Data Privacy Framework Notice
BackOffice Associates, LLC d/b/a Syniti and its United States affiliates (“Syniti”) complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. Syniti has certified to the U.S. Department of Commerce that it adheres to EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) regarding the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF., and to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) regarding the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Notice and the DPF Principles, the DPF Principles shall govern. To learn more about the Data Privacy Framework (DPF) program and our certification, please visit the Data Privacy Framework website (https://www.dataprivacyframework.gov/).
I. Confirm Eligibility. FTC Jurisdiction.
The United States Federal Trade Commission (“FTC”) has jurisdiction over Syniti’s compliance with the DPF Principles. Syniti is subject to the investigatory and enforcement powers of the FTC, and Syniti must disclose Personal Information to statutorily authorized bodies in response to lawful requests.
II. Types of Personal Data We Collect
Syniti collects Personal Information from individuals regarding:
- Visitors to Syniti’s website.
- Customers and their personnel in connection with using and accessing Syniti professional services, products, and customer relationship administration.
- Third parties, such as individual representatives of suppliers and business partners in connection with business relationship management.
- Syniti Personnel in connection with their employment or business relationship.
III. Purposes of Collection and Use
Syniti uses this information to operate, improve, and optimize the Website and the Syniti Services, and generate leads for its sales and marketing teams. Syniti also uses Host Information and Usage Information alone or in combination with users’ Personal Information to provide its users (“Users”) of the Websites and Syniti Services with personalized information about Syniti, to provide the Syniti Services that a User requested, prevent or address technical issues, respond to support issues, and to improve the Syniti Services. Syniti Personnel and its authorized third-party agents may only access and use Personal Information if such individuals are authorized to do so and only for the purpose for which such individuals are authorized.
Users may access the Websites without providing Personal Information and may opt out of providing certain Usage Information when such Users access the Syniti Services; please see www.syniti.com/privacy-policy/ for more information.
With regards to personal data from Syniti Personnel, Syniti uses such personal data to carry out and support human resources functions and activities. Syniti also may obtain and process Personal Information about Syniti Personnel emergency contacts and other individuals to the extent such personnel provide such information to Syniti. Syniti processes this information to comply with its legal obligations, for benefits administration, and for other internal administrative purposes.
IV. Your Individual Rights
Individuals whose personal information is covered by this DPF Policy have the right to access, update, correct, port, object, opt-out, delete, and restrict the processing of their Personal Information under certain circumstances. To exercise any of these rights individuals may contact us at Privacy@Syniti.com or by mail to BackOffice Associates, LLC d/b/a Syniti 115 4th Ave, Suite 205, Needham, MA 02494, Attention: Privacy. We will respond to your request within a reasonable timeframe and in accordance with applicable laws. For more details, please access the section “Your Rights” at www.syniti.com/privacy-policy/.
Individuals may also have the right to limit the use and disclosure of their personal information (opt-out) under certain circumstances, such as marketing. Syniti or our third-party service providers include instructions on how to unsubscribe from future promotional emails from Syniti. You may unsubscribe from our marketing communications by clicking on the “unsubscribe” link located at the bottom of our emails or contacting us at Privacy@Syniti.com.
V. Commitment to Comply with the Principles
Syniti is committed to cooperating with EU data protection authorities (“DPAs”), the UK Information Commissioner’s Office (“ICO”) and the Swiss Federal Data Protection and Information Commissioner (“FDPIC”) and to complying with the advice given by such authorities with regard to human resources data transferred from the EU, UK, and Switzerland in the context of the employment relationship.
VI. Transfer of Personal Information and Disclosure
Syniti may disclose or transfer Users Personal Information to third-parties in the following conditions: (i) service providers related to the operation of its business; (ii) the administration of matters related to Syniti Personnel; (iii) as required by law or lawfully requested by public authorities; (iv) as necessary for the establishment of legal claims or exercise of legal rights; (v) to comply with required professional standards; and (vi) when the information is publicly available.
We ascertain that these third-party service providers provide at least the same level of privacy protection as is required by the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. Syniti is responsible for processing Personal Information it receives under the DPF Principles and program, and any subsequent transfers to a third party acting as an agent on its behalf.
VII. Dispute Resolution
Syniti is committed to resolving complaints about collecting or using a User’s Personal Information. EU, UK, and Swiss individuals with concerns or complaints about the use of their Personal Information should contact Syniti’s Chief Compliance Officer at Privacy@Syniti.com. In the event the issue is not satisfactorily resolved, you may contact (1) your applicable data protection authority, if it relates to Syniti Personnel Data; (2) Syniti’s U.S.-based third-party dispute resolution provider (free of charge) at www.jamsadr.com/dpf-dispute-resolution, if it relates to any other personal data. Under certain conditions, individuals may have the possibility to engage in binding arbitration through the Data Privacy Framework Panel. Further information regarding the formal complaint process can be found at Data Privacy Framework (https://www.dataprivacyframework.gov/).
VIII. Contact Us
Please refer any questions or comments related to this Data Privacy Framework Notice to:
BackOffice Associates, LLC d/b/a Syniti
Attention: Chief Compliance Officer
115 4th Ave, Suite 205
Needham, MA 02494
Privacy@Syniti.com
IX. Other Syniti Entities Also Adhering to Data Privacy Framework Principles and Definitions.
The following United States Syniti affiliates also adhere to the DPF Principles: BackOffice Associates, LLC, d/b/a Syniti, BackOffice Associates Holdings, LLC, BackOffice Associates National Security Services, LLC, CranSoft, LLC, Syniti DMR, LLC.
Definitions applicable to this Data Privacy Framework Notice:
“Syniti Personnel” means any current, former, or prospective employee, temporary worker, intern, or other non-permanent employee of any subsidiary or affiliate of Syniti.
“Syniti Services” means its products or services, including without limitation, its software, services, customer support services, software maintenance services, hosted services, or cloud offerings.
“Host Information” means certain information about a User’s computer, browser, and systems that Syniti collects when a User accesses the Websites or the Syniti Services, including IP address along with the network path, operating system type and version, and browser type, client version, the MAC address of a User’s internet connection, and geographical location.
“Personal Information” is any information about a visitor to Syniti’s Websites or a user of the Syniti Services (on behalf of its customers) that Syniti collects, or a User submits that could, alone or together with other information, personally identify such User. Information such as name, a user name and password, an email address, physical address, phone number, a company name, and a photograph are non-exhaustive examples of “Personal Information.” Personal Information can also include information about any transactions, both free and paid, that a User enters into on the Websites, and information about a User that is available on the internet, such as from Facebook, LinkedIn, Twitter and Google, or publicly available information that Syniti acquires from third party service providers.
“Usage Information” means the information Syniti records about a User’s usage of, and interactions with, the Websites or the Syniti Services, including actions taken, date and time, frequency, duration, quantity, quality, network connectivity, and performance information related to logins, clicks, and other feature usage information.
“Website(s)” means Syniti’s public websites and their associated content.
Syniti may amend this Notice from time to time to remain consistent with the DPF Principles, each of the Frameworks, and other applicable laws.
Effective: May 16, 2018
Last Updated: July 2024