Synacor, Inc. together with its subsidiaries, affiliates, and related entities (including, but not limited to, NTV Internet Holdings, LLC, Sync Holdings, LLC, Zimbra Software, LLC, and Cloud ID LLC) (hereinafter referred to as Synacor, “us,” “we,” “our,” or “Company”) is a cloud-based software and services company whose customers (“Customers”) include video, internet and communications providers, device manufacturers, governments, and other enterprises. Our mission is to enable our Customers to better engage with their clients and other users of their products and services. We have created this Privacy Policy to apply to the “Personal Information” (i.e., information about an identified or identifiable natural person), that we collect and use in the ordinary course of business in connection with the use of our “Services,” which include:
- Websites, hosted email, mobile applications, and other services that we provide to or manage for our Customers (“Customer Applications”);
- Advertising that we provide on Customer Applications, in email, in mobile applications, and to third parties for their websites; and
- Various websites and applications that Synacor owns and operates (“Synacor Applications”).
By using the Services and providing us with your Personal Information (defined below), you agree to the practices described in this Privacy Policy and Terms & Conditions referenced below and to the updates to these policies posted here from time to time.
This Privacy Policy applies to any Personal Information (defined below) that you provide to us through the Website or use of our Services. The terms of this Privacy Policy are subject to any additional terms of disclaimers or other contractual terms you have entered into with Synacor and any applicable mandatory laws and regulations.
If you are a resident of California, Virginia, Colorado, Connecticut, Utah, or the European Union (EU), European Economic Area (“EEA”), and UK, you may be entitled to certain individual rights under the California Consumer Privacy Act of 2018 [as amended by the California Privacy Rights Act of 2020 (“CPRA”)] (collectively, “CCPA”), Virginia Consumer Data Protection Act (“VCDPA”), Colorado Privacy Act (“CPA”), Connecticut Act Concerning Personal Data Privacy and Online Monitoring (“CTDPA”), Utah Consumer Privacy Act (“UCPA”), or the General Data Protection Regulation (“GDPR”) and the UK Data Protection Act 2018 respectively. Please see the Notice to Certain Residents of Data Subject Rights Section of our Privacy Policy for your rights and how to exercise them for users located in California, Virginia, Colorado, Connecticut, Utah, and the EEA and UK only.
I. INFORMATION WE COLLECT ABOUT YOU
II. HOW WE USE YOUR INFORMATION
III. LINKS TO OTHER WEBSITES
IV. INFORMATION SECURITY
V. DATA RETENTION
VI. CONSENT
VII. HOW WE WILL CONTACT YOU
VIII. YOUR CHOICES
IX. ACCESSING, CORRECTING OR DELETING YOUR INFORMATION
X. CHILDREN’S INFORMATION
XI. DATA PRIVACY FRAMEWORK
XII. NOTICE TO CERTAIN RESIDENTS OF DATA SUBJECT RIGHTS
XIII. EXERCISING YOUR RIGHTS
XIV. GEOGRAPHIC LOCATION OF DATA STORAGE AND PROCESSING
XV. DIFFICULTY ACCESSING OUR PRIVACY POLICY
XVI. “DO NOT TRACK” SIGNALS
XVII. DISPUTE RESOLUTION
XVIII. CHANGES TO THIS PRIVACY POLICY
XIX. CONTACT US
I. INFORMATION WE COLLECT ABOUT YOU
We may collect the following categories of Personal Information, which are described in more detail below: (A) information you provide to us, (B) Sensitive Information, and (C) information we may automatically collect about you, and (E) information we may receive from third parties. All of the information listed in (A)-(C), (E) above, is detailed below, and hereinafter referred to as “Personal Information.”
A. Information You Provide to Us
In using our Services (directly or through Synacor Applications or Customer Applications), you may provide us with Personal Information, including, without limitation:
- Individual identifiers such as name, username, date of birth, contact information such a mailing address, phone number, and email address;
- Communications with us, preferences, and other Personal Information you provide to us such as any messages (including via online chat feature), opinions and feedback that you provide to us, and other Information that you share with us when you contact us directly (such as for customer support services); and when completing registration/sign-in process, responding to surveys, requesting product information, and in other communications, opinions in online forms you share with us or when you communicate with us through email;
- Payment and transactional information such as services purchased. Note that we use third party payment processors to facilitate your payments and do not store your payment information;
- Information about your education, demography, and prior work experience to the extent that it is needed for processing your employment application; and/or
- Additional information as otherwise described to you at the point of collection or pursuant to your consent.
You may provide your Personal Information to Synacor directly when:
- Creating an account;
- Signing up for email messages, newsletters, and other communications;
- Completing a form related to one of Synacor’s products or services;
- Uploading your resume and applying for a job at Synacor; and
- Contacting Synacor for technical support or customer service.
If you apply for a job via the Synacor Applications, we collect (through our job application service provider) Personal Information that you provide us, such as your name, email address, physical address, phone number, and other information contained on your resume. We use a third-party service provider to manage our job postings and resume submittals. The third party is prohibited from using your Personal Information for any purposes, except for the purposes for which it was provided or otherwise related thereto, unless we obtain your consent or required by any applicable law.
