Personal Data Protection Policy
This Personal Data Protection Policy (hereinafter referred to as the “Policy”) document explains our privacy practices regarding the collection, use, disclosure and transfer of your Personal Data by Synechron and/or its subsidiary(ies) and/or affiliate(s) (collectively referred to as the "Synechron" or “we” or “us”, “our”),
Key objectives of this Policy are
- To demonstrate a set of privacy and personal data protection standards that govern Synechron’s practices and procedures to collect, store and process personal data in a lawful manner;
- To ensure personal data is protected from data security risks;
- To ensure Personal Data is transferred or processed in a manner consistent with the applicable data protection laws and regulations.
- To adhere to the data protection principles of: notice, choice and consent, onward transfer, security, data integrity, access, and enforcement
This Policy applies to information we collect when you use our website and other products and services, or when you otherwise interact with us, including when you attend events hosted or attended by Synechron and when you contact us for customer support. This Policy also applies to the Personal Data that is collected in connection with a job application / enquiry; from existing / potential employees; contractors and suppliers to carry out Synechron’s obligations in the field of employment laws, protecting Synechron’s legal rights, and for compliance with governmental, legislative, and regulatory requirements; internal business processes and management or to process the services received or purchased.
3. Personal Information that we collect
Synechron collects and processes only such Personal Data as is adequate, relevant and limited in scope to the requirement and for a length of time that is necessary for the stated purposes of its use. It may include: Your Personal Data given to us by filling in forms on our website (or other forms that we may ask you to complete), giving us a business card (or similar) or corresponding with us by telephone, post, email or otherwise. It may include, your name, address, email address and telephone number; and information about your professional role, background and interests;
If you exchange emails, telephone conversations or other electronic communications with our employees and other staff members, our information technology systems may collect certain details of such conversations’;
Some of our premises have closed circuit TV systems and other security and access management systems which may record you and certain information about your visit if you visit our premises, for security and safety purposes;
If we have a business relationship with the organisation that you represent, your colleagues or other business contacts may give us information about you such as your contact details or details of your role in the relationship;
- 3.1 Use of Personal Data and legal Basis for processing it
Synechron collects and uses Personal Data only for specific purposes for which it was collected at first and that its collection and processing of Personal Data is done in a manner consistent with those stated purposes. Synechron does not utilize an individual’s Personal Data in its control, beyond the scope for which it was collected without prior written consent from the individual.
We may collect your Personal Data for the following purposes:
- Deleting and blocking cookies
By using our website, you agree to provide us your implied consent to the placement of cookies on your device, as explained above. In case you wish to remove these cookies from your device, you can delete these via your browser settings. You can also adjust your browser settings to block these cookies. However, please be informed that deleting or blocking cookies will adversely affect your user experience as certain parts of the website may stop functioning. User discretion is advised while deleting or blocking cookies.
- Administering relationships services with various stakeholders;
- operational purposes;
- providing individuals with information concerning products and services which Synechron believes to be of interest;
- Personal Data collected at website - cookies may be used in website to track user behavior, etc., and/or user name, address, email, phone number may be collected for marketing or research purposes;
- To respond to any complaints or queries we receive
- accounting and billing / payment purposes (including to offer financing solutions to customers, together with our finance partners);
- to operate, administer and improve our website and premises and other aspects of the way in which we conduct our operations;
- for recruitment purpose;
- for fulfilling our obligations as your employer;
- for contractual obligations and client services
- compliance with any requirement of law or regulation;
- for the purpose of, or in connection with, any legal proceedings or for establishing, exercising or defending legal rights;
- 3.2 Legal Basis for Processing Data
We process your Personal Data when it is necessary for the performance of a contract to which you are the party or in order to take steps at your request prior to entering into a contract. Personal Information for the performance of a contract in the following circumstances:
We process your Personal Information when it is necessary for the purposes of a legitimate interest pursued by us or a third party (when these interests are not overridden by your data protection rights).
Wherever required, we obtain consent from the data subject prior to collecting, storing and processing of Personal Data wherever information processed is based on the data subject’s consent as a legal basis.
We give privacy notice detailing personal data processing and requirements to all data subjects for whom we process data as a data controller.
- 3.3 Disclosure and international transfer of Personal Data
We may disclose your Persona data, where reasonably necessary for the various purposes set out above:
- to the other members of the Synechron group of companies and affiliates;
- to service providers who process your information on our behalf, for commercial or any other transaction required for our legitimate business purposes, under conditions of confidentiality and data security required by law of the origin of such information;
- business partners, channel partners, service partner, agents, suppliers and sub-contractors for the performance of any contract we enter into with them or you;
- to a person who takes over our business and assets, or relevant parts of them; or
- to competent regulatory, prosecuting and other governmental agencies, or litigation counterparties, in any country or territory; or
- where we are required by law to disclose.
