Aim of the Data Protection Policy

At Syntalith, we treat data protection as the foundation of trust. We comply with applicable data protection laws and build solutions with privacy by design.

We maintain compliance with regulations, encourage audits and certifications, and apply industry-standard contractual safeguards.

This Data Protection Policy reflects the requirements of the EU Data Protection Regulation and constitutes one of the key framework assumptions for cross-border data transfers.

The Policy applies to Syntalith, all our employees, and is based on globally accepted, fundamental data protection principles.

Principles of Personal Data Processing

In the course of our business activities, we process selected categories of information (Personal Data) relating to individuals (Data Subjects) with whom we cooperate or come into contact.

We believe that the rights of data subjects must always be protected. This means that personal data should be collected and processed in a lawful, fair, and transparent manner.

Therefore, we adopt and apply the following principles - personal data shall be:

(a)

processed lawfully, fairly and in a transparent manner in relation to the data subject ('lawfulness, fairness and transparency')

(b)

collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes ('purpose limitation')

(c)

adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed ('data minimisation')

(d)

accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay ('accuracy')

(e)

kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed ('storage limitation')

(f)

processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures ('integrity and confidentiality')

Legal Basis for Processing

For personal data processing to be lawful, each processing operation must be based on at least one valid legal basis (such as collecting, using, managing, or disclosing data). According to Article 6 (1) of EU Regulation No 2016/679 (General Data Protection Regulation or GDPR), such legal bases may include:

the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Please note, that in some circumstances prior consent is not necessary. Article 6 (1) of EU Regulation No 2016/679 (General Data Protection Regulation)

How we collect your personal data

Your personal data may be collected in particular in the following situations:

you contact us directly via our website to request information about our services.
you reply to our direct marketing campaigns.
we acquired your personal data from other sources, such as social media sites.

If you are under 16, please do not provide us with any of your information unless you have the permission of your parent or guardian.

Please help us to keep your information up to date by informing us of any changes to your contact details as we respect your right to obtain the rectification of inaccurate personal data and the right to have incomplete personal data completed. Also, please be noticed that you have the right to obtain from us the erasure of personal data («right to be forgotten») according to point (a) of the Article 17 (1). In order to use this right please contact us at: privacy@syntalith.ai.

What personal data we may process

Depending on the context of cooperation, we may process the following categories of personal data:

first and last name,
address,
phone numbers,
e-mail address.

Also, when you visit our website, the web servers automatically recognize your domain name and IP address. The IP address of the site that directed you to our website, operating system version and your web browser would be disclosed too as a related information. Nevertheless, this information does not relate to you directly and could not identify your personality so it could not be treated as personal data.

How we protect personal data

We recognize that personal data requires special protection. Therefore, we implement technical and organizational measures designed to ensure their security throughout the data lifecycle.

Although data transmission over the Internet is never 100% risk-free, we maintain physical, electronic, and procedural safeguards consistent with data protection requirements - including encryption and authentication mechanisms.

restricted access to data on a "need-to-know" basis

data transfer exclusively in encrypted form

network firewalls protecting IT systems against unauthorized access

continuous monitoring of system access to detect and prevent misuse

Your rights regarding data processing

As a data subject, you have a number of rights under data protection law. Exercising these rights is a priority for us and will not result in any adverse consequences for you.

Right of Access by the Data Subject:

You shall have the right to receive information from us regarding the processing of your personal data.

Right to Rectification:

You shall have the right to demand that we correct your personal data which are incorrect and/or incomplete.

Right to Erasure:

You shall have the right, in the event that the requirements specified in Art. 17 of the GDPR have been met, to demand the deletion of your data.

Right to Restriction of Processing:

You shall have the right to demand the restriction of the processing of your data if the requirements specified in Art. 18 of the GDPR have been fulfilled.

Right to Object:

If the processing is based upon an overriding interest or your data are used for the purposes of direct advertising, you shall have the right to object to the processing of your data.

Right to Data Portability:

Insofar as the data processing is undertaken based upon a consent or a fulfilment of a contractual agreement and this is also undertaken while using an automated processing system, you shall have the right to receive your data in a structured, commonplace and machine-readable format.

Right of Revocation:

If the data processing is undertaken based upon a consent, you shall have the right to withdraw your consent for the data processing, with effectiveness for the future, at any time and upon a free-of-charge basis, by using the following address: privacy@syntalith.ai.

Right to Complain:

You shall also have the right to complain to a government supervisory authority regarding our processing of your data.

International transfers

As a general rule, we process personal data within the European Union. In specific situations, processing may require transferring data to a country other than your country of residence.

In such cases, we apply appropriate legal and technical safeguards to ensure a level of protection consistent with this Data Protection Policy and EU regulations, including in particular the European Commission's Standard Contractual Clauses.

These countries may have data protection laws that differ from those of your country. However, we have taken all appropriate safeguards to guarantee that your Personal Data will remain protected in accordance with this Privacy Policy, including using the European Commission's Standard Contractual Clauses for transfers of Personal Data between group companies, which requires all such companies to protect Personal Data using an equivalent standard to the one required by European Union data protection law.

Data Processing Agreement

During the contractual relations there might be a necessity to process Personal Data previously collected and processed by your company. The types of the Personal Data and the categories of the Data Subjects can be all types of Personal Data of your or your affiliates' services or website users or clients and/or the clients' users. In such case we would act as a processor or a sub-processor and will keep all the Personal Data strictly confidential and fully complied with EU Regulations. With respect to this matter some specific responsibilities and liabilities would took place for us and to ensure their enforcement we will provide you with a special Data Protection Agreement and Standard Contractual Clauses for transfers of Personal Data recommended by European Commission.

Questions about privacy or data protection?

If you have questions or comments about this Data Protection Policy or how we process personal data, contact us:

privacy@syntalith.ai