B. Sensitive Information
With your consent, we may process the following categories of sensitive personal Information when you use our Services:
- Geolocation data;
C. Information We May Automatically Collect About You
Our Services may automatically collect the following categories and technical Personal Information about you. This Personal Information is used by Synacor for the operation of the Services, to maintain quality of the Services, and to provide general statistics regarding use of the Services. This Personal Information may include:
- Information about the device you are using, such as operating system version, device identifier, and other similar information;
- IP address, which is the number associated with the service through which you access the Internet, like your ISP (Internet service provider), your company, or your university;
- Date and time of your visit or use of our Services;
- Domain server from which you are using our Services;
- Type of computer, web browsers, search engine used, operating system, or platform you use;
- Data identifying the web pages you visited prior to and after visiting our website or use of our Services;
- Your movement and activity within the website, which is aggregated with other information;
- Voice and audio information when you use audio features;
- People with whom you communicate via email or share content;
- Purchase activity;
- Geo-location information through the use of any of our mobile applications;
- Mobile device information, including the type of device you use, operating system version, and the device identifier (or “UDID”); and
- Mobile application identification and behavior, use and aggregated usage, performance data, and where the application was downloaded from.
D. Cookies and Technologies Used to Collect Information About You
We and/or certain service providers operating on our behalf may collect information about your activity, or activity on devices associated with you over time, on our sites and applications, and across non-affiliated websites or online applications. We collect this Personal Information by using certain technologies such as cookies, web beacons, software developer kits, third party libraries, and other similar technologies. Third-party service providers, advertisers, and/or partners may also view, edit, or set their own cookies or place web beacons to collect similar or identical information.
- Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting, you may be unable to access certain parts of our Services. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Services.
- Web Beacons. Website pages may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity). We also use these technical methods to analyze the traffic patterns, such as the frequency with which our users visit various parts of the Services. These technical methods may involve the transmission of Personal Information either directly to us or to a third party authorized by us to collect Personal Information on our behalf. Our Services use retargeting pixels from Google, Facebook, and other ad networks. We also use web beacons in HTML emails that we send to determine whether the recipients have opened those emails and/or clicked on links in those emails.
- Analytics. Analytics are tools we use, such as Google Analytics, to help provide us with information about traffic to our website and use of our Services, which Google may share with other services and websites who use the collected data to contextualize and personalize the ads of its own advertising network. You can view Google’s Privacy Practices here: Privacy Policy – Privacy & Terms – Google.
- Mobile Application Technologies. If you access our Services through a mobile device, we may automatically collect information about your device, your phone number, and your physical location.
E. Information We May Receive from Third Parties
We may collect additional Personal Information about you from others such as affiliates, other companies, social media platforms, third-party websites, and/or sources providing publicly available information (e.g., from the U.S. postal service) to help us provide services to you, and for marketing and advertising purposes.
This Privacy Policy only applies to Information collected by our Services. We are not responsible for the privacy and security practices of those other websites or Social Media Platforms or the Information they may collect (which may include IP address). You should contact such third parties directly to determine their respective privacy policies. Links to any other websites or content do not constitute or imply an endorsement or recommendation by us of the linked website, Social Media Platform, and/or content.
II. HOW WE USE YOUR INFORMATION
A. Use and Purpose of Processing Your Information
We use and process your Personal Information above for things that may include, but are not limited to, the following:
- To respond to your inquiries and provide you with requested information such as our newsletters;
- To process your request for services;
- For marketing and advertising purposes, including sending you promotional material or special offers on our behalf or on behalf of our marketing partners and/or their respective affiliates and subsidiaries and other third parties, provided that you have not already opted-out of receiving such communications;
- To manage, improve, and foster relationships with third-party service providers, including vendors, suppliers, and parents, affiliates, subsidiaries, and business partners;
- Maintain, improve, customize, or administer our services, perform business analyses, or other internal purposes to improve the quality of our business, the Website, resolve technical problems, support functionality or improve security or develop other products and services;
- To comply with our Terms & Conditions;
- To comply with any applicable laws and regulations and respond to lawful requests;
- To provide you with the services and information you request;
- To processes a payment or transaction you make through or in connection with the Services;
- To respond to your comments, inquiries, and questions, support your use of our Services, and provide customer service;
- To fulfill contracts we have with you;
- For analytics for business purposes and business intelligence;
- For verification and authentication of your identity when using our Services or the services of our customers;
- For any other purposes disclosed to you at the time we collect your Personal Information; and/or
- Other purposes with your consent.
B. Sharing or Disclosing Your Information
We may share and/or disclose your Personal Information as disclosed at the time you provide your Personal Information, as set forth in the Privacy Policy and in the following circumstances:
- Third-Party Service Providers. We may share your Personal Information with third-party service providers or data processors that perform certain functions or services on our behalf (such as to host the Services, manage data, perform analyses, process payments, provide customer service, or send communications for us). These third-party service providers are authorized to use your Personal Information only as necessary to provide these services to us. These third-part service providers are authorized to use your Information only as necessary to provide these services to us. In some instances, we may aggregate Information we collect so third parties do not have access to your identifiable Personal Information to identify you individually.
