Privacy Shield Policy
Last updated: July 6, 2018
Synova Group USA, Inc. (“Synova Group
”) participates in and has certified its compliance with the EU-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information (as defined below) transferred from the European Union (EU) to the United States. Synova Group is committed to subjecting all Personal Information received from the EU member countries in reliance on the EU-U.S. Privacy Shield Frameworks, to the Framework's applicable Principles. If there is any conflict between the terms in this Privacy Shield Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/
Synova Group is responsible for the processing of Personal Information it receives, under the Privacy Shield Frameworks, or subsequently transfers to a third party acting as an agent on its behalf. Synova complies with the Privacy Shield Principles for all onward transfers of Personal Information from the EU, including the onward transfer liability provisions.
With respect to Personal Information received or transferred pursuant to the Privacy Shield Frameworks, Synova Group is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Synova Group may be required to disclose Personal Information in response to lawful requests by public authorities, including to meeting national security or law enforcement requirements.
“Data Controller” meansany natural or legal person that, alone or jointly with others, determines the purposes and means of the Processing of Personal Information.
“Data Processor” means any natural or legal person that Processes Personal Information on behalf of the Data Controller.
“Data Subject” means the individual to whom any given Personal Information covered by this Privacy Shield Policy refers.
“Personal Information” means any information relating to an individual residing in the European Union that can be used to identify that individual either on its own or in combination with other readily available information.
“Processing” means performing any operation or set of operations on Personal Information, including, but not limited to, collecting, recording, storage, alteration, retrieval, consultation, use, evaluation, analysis, reporting, sharing, disclosure, dissemination, transmission, making available, alignment, combination, blocking, deleting, erasure or destruction.
“Sensitive Personal Information” means Personal Information regarding an individual's racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, physical or mental health, or sexual life.
This Privacy Shield Policy applies to Personal Information transferred from the European Union member countries to Synova Group in reliance on the EU-U.S. Privacy Shield Framework.
The purpose of this Privacy Shield Policy is to inform Data Subjects covered by this Privacy Shield Policy about Synova Group`s practices regarding Personal Information received by Synova Group in the U.S. from European Union member countries in reliance on the EU-U.S. Privacy Shield Framework, including the types of Personal Information it collects about them, the purposes for which it collects and uses such Personal Information, the types of third parties to which it discloses such Personal Information and the purposes for which it does so, the rights of Data Subjects to access their Personal Information, the choices and means that Synova Group offers for limiting its use and disclosure of such Personal Information, how Synova Group’s obligations under the Privacy Shield are enforced, and how Data Subjects can contact Synova Group with any inquiries or complaints.
All employees of Synova Group that have access in the U.S. to Personal Information covered by this Privacy Shield Policy are responsible for conducting themselves in accordance with this Privacy Shield Policy. Adherence by Synova Group to this Privacy Shield Policy may be limited to the extent required to meet legal, regulatory, governmental, or national security obligations.
Synova Group employees responsible for engaging third parties to whom Personal Information covered by this Privacy Shield Policy will be transferred are responsible for obtaining appropriate assurances that such third parties have an obligation to conduct themselves in accordance with the Privacy Shield Principles, including any applicable contractual assurances required by the Privacy Shield.
Privacy Shield Principles
Synova Group commits to subject to the Privacy Shield Principles all Personal Information received by Synova Group in the U.S. from European Union member countries in reliance on the EU-U.S. Privacy Shield Framework. 1. Types of Personal Information Synova Group Processes
Synova Group may receive a number of different types of Personal Information from its affiliates including data about: employees and potential employees; medical and healthcare professionals; customers; vendors, suppliers, contractors, and business partners. These types of Personal Information may include, but are not limited to the following:
- Employee (and potential employee) names, dates of employment, positions, email addresses, pictures, out of office information, holidays.
- Consultants names, work and home addresses, home and work phone numbers, email addresses, positions, professional titles, places of employment, signatures, pictures.
- Contract party names, addresses, signatures, bank account numbers, phone numbers, fax numbers, e-mail addresses, positions.
