retain and transfer Services Data as specified in this Policy and in your contract with Syntax.
Syntax’s access to Services Data is based on its specific contract with each of its clients and Syntax’s security policies. Services Data that is stored in Syntax-hosted or managed systems is controlled via an access control list mechanism, as well as the use of an account management framework. You control access to Services Data by your End Users; End Users should direct any requests related to their personally identifiable information to You; however, if End Users contact Syntax directly, Syntax will take reasonable steps to facilitate communication between You and the affected End User.
SECURITY AND NOTIFICATION OF BREACH
Security. Syntax is committed to the security of your Services Data. Syntax employs physical, administrative and technical measures in order to prevent unauthorized access to Services Data. Syntax security policies cover the management of security for both its internal operations as well as the Services. These policies govern all areas of security applicable to Services and apply to all Syntax employees, subcontractors and agents. Syntax’s security policies and procedures are continually reviewed and overseen by Syntax management who are responsible for security oversight, compliance and enforcement, and for conducting information security assessments.
Syntax is also committed to reducing the risks of human error, theft, fraud, and misuse of its facilities. Syntax’s requires that all employees, subcontractors, and agents read and acknowledge its security policies. Syntax employees, subcontractors, and agents are required to maintain the confidentiality of Services Data. Employees’, subcontractors’, and agents’ confidentiality obligations include written confidentiality agreements, training on data protection, and compliance with all company policies relevant to the protection of confidential information.
Notification of Breach. Syntax continually evaluates and promptly responds to all incident reports and potential vulnerabilities of Services Data. Syntax’s Management review such incidents to determine appropriate escalation paths based on the specific details of each circumstance and put response teams in place to address the incidents. If Syntax determines that Services Data has been misappropriated or otherwise wrongly acquired by a third party, Syntax will promptly inform You of each misappropriation or acquisition.
Core Services Corporation (“Core”) is a wholly owned subsidiary of Syntax and adheres to all terms and conditions stated here in.
As pertains to personal information contained in any “Services Data” (defined below), Core complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce and European Commission regarding the collection, use and retention of personal information from EU member countries when Core and its client have agreed by contract that transfers of personal information from the European Economic Area (“EEA”) will be transferred and processed pursuant to the Privacy Shield for the relevant Services. Core commits to cooperate with the EU data protection authorities (“DPAs”) to resolve disputes pursuant to the EU-US Privacy Shield Principles. Core is subject to the investigatory and enforcement powers of the Federal Trade Commission (“FTC”). In that regard, We certify that We comply with the seven (7) EU-US Privacy Shield Framework Principles set forth by the United States Department of Commerce, in relation to personal information collected from European Union states.
To learn more about the Privacy Shield framework, and to view Core’s certification, please visit https://www.privacyshield.gov/list.
If You have questions or complaints regarding our Policy or practices, please contact us at firstname.lastname@example.org.
PRIVACY SHIELD AND CROSS BORDER TRANSFER
As relates to Services Data and any information contained therein, including personal information, Core complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries when a client and Core have agreed by contract that transfers of personal information from the European Economic Area (“EEA”) will be transferred and processed pursuant to the Privacy Shield for the relevant Services. When conducting those activities on behalf of its EEA customers, Core holds and/or processes personal information from the EEA at the direction of the client. Core will then be responsible for ensuring that third parties acting as an agent on Core’s behalf do the same. Core is responsible and liable under the Privacy Shield Principles if any third party agent acting on its behalf processes information in a way that is inconsistent with the Privacy Shield Principles, unless Core is able to prove that it is not responsible for the event that gave rise to the damage.
Core has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/list.
PRIVACY SHIELD AND DISPUTE RESOLUTION
We strongly encourage You to contact us if You have any complaints regarding our compliance with this Policy or if You have any general privacy related complaints. We will investigate and attempt to resolve any such complaint and/or dispute regarding the use and/or disclosure of personal information in accordance with this Policy. For any that cannot be resolved with Syntax directly and relate to Personal Information from EU member countries, Core has chosen to cooperate with EU DPAs and comply with the information and advice provided to it by an informal panel of DPAs in relation to such unresolved complaints (as further described in the Privacy Shield Principles). Please contact us to be directed to the relevant DPA contacts. As further explained in the Privacy Shield Principles, in certain circumstances, binding arbitration option may also be made available to you in order to address residual complaints not resolved by any other means. Core is subject to the investigatory and enforcement powers of the FTC as relates to Personal Information from EU member countries.
Core has appointed a Chief Compliance Officer and regularly reviews compliance with this Policy. If at any time You believe that personal information has been disclosed in violation of this Policy, please address written details concerning the unauthorized disclosure to:
Core Services Corporation
130 Belmont Drive
Somerset, NJ 08873
Attention: Vice President, General Counsel and Chief Compliance Officer
You may also contact us at email@example.com, if You have questions or complaints regarding our Policy or practices.
We will investigate your claim fully. We will also cooperate with appropriate government agencies, including local DPAs as applicable, to resolve any complaint regarding Core’s transfer of personal data from EU member countries. In compliance with the EU-US Privacy Shield Principles, Core commits to resolve complaints about your privacy. Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
CHANGES IN THESE TERMS
The Effective Date of this Policy is October 2016. This Policy was last updated on October 18, 2018. We may change this Policy from time to time and will post notices on the Website at the time of any material changes to this Policy.