- Disclosure of Customer Information for Legal and Administrative Reasons. We may disclose your Personal Information without notice: (i) when required by law or to comply with a court order, subpoena, search warrant, or other legal process; (ii) to cooperate or undertake an internal or external investigation or audit; (iii) to comply with legal, regulatory, or administrative requirements of governmental authorities (including, without limitation, requests from the governmental agency authorities to view your Information); (iv) to protect and defend the rights, property, or safety of us, our subsidiaries and affiliates, and any of their officers, directors, employees, attorneys, agents, contractors, and partners, and the website Service users; (v) to enforce or apply our Terms & Conditions; and (vi) to verify the identity of the user of our Services
- Information Shared with our Subsidiaries and Affiliates. We may share your Personal Information with our subsidiaries and affiliates.
- Business Transfers. Your Personal Information may be transferred, sold, or otherwise conveyed (“Conveyed”) to a third party where we: (i) merge with or are acquired by another business entity; (ii) sell all or substantially all of our assets; (iii) are adjudicated bankrupt; or (iv) are liquidated or otherwise reorganize.
- Online Communications. If you chose to share with us comments, post a review, participate in a survey, provide a testimonial, or other information you consent and agree that we may make it available generally to the public and it will not be returned to you unless we receive such a request in writing from you and determine, in our sole discretion, to honor such request. If you choose to use the Services by posting comments to blogs, forums, or other editorial sections available via the Services, any information you submit there can be read, collected, or used by others. When you publish any such Personal Information, it becomes public, and we do not take responsibility for what others may do with the information you choose to submit through these features.
- De-Identified or Aggregated Data. We may share your Personal Information on an aggregated basis for any purpose in which your specific Personal Information is blinded, masked, or otherwise not identifiable.
- Promotional Partners. Synacor may notify you about offers from our promotional partners, marketing partners, or advertisers through banner ads as well as promotional emails. All targeting of promotional offers is done internally, and our promotional partners will not have access to the targeting information. We may perform research on your demographics, interests, and behaviors based on the information provided to us during a promotion. We may share your Personal Information with our promotional partners if you affirmatively respond to a promotional offer.
- With Your Consent. We may share Personal Information consistent with this Privacy Policy with your consent.
C. Categories of Information Sold
We may sell the below categories of Personal Information. For purposes of this Privacy Policy, “sell”, “sold” or “sale” means the disclosure of Personal Information for monetary or other valuable consideration but does not include, for example, the transfer of Personal Information as an asset that is part of a merger, bankruptcy, or other disposition of all or any portion of our business.
Category of Information | Examples of Information Disclosed |
---|---|
Identifying Information | Name, mailing address, email address, phone number, date of birth, and other identifiers. |
Payment Information | Your name and billing totals for payment and invoice processing. Note that we use third party payment processors to facilitate your payments and do not store your payment card information. |
Usage and Technical Information | Information about your interaction with our website and content on third-party sites or platforms, such as social networking sites (e.g., IP address; browsing history; search history; device information; information about user’s interaction with website, such as scrolling, clicks, and mouse-overs via cookies, pixel tags, web beacons, transparent GIFs; browser information; operating system and platform; geolocation information; user content (e.g., photos, videos, audio, images, social media /online posts, first-party works). |
III. LINKS TO OTHER WEBSITES
Our Services may contain links to other websites or services that are not owned or controlled by us, including links to Social Media Platforms such as Facebook, Instagram, and Twitter (“Social Media Platforms”), or may redirect you off our website away from our Services.
We are not responsible for the privacy and security practices of those websites or the information they may collect (which may include IP address). You should contact such third parties directly to determine their respective privacy policies. Links to any other party’s website or content do not constitute or imply an endorsement or recommendation by us of the linked website and/or content. We also have no control over websites that link to our Services.
We utilize framing techniques on some pages displayed via the Services to make it appear that the user is still on a Synacor or Customer website, as applicable, when the user is actually on a third-party website. Please be aware that, if you are providing your Personal Information on these third-party websites, you are providing such Personal Information to these third parties and not to Synacor, and that the privacy policies of these third parties will apply to your Personal Information.
IV. INFORMATION SECURITY
We use commercially reasonable and appropriate administrative, physical, and technical security measures to provide our Services and safeguard your information. However, no data transmitted over the Internet or stored or maintained by us or our third-party service providers can be 100% secure. Therefore, we do not promise or guarantee, and you should not expect, that your Information or private communications will always remain private or secure. We do not guarantee that your Personal Information will not be misused by third parties. We are not responsible for the circumvention of any privacy settings or security features. You agree that we will not have any liability for misuse, access, acquisition, deletion, or disclosure of your Personal Information.
If you believe that your Personal Information has been accessed or acquired by an unauthorized person, you should promptly contact us as set forth at the end of this policy (see Contact Us) so that necessary measures can quickly be taken.
V. DATA RETENTION
We will retain your Personal Information for as long as needed to provide you Services, and as necessary to comply with our legal obligations, resolve disputes, and enforce our policies. We will retain and use your Personal Information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. In accordance with our routine record keeping, we may delete certain records that contain Personal Information you have submitted to us. We are under no obligation to store such Information indefinitely and disclaim any liability arising out of, or related to, the destruction of such Personal Information.
