We use cookies to give you the best online experience. By using our website, you agree to our use of cookies in accordance with our Privacy policy.

Privacy Policy of the Synera Customer Portal

The following privacy policy applies in respect of the processing of your personal data in respect of the use of the Synera customer portal („Portal“):

  1. Definitions

    “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

    “Personal data” means any information relating to an identified or identifiable natural per- son (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification num- ber, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

    “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, dis- closure by transmission, dissemination or otherwise making available, alignment or combi- nation, restriction, erasure, or destruction.

  2. Controller

    Data controller within the meaning of the General Data Protection Regulation (GDPR) is: Synera GmbH, Konsul-Smidt-Straße 8u, 28217 Bremen („Synera“)

    Our data protection officer can be reached at: dataprotection@synera.io

  3. Processed Data

    We process the following data, which are necessary for the use of the Portal (“Basic Data”):

    • Name, surname

    • E-mail-address

    • Employer

      While you are using the Portal we store the following data (“Usage Data”), provided that you consented the use during the Activation Process (as defined below):

    • Pages, documents and videos accessed by you

    • Duration of page visits

    • Downloaded templates

    • Downloaded software versions

Synera Customer Portal Privacy Policy Rev 2022-11

• Downloaded Add-ins from the marketplace

  • In case of videos: Information about how many times you have watched the video, whether you have watched it completely or only partially, and whether you have viewed certain sections more than once.

  • In case of other documents: Information on how many times you have viewed the document, which sections you have accessed via the table of contents, if applicable, at what speed you have scrolled and which sections you have viewed for a longer time

  1. Manner Purpose and Legal Basis of Data Processing

    We obtained the Basic Data from you or your employer that asked us to register you for the use of the Portal and sent you an e-mail, in which we ask you to activate your account and to give your consent to the processing of your personal data (“Activation Process”).

    If you confirm the activation by clicking on the respective link provided in the e-mail within thirty (30) days your account will be enabled. If you do not confirm the activation within thirty (30) days your account will not be enabled, and your data will be deleted.

    Once your account is activated, we use the Basic Data to identify you and enable you to use the Portal. The processing is based on your consent according to Art. 6 paragraph 1 subparagraph 1 a) GDPR given during the Activation Process and Art. 6 paragraph 1 sub- paragraph 1 b) GDPR because those data are necessary for fulfilling the agreement on the use of the Portal.

    The Usage Data are used for analyzing your use of the Portal only to improve our services. The processing is based on your consent according to Art. 6 paragraph 1 subparagraph 1 a) GDPR given during the Activation Process and Art. 6 paragraph 1 subparagraph 1 f) GDPR because the processing lies in our legitimate interest. Our interest is to improve our services (e.g., to find out, which documents, or templates are helpful to users).

  2. Recipients, Access by Authorities in the US

    Our Portal is hosted by Amazon Web Services Inc, 410 Terry Avenue North, Seattle, WA 98109-5210, USA ("AWS") on servers in Frankfurt that processes the data on behalf of Synera (Art. 28 GDPR). The privacy policy for the AWS services is available here.

    Due to the processing by a US company and despite the processing in Germany there may be comprehensive monitoring and control rights of US government authorities, which dis- proportionately interfere with the data protection of European citizens. In the US, the level of data protection does not meet EU standards. Your consent given during the Activation Process covers the processing by AWS and the risk described. We have agreed on standard contractual clauses according to Art. 46 paragraph 2 c) with AWS, which ensure a certain level of protection but do not eliminate the risk described.

Synera Customer Portal Privacy Policy Rev 2022-11

6. Duration of the Processing, Deactivation of your account

The Basic Data will be processed while you are registered for using the Portal. If you de- activate your account, which you can do on the Portal or by sending us an e-mail or reach- ing out to us via other communication channels, all your personal data will be deleted. Statutory obligations to store data for longer periods remain unaffected.

If you do not log into your account for 18 months you will receive an e-mail, in which we ask you to confirm within two weeks that you want to maintain your account. Otherwise, your account will be deactivated, and all your personal data will be deleted.

7. Your Rights

In respect of the processing of your data you have the following rights:

  1. a)  Right of access to the processing

    Within the framework of the statutory provisions, you can request information from us at any time as to whether personal data is being processed by us. If this is the case, you have the right to request information about the scope of data processing (Art. 15 GDPR).

  2. b)  Right to rectification

    You have the right to ask Synera to correct and/or complete your data if the personal data processed concerning you is incorrect or incomplete (Art. 16 GDPR).

  3. c)  Right to restrict processing

    If the conditions for this are met, you can request that the processing of your personal data be restricted (Art. 18 GDPR).

  4. d)  Right to erasure

    You may request Synera to delete personal data concerning you immediately, provided that the conditions for doing so are met. The right to deletion does not apply insofar as processing is necessary (Art. 17 GDPR).

  5. e)  Right to be notified

    If you have asserted the right to rectify, erase or restrict processing towards Synera, Synera is obliged to notify all recipients to whom the personal data concerning you have been disclosed of such rectification, erasure, or restriction of processing, unless this proves impossible or involves a disproportionate effort. We will notify these recipients upon your request (Art. 19 GDPR).

  6. f)  Right to data portability

    You have the right to receive the personal data concerning you that you have provided to Synera in a structured, common, machine-readable format. You also have

Synera Customer Portal Privacy Policy Rev 2022-11

the right to have the personal data transmitted directly to another company without hindrance from SYNERA to which the personal data has been provided, provided that the conditions for this are met (Art. 20 GDPR).

  1. g)  Right to object

    You have the right to object at any time, for reasons arising from your situation to the processing of personal data concerning you, which is carried out based on Art. 6 paragraph 1 subparagraph 1 f) GDPR. As a result of the objection, Synera will no longer process personal data relating to you, unless Synera can demonstrate compelling reasons for processing that are worthy of protection and that outweigh your interests, rights, and freedoms, or unless the processing serves to assert, exercise or defend legal claims.

    If the personal data concerning you are processed for the purpose of direct market- ing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing, including profiling, if it is related to direct marketing (Art. 21 paragraph 2 GDPR).

    You can inform us of your objection at the contact details given above.

  2. h)  Right to withdraw the declaration of consent under data protection law

    If you have submitted a declaration of consent under data protection law, you can withdraw it at any time (Art. 7 GDPR). Withdrawal of consent does not affect the lawfulness of the processing that has taken place based on the consent up to the point of withdrawal.

    If you withdraw your consent in respect of the processing of your Basic Data, we are not able to provide you access to the Platform so that your account will be deactivated, and all your personal data will be deleted. You may, however, withdraw your consent in respect of the Usage Data separately. In this case you can continue to use your account. We are, though, no longer able to improve our services based on your use of the Platform.

  3. i)  Right to lodge a complaint with a supervisory authority

    Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in the Member State of your residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you is in breach of the GDPR (Art.77 GDPR).