Internal Privacy Statement
This Internal Privacy Statement is effective as of May 2018.
At SYNERGYC we recognize the importance of protecting your personal information and are committed to processing it responsibly and in compliance with applicable data protection laws in all countries in which SYNERGYC operates.
This Internal Privacy Statement describes SYNERGYC’s general privacy practices that apply to personal information we collect, use and share about our employees, contractors and other persons we work and collaborate with, in our locations and on our internal systems.
This Internal Privacy Statement is supplemented by a detailed version called SYNERGYC Internal Privacy Statement (Details), which provides more detailed information in relation to the above processing of personal information. We may provide additional or more specific information on the collection or use of personal information in connection with specific applications or processes.
Why and How We Collect and Use Your Personal Information
We may collect your personal information in connection with your employment relationship with SYNERGYC, when you work as a contractor for SYNERGYC, in connection with another relationship with SYNERGYC when you collaborate with SYNERGYC, get access to our systems, or work on our premises.
We may process your information for purposes of managing our relationship, for statutory obligations, for conducting our business, protecting and defending our rights and interests and our property and safety, and that of our employees and other persons we engage with.
Sharing of Personal Information
As a company offering a wide range of services, with business processes, management structures and technical systems that cross borders, SYNERGYC has implemented global policies, along with standards and procedures, for consistent protection of personal information. We may share information about you and transfer it to countries in the world where we do business in accordance with this Internal Privacy Statement.
We only grant access to personal information on a need-to-know basis, necessary for the purposes for which such access is granted. In some cases, SYNERGYC uses suppliers located in various countries to collect, use, analyze, and otherwise process personal information on its behalf.
Where appropriate, SYNERGYC may also share your personal information with clients, prospects, partners or advisors in connection with transactions, providing services, collaboration in connection with business projects, or in connection with their advice or assistance. When selecting our suppliers and partners, we take into account their data handling processes.
If SYNERGYC decides to sell, buy, merge or otherwise reorganize businesses in some countries, such a transaction may involve the disclosure of personal information to prospective or actual purchasers, or the receipt of such information from sellers. It is SYNERGYC’s practice to require appropriate protection for personal information in these types of transactions.
Please be aware that in certain circumstances, personal information may be subject to disclosure to government agencies pursuant to judicial proceeding, court order, or legal process. In appropriate circumstances, SYNERGYC may disclose personal information to regulators. We may also share your personal information to protect the rights or property of SYNERGYC, our business partners, suppliers or clients, and others when we have reasonable grounds to believe that such rights or property have been or could be affected.
The international footprint of SYNERGYC involves a number of transfers of personal information to third parties located in the countries where we do business. Some countries have implemented transfer restrictions for personal information, in connection with which SYNERGYC takes various measures, including:
Where required, SYNERGYC implements Standard Contractual Clauses approved by the EU Commission, or similar contractual clauses in other jurisdictions. This includes transfers to suppliers or other third parties.
Information Security and Accuracy
We intend to protect your personal information and to maintain its accuracy. SYNERGYC implements reasonable physical, administrative and technical safeguards to protect your personal information from unauthorized access, use and disclosure. We also require that our suppliers protect such information from unauthorized access, use and disclosure. SYNERGYC has established internal policies and instructions in relation to security, which you can find here.
We will not retain personal information longer than necessary to fulfill the purposes for which it is processed, including the security of our processing, complying with legal and regulatory obligations (e.g. audit, accounting and statutory retention terms), handling disputes, and for the establishment, exercise or defense of legal claims in the countries where we do business.
The circumstances may vary depending on the context and the types of personal data. More information can be found in SYNERGYC Internal Privacy Statement (Details)
How to contact us
If you have a question related to this Privacy Statement, please contact SYNERGYC Data Protection Officer at firstname.lastname@example.org.
For the purposes of the EU General Data Protection Regulation (GDPR), the controller of your personal information is Synergyc Ltd. that employs you, is where you are working for or on whose location you are working, with which you are collaborating, or which you are advising.
You can request to access, update or correct your personal information. You can access the request process via email@example.com.