VI. CONSENT
In certain states or countries, we may be required to obtain your consent prior to collecting and using your Personal Information. Synacor will request your consent prior to collection of your Personal Information when applicable. Otherwise by submitting your Personal Information to us, you agree that we may collect, use, and disclose such Personal Information as set forth in this Privacy Policy and as permitted or required by law. If you wish to withdraw consent, please contact us at privacypolicy@synacor.com.
VII. HOW WE WILL CONTACT YOU
You agree that we, our affiliates, and/or our third-party service providers with whom we collaborate and contract, may communicate with you via electronic messages, including email, text message, or mobile push notification to, for example, send you information relating to our products and services that we think may be of interest to you, communicate with you about offers, promotions, upcoming events, and other news about products and services offered by us. We will obtain your opt-in consent prior to sending you text notifications.
VIII. YOUR CHOICES
A. Email
By using our Services, you agree that we may contact you by email as set forth herein. If you do not want to receive marketing and promotional emails from us, you may click on the “unsubscribe” link in the email to unsubscribe and opt-out of marketing email communications or you should promptly contact us as set forth at the end of this policy (see Contact Us) so that necessary measures can quickly be taken.
By using our Services, you agree that we may contact you by calling or sending messages to your mobile device. You may be able to use the settings on your mobile device to enable or turn off mobile push notifications from us or privacypolicy@synacor.com.
B. Text Messages
By using our Services, you agree to be reached by text message or SMS message. If you no longer want to receive text messages from us, reply STOP (or as otherwise instructed) in the text message or privacypolicy@synacor.com.
C. Location Choices
You may be able to change the privacy settings of your devices at any time to turn off the sharing of this location information with our applications. If you choose to turn off location services, this could affect certain features or services of our applications. If you have specific questions about the privacy settings of your device, we suggest you contact the manufacturer of your device or your mobile service provider for help.
D. To Limit Sharing
You may have the right, under applicable law, to limit some but not all of the sharing of your Personal Information.
- Marketing Communications. By using our Services, you agree that we may contact you by email as set forth herein. If you do not want to receive marketing and promotional emails from us, you may click on the “unsubscribe” link in the email to unsubscribe and opt-out of marketing email communications or see Contact Us below for more information.
- Location Choices. You can change the privacy settings of your device at any time to turn off the sharing of location information with our Services. If you choose to turn off location services, this could affect certain features or services of our Services. If you have specific questions about the privacy settings of your device, we suggest you contact the manufacturer of your device or your mobile service provider for help.
- Opting Out of Direct Marketing by Third Parties. To exercise choices regarding the marketing information you receive, you may also review the following links:
- You may opt-out of tracking and receiving tailored advertisements on your mobile device by some mobile advertising companies and other similar entities by downloading the App Choices app at www.aboutads.info/appchoices.
- You may opt-out of receiving permissible targeted advertisements by using the NAI Opt-out tool available at http://optout.networkadvertising.org/?c=1 or visiting About Ads at http://optout.aboutads.info.
- You can opt-out of having your activity on our Services made available to Google Analytics by installing the Google Analytics opt-out add-on for your web browser by visiting: https://tools.google.com/dlpage/gaoptout for your web browser.
IX. ACCESSING, CORRECTING OR DELETING YOUR INFORMATION
Upon request (as set forth below) and subject to certain exceptions and limitations, we will inform you of the existence, use and disclosure of your Personal Information and will provide you access to that Personal Information.
We encourage you to review, update, and correct Personal Information that we maintain about you, and you may request that we delete Personal Information about you that is inaccurate, incomplete, or irrelevant. We may not be able to accommodate your request, or we may not accommodate a request if we believe the change would violate applicable law.
To request that you access, correct, or delete your Personal Information, contact us at:
Email our Data Protection Officer: privacypolicy@synacor.com
Mail: Synacor, Inc.
Attn: Data Protection Officer
505 Ellicott Street, Suite A39
Buffalo, NY 14203
Call us: 1-877-492-9484
The requests above will be considered and responded to in the time-period stated by applicable law. Note, certain Personal Information may be exempt from such requests. We may require additional information from you to confirm your identity in responding to such requests. You have the right to lodge a complaint with the supervisory authorities applicable to you and your situation, although we invite you to contact us with any concern as we would be happy to try and resolve it directly.
X. CHILDREN’S INFORMATION
Our Services are intended only for users over the age of sixteen (16). By using our Services, you agree that you are sixteen (16) years or older. If we have actual knowledge that a user is under sixteen (16) (or a higher age threshold where applicable) and has provided us with Personal Information, we will take steps to comply with any applicable legal requirement to remove such Personal Information. Contact Us if you believe that we have mistakenly or unintentionally collected Personal Information from a child under the age of sixteen (16).