These types of Personal Information are transferred to Synova Group for use as part of the company's business operations in the areas of: activities as an employer to support and fulfill its obligations to its employees; finance and tax activities; its undertakings with vendors, suppliers and contractors of goods and services; and other legal and business activities; compliance with the company's regulatory obligations (e.g. FDA); market research for its products and services; marketing and sales of its products. 2. Choice
When Synova Group as Data Controller collects Personal Information directly from Data Subjects, the company generally offers those Data Subjects the opportunity to choose whether their Personal Information may be (i) disclosed to third-party Data Controllers, or (ii) used for a purpose that is materially different from the purposes for which the Personal Information was originally collected or subsequently authorized by the relevant Data Subjects. To the extent required by the Privacy Shield Principles, Synova Group obtains opt-in consent for certain uses and disclosures of Sensitive Personal Information. Data Subjects may contact Synova Group as indicated below regarding the company’s use or disclosure of their Personal Information. Unless Synova Group offers Data Subjects an appropriate choice, the company uses Personal Information only for purposes that are materially the same as those indicated in this Privacy Shield Policy.
When Synova Group as Data Processor receives Personal Information about Data Subjects from other Data Controllers or Data Processors, those other Data Controllers or Data Processors are responsible for providing the Data Subjects with certain choices with respect to their use or disclosure of the Data Subjects’ Personal Information. Synova Group shares Personal Information with its affiliates and subsidiaries.
Synova Group may disclose Personal Information without offering an opportunity to opt out, and may be required to disclose the Personal Information (i) to third-party Data Processors the company has retained to perform services on its behalf and pursuant to its instructions, (ii) if it is required to do so by law or legal process, or (iii) in response to lawful requests from public authorities, including to meet national security, public interest or law enforcement requirements. Synova Group also reserves the right to transfer Personal Information in the event of an audit or if the company sells or transfers all or a portion of its business or assets (including in the event of a merger, acquisition, joint venture, reorganization, dissolution or liquidation).
If Personal Information covered by this Privacy Shield Policy is to be used for a new purpose that is materially different from that for which the Personal Information was originally collected or subsequently authorized, or is to be disclosed to a non-agent third party, Synova Group will provide Data Subjects with an opportunity to choose whether to have their Personal Information so used or disclosed. Requests to opt out of such uses or disclosures of Personal Information should be sent to: firstname.lastname@example.org
If Sensitive Personal Information covered by this Privacy Shield Policy is to be used for a new purpose that is different from that for which the Sensitive Personal Information was originally collected or subsequently authorized, or is to be disclosed to a third party, Synova Group will obtain the Data Subject’s explicit consent prior to such use or disclosure. 3. Accountability for Onward Transfer
To the extent Synova Group acts as a Data Controller, except as permitted or required by applicable law, Synova Group provides Data Subjects with an opportunity to opt out of sharing their Personal Information with third-party Data Controllers. Synova Group requires third-party Data Controllers to whom it discloses Personal Information to contractually agree to (i) only process the Personal Information for limited and specified purposes (ii) provide the same level of protection for Personal Information as is required by the Privacy Shield Principles, and (iii) notify Synova Group and cease processing Personal Information (or take other reasonable and appropriate remedial steps) if the third-party Data Controller determines that it cannot meet its obligation to provide the same level of protection for Personal Information as is required by the Privacy Shield Principles.
