SYNAPS GDPR compliance

Synaps Chat’s GDPR Compliance Commitment

Synaps is committed to compliance with the European Union’s General Data Protection Regulation (GDPR), effective May 25, 2018. Although the law governs our relationship with only our European users, our response to it includes changes to our policies effective for all users of our services and visitors to our site. Synaps has made the GDPR a priority and we are fully aligned with the regulation’s intended result: the protection of user privacy and personal data.

What we’re doing to ensure GDPR compliance

Synaps has dedicated significant resources to reviewing our existing processes, agreements with third-party vendors, and IT security policies for GDPR. Below are examples of company-wide initiatives Synaps has undertaken in order to abide by the new regulation:

1. We maintain records of processing activities of all types of personal information the company holds.
2. We updated our privacy policy published at https://synaps.net/privacy-pol... to outline all processes related to personal data.
3. Privacy policy now includes a lawful basis to explain why the company needs to process personal information and is written in clear and understandable terms.
4. When processing personal data, we follow the security and privacy measures required under GDPR.
5. Synaps staff who access and process personal data have been trained in handling data and maintaining the confidentiality and security of that data.
6. Only essential staff access and process customer data, and only when necessary to provide services.
7. We hold our vendors who handle personal data to the same data management, security, and privacy practices to which we hold ourselves.
8. When we update your privacy policy, we inform existing customers.
9. In the event of a personal data breach involving personal data, we will promptly notify regulators and end users involved.
10. We regularly review policies for changes, effectiveness, changes in the handling of data as required by the GDPR.
11. We only transfer data outside of the EU to countries that offer an appropriate level of protection.

GDPR Q&A

Does Synaps process customer personal data?
Yes. Synaps processes customer personal data only as needed to provide products, services, and customer support as identified in our Privacy Policy.

Synaps does not collect personally identifiable information (PII) for marketing purposes without customers’ consent, and customers may revoke consent at any time by following Unsubscribe link included in every email (Synaps’s marketing includes an email campaign and an email newsletter.) Furthermore, Synaps has never sold PII to third parties and is committed to continuing this as a core business practice.

What data does Synaps process?
Synaps uses data that is found in a typical email signature: name, email address, company name. Synaps also stores avatars for users who choose to include them in their user account. IP addresses may also be gathered in server logs but are not matched to other PII.

Where does Synaps process and store data?
Synaps stores customer data on Amazon Web Services (AWS) servers located exclusively in the US. Our third-party data center meets security regulations and standards with industry-leading physical and environmental controls. Our applications benefit from a data center and network architecture built to meet the requirements of the most security-sensitive organizations.

Third-Party Subprocessors 
SYNAPS uses some cloud-based applications as a part of its infrastructure. Customer data may be stored in these applications at various times. Information on third-party subprocessors are listed in the Synaps privacy policy found here.

More Resources

Synaps security practices: https://synaps.net/security
Privacy policy: https://synaps.net/privacy-pol...
Cookie policy https://www.iubenda.com/privac...
Terms of Service: https://synaps.net/terms-of-se...
GDPR Resources: http://ec.europa.eu/justice/da...