XI. DATA PRIVACY FRAMEWORK
Synacor complies with, and has self-certified to the U.S. Department of Commerce under, (a) the EU-U.S. Data Privacy Framework (EU-U.S. DPF), (b) the UK Extension to the EU-U.S. DPF, and (c) the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) with regard to the processing of Personal Information received from the European Union, the United Kingdom and Switzerland. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
Synacor may also use Standard Contractual Clauses to show its commitment to information security and privacy principles for any transfer of Personal Information or another appropriate legal basis for data transfers, where required. Specifically, to the extent that Synacor is deemed to transfer Personal Information outside of the European Economic Area, we do so on the legal basis that such transfer is necessary to provide you with the Services you have chosen to use or consented to use. For information about how Synacor processes Personal Information subject to the Data Privacy Framework, including how to opt out of such processing, see Article XII.F.
XII. NOTICE TO CERTAIN RESIDENTS OF DATA SUBJECT RIGHTS
A. NOTICE TO CALIFORNIA RESIDENTS
To the extent any California data privacy law applies to the collection of your Personal Information, this supplemental section of our Privacy Policy outlines the rights that California residents may have, and how they can exercise those rights. This notice applies solely to California residents. We provide the supplemental selection below to comply with the California Consumer Privacy Act [as amended by the California Privacy Rights Act (referred to collectively hereinafter as CCPA)] and any terms defined in the CCPA have the same meaning when used below.
- Your Rights under CCPA
Right to Know and Access Specific Information.You have the right to request that we disclose certain information to you about our collection and use of your Information over the past twelve (12) months. Once we receive and confirm a verifiable consumer request from you, we will disclose to you, to the extent permitted by law:
- The categories of Personal Information we collected about you, and whether we sell or share your information to third parties.
- The specific pieces of Personal Information we hold about you.
- The categories of Personal Information sold within the last 12 (twelve) months.
- The categories of sources from which Personal Information about you is collected.
- Our business or commercial purpose for collecting, selling, or sharing your Information.
- The categories of third parties with whom your Personal Information is sold, shared, or disclosed for a business purpose.
You have the right to request that the Personal Information described above be provided to you in a portable and readily useable format, to the extent technically feasible (“data portability”).
Deletion Request Rights. You have the right to request that we delete the Personal Information that we collected from you, subject to certain exceptions. To the extent that we can delete your Personal Information, once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Information, unless an exception applies.
Right to Correct Inaccurate Information.To the extent that we may maintain inaccurate Personal Information, you have the right to request that we correct such inaccurate Personal Information taking into account the nature of the Personal Information and the purposes of the processing of the Personal Information. Once we receive and verify your verifiable consumer request, we will use commercially reasonable efforts to correct your Personal Information.
Sale and Sharing of Personal Information and the Right to Opt-Out.You have the right to opt out of the processing of your Personal Information for the following purposes:
- Sale of your Information.
- Sharing of your Information for cross-context behavioral advertising.
Right to Limit Use and Disclosure of Sensitive Personal Information.You have the right to request that we limit the ways we use and disclose your sensitive Personal Information (as defined by CCPA) to uses which are necessary for us to perform the Services, or deliver the goods reasonably expected by you, or and as authorized by law.
Right to Non-Discrimination.You have a right to not be discriminated against in the Services or quality of Services you receive from us for exercising your rights. We may not, and will not, treat you differently because of your data subject request activity. As a result of your data subject request activity, we may not and will not deny goods or Services to you, charge different rates for goods or Services, provide a different level quality of goods or Services, or suggest that we would treat you differently because of your data subject request activity.
Right to Disclosure of Direct Marketers.You have a right to the categories and names/addresses of third parties that have received Personal Information for their direct marketing purposes upon simple request, and free of charge.
The use of online tracking technologies may be considered a “sale” or “sharing” under California law. To the extent that these online tracking technologies are deemed to be a “sale” or “sharing” under California law, you may opt-out of these online tracking technologies by submitting a request via privacypolicy@synacor.com or by broadcasting an opt-out preference signal, such as the Global Privacy Control (GPC).
You may make an authenticated consumer request exercising your Right to Know and Access Specific Information including Right to Know what Personal Information is being Sold or Shared or under the CCPA twice within a twelve (12) month period. To exercise the rights described above, see the Exercising Your Rights section below.
- Authorized Agent
You may use an authorized agent to submit verifiable consumer requests on your behalf provided that the authorized agent is a natural person or a business entity that you have authorized to act on your behalf. If you use an authorized agent, we will require: (1) proof of written permission for the authorized agent to make requests on your behalf, and identity verification from you; or (2) proof of power of attorney pursuant to California Probate Code sections 4000 to 4665. We may deny a request from an authorized agent that does not submit proper verification proof.
- Additional InformationTo the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.
B. NOTICE TO VIRGINIA RESIDENTS
To the extent any Virginia data privacy law applies to the collection of your Personal Information, this supplemental section of our Privacy Policy outlines the individual rights guaranteed to Virginia residents and how to exercise those rights and applies solely to Virginia residents. We provide the supplemental selection below to comply with the Virginia Consumer Data Protection Act (“VCDPA”) and any terms defined in the VCDPA have the same meaning when used below.
Your Rights under VCDPA.