With respect to transfers of Personal Information to third-party Data Processors, Synova Group (i) enters into a contract with each relevant Data Processor, (ii) transfers Personal Information to each such Data Processor only for limited and specified purposes, (iii) ascertains that the Data Processor is obligated to provide the Personal Information with at least the same level of privacy protection as is required by the Privacy Shield Principles, (iv) takes reasonable and appropriate steps to ensure that the Data Processor effectively processes the Personal Information in a manner consistent with Synova Group’s obligations under the Privacy Shield Principles, (v) requires the Data Processor to notify Synova Group if the Data Processor determines that it can no longer meet its obligation to provide the same level of protection as is required by the Privacy Shield Principles, (vi) upon notice, including under (v) above, takes reasonable and appropriate steps to stop and remediate unauthorized processing of the Personal Information by the Data Processor, and (vii) provides a summary or representative copy of the relevant privacy provisions of the Data Processor contract to the Department of Commerce, upon request. Synova Group remains liable under the Privacy Shield Principles if a third party Data Processor appointed by it further transfers Personal Information in a manner inconsistent with the Privacy Shield Principles, unless Synova Group proves that it is not responsible for the event giving rise to the damage. 4. Security
Synova Group takes reasonable and appropriate measures to protect Personal Information covered by this Privacy Shield Policy from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into due account the risks involved in the processing and the nature of the Personal Information. 5. Information Integrity and Purpose Limitation
Synova Group limits the collection of Personal Information covered by this Privacy Shield Policy to information that is relevant for the purposes of Processing. Synova Group does not Process such Personal Information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the Data Subject.
Synova Group takes reasonable steps to ensure that such Personal Information is reliable for its intended use, accurate, complete, and current. Synova Group takes reasonable and appropriate measures to comply with the requirement under the Privacy Shield to retain Personal Information in identifiable form only for as long as it serves a purpose of Processing, which includes Synova Group’s obligations to comply with professional standards, Synova Group’s business purposes and unless a longer retention period is permitted by law, and it adheres to the Privacy Shield Principles for as long as it retains such Personal Information. 6. Access
Data Subjects whose Personal Information is covered by this Privacy Shield Policy have the right to access such Personal Information and to correct, amend, or delete such Personal Information if it is inaccurate or has been processed in violation of the Privacy Shield Principles (except when the burden or expense of providing access, correction, amendment, or deletion would be disproportionate to the risks to the Data Subject’s privacy, or where the rights of persons other than the Data Subject would be violated). Requests for access, correction, amendment, or deletion should be sent to: email@example.com
. 7. Recourse, Enforcement, and Liability
Synova’s participation in the EU-U.S. Privacy Shield Framework is subject to investigation and enforcement by the Federal Trade Commission.
In compliance with the Privacy Shield Principles, Synova Group commits itself to resolve complaints about privacy and the collection or use of Personal Information. Data Subjects with inquiries or complaints regarding this Privacy Shield Policy should first contact Synova Group at: firstname.lastname@example.org
Synova Group has further committed itself to refer unresolved privacy complaints under the EU-U.S. Privacy Shield Principles to the appropriate EU data protection authority panel. If timely acknowledgment of complaint receipt is not given, or if a complaint is not satisfactorily addressed, please visit https://ec.europa.eu/digital-single-market/en/news/list-personal-data-protection-competent-authorities
for more information, including how to file a complaint with the appropriate EU data protection authority panel.
Under certain conditions detailed in the Privacy Shield, Data Subjects may be able to invoke binding arbitration before the Arbitration Panel to be created by the U.S. Department of Commerce and the European Commission.
Synova Group agrees to periodically review and verify its compliance with the Privacy Shield Principles, and to remedy any issues arising out of failure to comply with the Privacy Shield Principles. Synova acknowledges that its failure to provide an annual self-certification to the U.S. Department of Commerce will result in Synova Group being removed from the Department’s list of Privacy Shield participants.
Changes to this Privacy Shield Policy
This Privacy Shield Policy may be amended from time to time in a manner consistent with the requirements of the Privacy Shield. Appropriate notice regarding such amendments will be given.
How to contact Synova Group
To ask questions or express concerns about Synova Group’s collection and processing of Personal Information, Data Subjects may contact one of the contacts listed below. Employees may contact any of the following contacts as well as Synova Group`s HR Department.
In the USA:
Synova Group USA, Inc.
Attention: Local Compliance Officer
910 Clopper Road Suite 160S
Gaithersburg, MD 20878
Or faxing us at 301-556-4501, attention Local Compliance Officer, Synova Group USA, Inc.
In the European Union:
Synova Group Austria GmbH
Attention: Data Protection Officer Campus Vienna Biocenter 3
1030 Vienna, Austria
For questions or concerns about this Privacy Shield, please send an email to email@example.com