Information about privacy and the GDPR
Synesty is a cloud service which you can use to connect different systems with eachother. I.e. you use Synesty in the role of a so-called middleware or "data hub". The software itself is hosted at the Synesty data center in Germany. Synesty itself requires and stores only a few personal data from you, the customer, which is necessary for billing and for fulfilling the contractual relationship (e.g. email, company name, address, contact person, email, VAT ID).
On the other hand, Synesty allows you to read, edit (e.g. transform, transform, enrich, filter, analyze) or transfer data from various other systems to other systems. The Synesty software doesn't care what data it is or what is contained in the data. With Synesty, you as a customer have a kind of "Swiss Army Knife" for processing data - älike you know it from spreadsheet programs like Excel.
It is in the nature of this software solution that it cannot be ruled out that this may also involve personal data (e.g. order data from an online shop, in which e.g. names and delivery addresses are contained). Text or ZIP files may also contain personal data that you download and process with Synesty Studio.)
These data are subject to special conditions of the so-called EU General Data Protection Regulation (GDPR), which came into force from 25.05.2018. Synesty represents a so-called data-processor in the sense of the GDPR - because the Synesty software processes data on your behalf (as user or customer), which can also be personal data. This is referred to as "on your behalf", because by using the software you instruct the software to perform certain processes, such as downloading order data from an online shop.
Since technically it cannot be completely excluded that Synesty has access to these data, it is necessary that between you and Synesty an data processing agreement (DPA, Art. 28 GDPR) is concluded. This contract regulates the rights and obligations of both contracting parties with regard to the handling of personal data and can be signed in your account backend.
We emphasize: Synesty has no interest in processing or storing your processed data in any form. We do everything (e.g. by using encryption techniques) to prevent access to your data. You have full control over your data at all times and can delete, correct or secure it. You are a data owner. If you give Synesty access to your account e.g. as part of customer support or a project assignment, then this is only possible with a previously concluded DPA and your explicit consent. In the event of termination of your account, all data deposited and stored by you will be deleted, unless there is a legal obligation to retain such data.
Privacy noticeOur Privacy notice you find at https://apps.synesty.com/tpl/?page=terms-privacy-policy.ftl.
Here you also find our terms and conditions.
Data processing agreement (DPA)A DPA can be concluded online (electronically) by every customer with just a few clicks in the backend. This is necessary to be able to use Synesty Studio.
Configuration of DPA (Login required)
List of SubprocessorsCurrent list confirmed and used of Subprocessors (Art. 28 Abs. 2 u. 4 GDPR)
Technical and organisational measuresCurrent list of Technical and organisational measures (TOM) (Art. 28 Abs. 3 lit. c, 32 GDPR and Art. 5 Abs. 1, Abs. 2 GDPR)
Questions and Answers
Can products and services from Synesty be used GDPR compliant?
Yes, the use of products and services may be subject to GDPR be designed to conform. Synesty implements the necessary Measures to meet the requirements of the GDPR.
What happens if I do not sign a DPA?
You will then not be able to use Synesty. You can only log in and have a look around the backend. However, functions that enable you to enter or process potentially personal data with the software will remain deactivated until a DPA has been electronically signed in the backend. Accounts without a signed DPA will be automatically deleted after 90 days.
Storage of personal data
Synesty itself requires and stores only a few personal data from you as a customer (principal), which are necessary for invoicing and fulfilment of the contractual relationship (e.g. email, company name, address, contact person, email, VAT ID).
These are only stored in Germany or the European Union (EU).
Data which customers (principals) process with Synesty shall not leave the EU. Exceptions are technical functions, such as FTP or HTTP functions, which the contractor may use voluntarily. The principal shall thus have the technical possibility to download or upload data from any source. It is technically possible for the data to leave Germany or the EU (e.g. if the client uses an FTP server abroad). These functions must be explicitly enabled and configured by the client. Synesty never automatically transfers data from the client outside the EU.
Deletion of data
Every customer (client) has full control at all times over the Data that it processes with Synesty Studio. This means data can be corrected and also deleted via corresponding functions. In addition, all data will be deleted after the deletion of the Synesty account shall be deleted, insofar as this does not conflict with any legal storage obligation.
We have an AV contract (contract processing agreement or DPA -Data Processing Addendum) according to the requirements of the GDPR. New service providers who may come into contact with personal data must meet the GDPR requirements.
training of employees
All Synesty employees receive regular training and are informed about the requirements of the GDPR.