Subject to certain exceptions you may be entitled to the following rights:
-
Right to Access & Data Portability. You have the right to request that we disclose certain information to you about our collection and use of your Information at any time. Once we receive and confirm an authenticated consumer request from you, we will, subject to certain exceptions:
- Disclose whether or not we are processing your Information.
- Provide you with access to your Information.
-
Right to Correct Inaccurate Information. To the extent that we may maintain inaccurate Personal Information, you have the right to request that we correct such inaccurate Personal Information taking into account the nature of the Personal Information and the purposes of the processing of the Personal Information. Once we receive and verify your authenticated consumer request, we will use commercially reasonable efforts to correct your Information.
-
Right to Delete.
You have the right to request that we delete certain aspects of your Personal Information provided by or obtained about you. To the extent that we can delete your Information, once we receive and confirm your authenticated consumer request, we will delete (and direct our service providers to delete) your Personal Information, subject to certain exceptions. -
Sale of Personal Information, Targeted Advertising, Profiling, and the Right to Opt-Out.
You have the right to opt out of the processing of your Personal Information for the following purposes:- Targeted advertising.
- Sale of your Personal Information.
- Profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.
-
Right to Appeal. You have the right to appeal our denial of any request you make under this section. To exercise your right to appeal, please submit an appeals request via the information in the Contact Us section below. Within sixty (60) days of receipt of your appeal, we will inform you in writing of any action taken or not taken in response to your appeal, including a written explanation of the reasons for the decisions. If we deny your appeal, you may contact the Virginia Office of the Attorney General by:
- Contacting Online: https://www.oag.state.va.us/consumer-protection/index.php/file-a-complaint
- Calling:
- If calling from Virginia, call the Consumer Protection Hotline at 1-800-552-9963.
- If calling from the Richmond area or from outside Virginia, call the Consumer Protection Hotline at 1-804-786-2042.
-
Right to Non-Discrimination. .You have a right to not be discriminated against in the Services or quality of Services you receive from us for exercising your rights. We will not discriminate against you for exercising any of your rights in this section including denying goods or Services, charging different prices or rates for goods or Services, or providing a different level of quality of goods and Services. However, we may offer a different price, rate, level, quality, or selection of goods or Services, including offering goods or Services for no fee, if you have exercised your right to opt out or the offer is related to your voluntary participation in a bona fide loyalty, rewards, premium features, discounts, or club card program.
Where the processing is carried out by automated means, and subject to certain exceptions, you have the right to request and obtain a copy of your Personal Information that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the Personal Information to another data controller without hindrance.
You may make an authenticated consumer request under the VCDPA twice within a twelve (12) month period. To exercise the rights described above, see the Exercising Your Rights section below.
-
Additional Information
To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.
C. NOTICE TO COLORADO RESIDENTS
To the extent any Colorado data privacy law applies to the collection of your Personal Information, this supplemental section of our Privacy Policy outlines the individual rights guaranteed to Colorado residents and how to exercise those rights and applies solely to Colorado residents. We provide the supplemental selection below to comply with the Colorado Privacy Act (“CPA”) and any terms defined in the CPA have the same meaning when used below.
-
Your Rights under CPA
Subject to certain exceptions you may be entitled to the following rights:
-
Right to Access & Data Portability. You have the right to request that we disclose certain information to you about our collection and use of your Personal Information at any time. Once we receive and confirm an authenticated consumer request from you, we will, subject to certain exceptions:
- Disclose whether or not we are processing your Personal Information.
- Provide you with access to your Personal Information where we process it.
Where exercising your right to access, you have the right to request and obtain a copy of your Personal Information that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the Personal Information to another data controller without hindrance (“data portability”).
-
Right to Correct Inaccurate Information. To the extent that we may maintain inaccurate Personal Information, you have the right to request that we correct such inaccurate Personal Information taking into account the nature of the Personal Information and the purposes of the processing of the Personal Information. Once we receive and verify your authenticated consumer request, we will use commercially reasonable efforts to correct your Personal Information.
-
Right to Delete. You have the right to request that we delete certain aspects of your Personal Information provided by or obtained about you. To the extent that we can delete your Personal Information, once we receive and confirm your authenticated consumer request, we will delete your Personal Information, subject to certain exceptions.
-
Sale of Personal Information, Targeted Advertising, Profiling, and the Right to Opt-Out. You have the right to opt out of the processing of your Personal Information for the following purposes:
- Targeted advertising.
- Sale of your Personal Information.
- Profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.
-
Right to Appeal. You have the right to appeal our denial of any request you make under this section. To exercise your right to appeal, please submit an appeals request via the information in the Contact Us section below. Within forty-five (45) days of receipt of your appeal, we will inform you in writing of any action taken or not taken in response to your appeal, including a written explanation of the reasons for the decisions. If you have concerns regarding the results of your appeal, you may contact the Colorado Office of the Attorney General by:
- Contacting Online: https://complaints.coag.gov/s/contact-us
- Calling: (720) 508-6000
You may make an authenticated consumer request free of charge under the CPA once within a twelve (12) month period. We reserve the right to charge a reasonable fee for a second or subsequent request within the same twelve (12) month period. To exercise the rights described above, see the Exercising Your Rights section below.