Synechron entities based in European Economic Area (EEA) region transfers Personal Data to Synechron group companies based in countries outside the EEA as joint data controllers , including to countries which have different data protection standards to those which apply in the EEA. In those cases, where we transfer your personal information to other members of the Synechron Group or our service providers, we will ensure that our arrangements with them are governed by relevant legal mechanisms and safeguards including data transfer agreements supported by standard contractual clauses issued by the European Commission, designed to ensure that your personal data and information is protected, on terms approved for this purpose by the European Commission and any other legal and regulatory authorities of country from where such information is originated.
4. Data Subject Rights: Access, Correction, Objection and Deletion
You have the right to access, correct, object or delete your Personal Data that we hold
Synechron recognizes that data subjects have a right to request a copy of the Personal Data held by Synechron. If any Personal Data is found to be incorrect, the individual concerned has the right to file a request to amend, update or delete it, as appropriate. Individuals also have a right to object to the processing of their Personal Data as per the prevailing laws.
If Synechron undertakes transactions or other services that involves the processing or disclosure of Personal Data on behalf of any of our client or counterparty, it shall be the responsibility of such client or counterparty to ensure that it has all necessary authority to permit Synechron to process and disclose the Personal Data accordingly. You have a right to object to data processing where Synechron has taken your consent for such data processing by writing an email to firstname.lastname@example.org.
The Personal Data will be deleted from the system on request or when it has served its purpose, only after a complete evaluation of compliance with any applicable legal obligations or legitimate reasons If you wish to exercise any of these rights (subject to applicable local laws), or have complaints about our processing of your personal information, please Contact us by writing an email to email@example.com
5. Confidentiality and Security of Personal Data
Synechron has taken prudent steps to safeguard the confidentiality and security of all Personal Data including taking procedural and organizational steps to protect Personal Data from accidental or unlawful destruction and disclosure. Synechron at certain locations holds ISO 27001 certification for its operations and follows industry best security practices such as the establishment of an effective Information Security Management System (ISMS) across its group companies and affiliates. Synechron information security and data privacy framework gets audited by independent auditors through the year. In addition, Synechron strives to protect personally identifiable information that it maintains or disseminates so that it is not accessed or obtained by unauthorized individuals or used in unauthorized ways.Personal Data Retention
Personal Data will not be retained for a period more than necessary to fulfill the purposes outlined in this Policy, in accordance with our data retention policy or if we believe that your Personal Data that we hold is inaccurate; or in certain cases where you have informed us that you no longer consent to our processing of your personal information unless a longer retention period is required by law or for directly related legitimate business purpose
6. Privacy by Design
Privacy controls are considered while designing and implementing new or existing systems or processes, based on the technologies available, cost of implementation, scope, context and purposes of collecting, storing and processing Personal Data.
Synechron has implemented appropriate data-protection principles, technical and organizational measures, such as pseudonymisation, data minimization, data encryption, etc. to ensure that Personal Data is secure.
7. Breach Notification
All Synechron personnel handling Personal Data have a responsibility to report any data privacy breach related incidents and any violations of this policy to SIRT@Synechron.com .
- Synechron means Synechron Inc. and include its affiliates and group entities.
- Data Protection Laws and Regulations means, in the European Union, the Data Protection Directive 95/46/EC and the national statutory legislation passed in each Member State implementing this Directive, the General Data Protection Regulation(GDPR) 2016 / 679, as well as applicable data protection and privacy laws that exist outside the EU in each country.
- European Union – means the current EU Member State countries of: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and the United Kingdom.
- Personal Data (as defined in GDPR) means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- Lawful processing means that the activity is conducted in accordance with applicable national or international laws.
- Processing means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- Specified purpose means being clear from the outset about why we are collecting Personal Data and are transparent about our purposes with the individuals concerned.
- Sensitive personal data or information under Privacy Rules — means such personal information which consists of information relating to;— (i) password; (ii) financial information such as Bank account or credit card or debit card or other payment instrument details ; (iii) physical, physiological and mental health condition; (iv) sexual orientation; (v) medical records and history; (vi) Biometric information; (vii) any detail relating to the above clauses as provided to body corporate for providing service; and (viii) any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise: provided that, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or information for the purposes of these rules.