You have the right to object to the processing on grounds relating to your specific situation. Under GDPR you also have the right to request to have your personal information deleted or restricted and ask for portability of your personal information.
Right to Lodge a Complaint
In the event you consider our processing of your personal information not to be compliant with the applicable data protection laws, you can lodge a complaint:
Directly with SYNERGYC by contacting us via firstname.lastname@example.org.
With the competent data protection authority.
The name and contact details of the Data Protection Authorities in the European Union can be found at http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.
Changes to our Privacy Statements
The competent data protection authority for Bulgaria is the Commission for Personal Data Protection: https://www.cpdp.bg/en/index.php?p=home&aid=0
From time to time we may update this Internal Privacy Statement, as well as any other specific privacy statement. When making changes to this Internal Privacy Statement, we will add a new date at the top of this Internal Privacy Statement.
SYNERGYC Internal Privacy Statement (Details)
This generic SYNERGYC Internal Privacy Statement (Details) supplements the SYNERGYC Internal Privacy Statement.
1. Introduction: general
In this statement, we provide information regarding categories of processing within SYNERGYC and its subsidiaries, in order to provide accessible and transparent information in relation to what we do with your personal information and why. Where necessary, this may be supplemented with further information in relation to specific processes or applications such as contained in a notice, a subscription form or submission form for facilities or equipment.
Employment administration (including benefits, on-boarding and off-boarding)
We process employee contact information, employee IDs (serial numbers), personal information (including information regarding dependents, dates of birth), as well as information on job assignments, education and qualifications, work hours, holidays and leaves in order to maintain the administration of your employment history in accordance with your employee agreement. This includes your employee agreement and any changes to same, choices in relation to benefits, and participation in programs, such as share purchase plans, specific allowances, or car program.
We collect your national ID and bank details to provide to payroll to ensure you are compensated and for agreed financial settlements. If you provide us emergency contact information, we use this to communicate in case of an emergency.
We may, depending on local legislation and benefits available, collect illness related absence information for administering illness related benefits and payments. We may also provide such information to specialized external organizations, such as, insurers or pension funds, to handle such matters on our behalf, or government agencies and organizations which need to have this information.
This processing is necessary for the performance of your employment contract. In addition, information (for example, a national ID) may be required pursuant to legal requirements.
This personal information will also be used by other systems, such as salary payment systems, resource management, financial administration and audit, benefits administration, career planning and company planning purposes, to the extent needed for such purposes.
Personnel compensation (including awards, bonuses, pension contributions, incentives and commissions, tax)
We collect employee contact information, employee IDs (serial numbers), contract information, personal information, job assignments, work hours, performance data, national IDs as well as compensation elements and accounting information in order to and to the extent necessary to administer your compensation and benefits plans (including withholding tax) and your pension benefits in accordance with your employee agreement and incentive plans.
This processing of your personal information is necessary for the performance of your employment contract, including optional elements you have chosen, and in some cases, may also be necessary for compliance with legal requirements (such as management of withholding tax). We may share your personal information with payroll vendors we use.
This personal information will also be used by other systems, such as compensation planning and payment systems, resource management, pension administration, financial administration and audit, career planning and company planning purposes, to the extent needed for such purposes.
Personnel evaluations, career counseling, personal development and performance management
We collect goals and results in order to ensure that you are aligned to your organization’s goals and to ensure you receive appropriate feedback to remain aligned. We document performance improvement goals when you are off track and corrective actions are required. You can set career development goals so that your manager can guide you in career planning and you can agree on development options with your manager.
Career and development information will be used by other systems, such as salary payment systems, resource management, financial administration and audit, career planning and company planning purposes, to the extent needed for such purposes.
3. Contractors, collaboration
When working for SYNERGYC as a contractor, we will collect from you or your employer your contact information, CV, identification and work-related information. This information will be used for the purposes of administering and facilitating your work and our contractual relationship with your employer, and where applicable, our clients. Additionally, this information will be used for the purpose of fulfilling our legal obligations.
Within SYNERGYC we may also collaborate with other individuals, such as personnel of clients, business partners or suppliers, whose personal information (such as contact information and information related to skills) may be exchanged in the course of work related tasks and projects.