-
-
Sensitive Data
We process sensitive data including sensitive data inferences. When we process sensitive data, we do so with your consent.
-
Authorized Agent
You may use an authorized agent to submit verifiable consumer requests on your behalf. An authorized agent is a natural person or a business entity that you have authorized to act on your behalf. If you use an authorized agent, we will require: (1) proof of written permission for the authorized agent to make requests on your behalf, and identity verification from you; or (2) proof of power of attorney pursuant to Col. Rev. Stat. § 15-14-705. We may deny a request from an authorized agent that does not submit proper verification proof.
D. NOTICE TO CONNECTICUT RESIDENTS
To the extent any Connecticut data privacy law applies to the collection of your Personal Information, this supplemental section of our Privacy Policy outlines the individual rights guaranteed to Connecticut residents and how to exercise those rights and applies solely to Connecticut residents. We provide the supplemental selection below to comply with the Connecticut Act Concerning Personal Data Privacy and Online Monitoring (“CTDPA”) and any terms defined in the CTDPA have the same meaning when used below.
-
Your Rights under CTDPA
Subject to certain exceptions you may be entitled to the following rights:
-
Right to Access & Data Portability.You have the right to request that we disclose certain information to you about our collection and use of your Information at any time. Once we receive and confirm an authenticated consumer request from you, we will, subject to certain exceptions:
- Disclose whether or not we are processing your Information.
- Provide you with access to your Information where we process it.
Where the processing is carried out by automated means, and subject to certain exceptions, you have the right to request and obtain a copy of your Personal Information that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the Information to another data controller without hindrance.
-
Right to Correct Inaccurate Information. To the extent that we may maintain inaccurate Personal Information, you have the right to request that we correct such inaccurate Personal Information taking into account the nature of the Personal Information and the purposes of the processing of the Personal Information. Once we receive and verify your authenticated consumer request, we will use commercially reasonable efforts to correct your personal Information.
-
Right to Delete.You have the right to request that we delete certain aspects of your Personal Information provided by or obtained about you. To the extent that we can delete your Personal Information, once we receive and confirm your authenticated consumer request, we will delete (and direct our service providers to delete) your Personal Information, subject to certain exceptions.
-
Sale of Personal Information, Targeted Advertising, Profiling, and the Right to Opt-Out. You have the right to opt out of the processing of your Information for the following purposes:
- Targeted advertising.
- Sale of your Personal Information.
- Profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.
-
Right to Non-Discrimination.You have a right to not be discriminated against in the Services or quality of Services you receive from us for exercising your rights. We will not discriminate against you for exercising any of your rights in this section including denying goods or Services, charging different prices or rates for goods or Services, or providing a different level of quality of goods and Services. However, we may offer a different price, rate, level, quality, or selection of goods or Services, including offering goods or services for no fee, if you have exercised your right to opt out or the offer is related to your voluntary participation in a bona fide loyalty, rewards, premium features, discounts, or club card program.
-
Right to an Appeal.You have the right to appeal our denial of any request you make under this Section. To exercise your right to appeal, please submit appeals request to us by either:
- Email: privacypolicy@synacor.com
- Call us: 1-877-492-9484
- Write us: Synacor, Inc.
Attn: Data Protection Officer
505 Ellicott Street, Suite A39
Buffalo, NY 14203
Within sixty (60) days of receipt of your appeal, we will inform you in writing of any action taken or not taken in response to your appeal, including a written explanation of the reasons for the decisions. If we deny your appeal, you may contact the Connecticut Office of the Attorney General by:
- Contacting Online: https://www.dir.ct.gov/ag/complaint/e-complaint.aspx?CheckJavaScript=1
- Calling: The Consumer Assistance Unit at 860-808-5420.
You may make an authenticated consumer request under the CTDPA once within a twelve (12) month period. To exercise the rights described above, see the Exercising Your Rights section below.
-
-
Authorized Agent
You may use an authorized agent to submit verifiable consumer requests on your behalf. An authorized agent is a natural person or a business entity that you have authorized to act on your behalf. If you use an authorized agent, we will require: (1) proof of written permission for the authorized agent to make requests on your behalf, including through technology means, and identity verification from you; or (2) proof of power of attorney. We may deny a request from an authorized agent that does not submit proper verification proof.
-
Additional Information
To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.
E. NOTICE TO UTAH RESIDENTS
To the extent any Utah data privacy law applies to the collection of your Personal Information, this supplemental section of our Privacy Policy outlines the individual rights guaranteed to Utah residents and how to exercise those rights and applies solely to Utah residents. We provide the supplemental selection below to comply with the Utah Consumer Privacy Act (“UCPA”) and any terms defined in the UCPA have the same meaning when used below.
-
Your Rights under UCPA
Subject to certain exceptions you may be entitled to the following rights:
-
Right to Access & Data Portability
You may have the right to request that we disclose certain information to you about our collection and use of your Information at any time. Once we receive and confirm an authenticated consumer request from you, we will, subject to certain exceptions:
- Disclose whether or not we are processing your Personal Information.
- Provide you with access to your Information where we process it.