When you work within SYNERGYC, the information in the following sections, to the extent not restricted to employees, may also be of relevance to you.
4. Facilities for your work
We provide persons working for us with all kinds of facilities, ranging from office space and equipment, to laptops, telephones, printing devices, business cards and corporate credit cards.
Facilities that we provide are registered for administrative and planning purposes and such personal information (such as your print jobs, the type and serial number of your laptop) is collected to the extent needed in connection with the service provided.
Access to our sites is badge-protected and visitors need to register. Our sites use visible camera supervision for reasons of security and safety of persons and belongings, as well as for regulatory purposes.
To the extent necessary for the protection of network and information systems we use appropriate security applications and processes to protect our systems against unauthorized access, malware, or malicious activities that may have negative effect for the availability, authenticity, integrity and confidentiality of information and take appropriate action after such incident has occurred. For this purpose, such applications and processes may need to process personal information, such as in relation to access logging, abnormal network activity or the status of malware protection on a machine used by an individual.
6. Communication and collaboration tools
SYNERGYC makes available email and a choice of other communication and collaboration tools. These include applications on SYNERGYC infrastructure, and third party applications. These tools are intended for professional use within SYNERGYC and necessary for the employment relationship.
These tools process information needed in connection with the services (including administration, support and communication with the end-user) such as the user profile (needed for identification), logging of access to the services, device information and security related information.
Users of the services are responsible for the content they post in the services and compliance with any requirements for using the services.
The personal information is shared on a need to know basis e.g. with support functions. Management may receive information for planning purposes (where appropriate the personal information will be de-identified).
7. Management and planning, including resource planning, surveys
Management requires information for informed decision making. In connection to personal data this may include information on demographics, skills, financial components, resource planning, required facilities, and IT resources. Where appropriate and possible, this information is collected on an aggregate anonymized level.
SYNERGYC also collects aggregate information by means of surveys or applications, which collect pseudonymized information from publicly accessible sources to understand the mood within the company. SYNERGYC has legitimate interests to process this information in the interest of its decision making process.
8. Investigative and Audit Functions
SYNERGYC has strong interests in conducting investigations and audits in accordance with law and good corporate governance. Accordingly, SYNERGYC processes personal information in connection with a variety of its internal investigative and audit functions. These functions have been enabled to assist SYNERGYC to comply with its legal obligations and interests (1) regarding establishment and maintenance of internal controls, and (2) under related laws and regulations.
Personal information that may be collected and/or reviewed by these functions may be provided by SYNERGYC employees or stem from other systems within SYNERGYC. The investigations and audit functions of SYNERGYC undertake appropriate steps to protect the privacy rights of SYNERGYC employees and others, including, as required, by minimizing data collection and processing, pseudonymizing reports of findings, limiting access to personal information, ensuring personal information is deleted when no longer needed for its purpose by applying retention periods and policies, and establishing other procedures to address the rights of data subjects.
SYNERGYC may retain specialized third parties, such as outside legal counsel or forensic accounting firms, to assist investigations and audits in appropriate circumstances. In appropriate circumstances, at its discretion SYNERGYC may disclose personal information to other entities, such as government regulators and customers.
Depending on the nature of the audit or investigation, the processing of this personal information may be necessary pursuant to legal requirements or pursuant to legitimate interests of SYNERGYC or a third party.
9. Personal information processed in relation to business operations and work-related processes
Most processing of personal information is performed in connection with SYNERGYC conducting its day-to-day business. In today’s environment, most of these processes are supported by automated means. As a consequence, many processes leave some traces of information in the IT environment (for example through access authentication and logging or where processes correct errors and provide support). This information is processed in connection with and for the purpose of the provision of these services and necessary in relation to the employment agreement.
Personal information is also processed in relation to basic work-related tasks for purposes of management, administration, quality, audit and business processes. This includes project management, documentation, documents issued (such as invoices, reports, and contractual documents), instructions, sign-off processes and similar documents in emails, box files, team rooms, spreadsheets, project plans, and hardcopy files, and which may be shared in the context of coordination and collaboration with external parties. This information is necessary for SYNERGYC’s legitimate interests to conduct its business.