Where the processing is carried out by automated means, and subject to certain exceptions, you have the right to request and obtain a copy of your Personal Information that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the Information to another data controller without hindrance (“data portability”).
-
Right to Delete.
You have the right to request that we delete certain aspects of your Personal Information provided by or obtained about you. To the extent that we can delete your Personal Information, once we receive and confirm your authenticated consumer request, we will delete (and direct our service providers to delete) your Personal Information, subject to certain exceptions.
-
Right to Non-Discrimination.
We will not discriminate against you for exercising any of your rights in this section including denying goods or Services, charging different prices or rates for goods or Services, or providing a different level of quality of goods and services.
-
Sale of your Personal Information, Targeted Advertising, and Right to Opt-Out.
You have the right to opt out of the processing of your Personal Information for the following purposes:
- Targeted advertising.
- Sale of your Personal Information
-
You may make an authenticated consumer request free of charge under the UCPA once within a twelve (12) month period. We reserve the right to charge a reasonable fee for a second or subsequent request within the same twelve (12) month period. To exercise the rights described above, see the Exercising Your Rights section below.
F. NOTICE TO INDIVIDUALS IN THE EUROPEAN ECONOMIC AREA. THE UK AND SWITZERLAND
This section applies only to individuals coming to our Services from within the European Union (EU), the European Economic Area (EEA), Switzerland and the UK, and only if we collect through the Services any Information from you that is considered “Personal Data,” as defined in the GDPR and the UK Data Protection Act 2018 as amended by the UK GDPR law of 1/2021.
Personal Data includes any information relating to an identified or identifiable natural person, who could be identified either directly or indirectly by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person (which may include some or all your Information as defined in this Privacy Policy).
“Sensitive Information” means all Personal Data of an individual concerning the (i) health data, (ii) racial or ethnic origin, (iii) political opinions, (iv) religious or philosophical beliefs, (v) union membership, (vi) genetic data, (vii) biometric data or (viii) the sex life or sexual orientation of such individual. Synacor does not collect Sensitive Information.
Table of Contents
- Identity and Contact Details of Controller and EU Representative
- Your Data Protection Rights
- Lawful Basis for Processing Your Information
- Consent to Transfer
- Retention
-
Identity and Contact Details of Controller and EU Representative
Unless otherwise stated, we are the Data Controller for the Personal Data we process.
Contact Details:
Email: privacypolicy@synacor.com
Call us: 1-877-492-9484
Write us: Synacor, Inc.
Attn: Data Protection Officer
505 Ellicott Street, Suite A39
Buffalo, NY 14203EU GDPR Representative
If you are in the European Union you can contact our EU GDPR Representative (Art. 27 GDPR) on all issues related to processing.
Rickert Rechtsanwaltsgesellschaft mbH – EU Representative SYNACOR -, Colmantstraße 15, 53115 Bonn, Germany,
art-27-rep-synacor@rickert.law,
+49 228 74 89 80. -
Your Data Protection Rights
To the extent the GDPR and Data Protection Act 2018 apply, and we hold your Personal Data in our capacity as a Data Controller as defined under those laws, you may request that we:
- Restrict the way that we process and share your Personal Data;
- Transfer your Personal Data to a third party;
- Provide you with access to your Personal Data;
- Remove your Personal Data if no longer necessary for the purposes collected;
- Update your Personal Data so it is correct and not out of date; and/or
- Object to our processing of your Personal Data.
You may also revoke your consent for processing of your Personal Data. Specifically, may choose (opt out) whether your Personal Data is (i) disclosed to a third party or (ii) used for a purpose that is materially different from the purpose(s) for which it was originally collected. In addition, any provision of this policy to the contrary notwithstanding, in the unlikely event that Synacor collects any Sensitive Information, your explicit consent will be obtained before such Sensitive Information is (a) disclosed to a third party or (b) used for a purpose other than the purposes for which such Sensitive Information was originally collected. If you wish to object to the use and processing of your Personal Data or Senstive Information, or to withdraw consent to this Privacy Policy, you can contact us in the following ways:
Email: privacypolicy@synacor.com
Call us: 1-877-492-9484
Write us: Synacor, Inc.
Attn: Data Protection Officer
505 Ellicott Street, Suite A39
Buffalo, NY 14203 -
Lawful Basis for Processing Your Information
The lawful basis for our processing of your Personal Data will depend on the purposes of the processing. For most Personal Data processing activities covered by this Privacy Policy, the lawful basis is that the processing is necessary for our legitimate business interests. Where we process Personal Data in relation to a contract, or a potential contract, with you, the lawful basis is that the processing is necessary for the performance of our contract with you or to take steps at your request prior to entering into a contract. If we are required to share Personal Data with law enforcement agencies or other governmental bodies, we do so on the basis that we are under a legal obligation to do so. We will also use consent as the legal basis where we deem appropriate or to the extent required by applicable law, for example, before we collect precise location data from your mobile device.
Depending on what Personal Data we collect from you and how we collect it, we may also rely on various grounds for processing your Personal Data, including the following reasons:
Processing on the basis of legitimate business interests.When we process Personal Data on the basis that the processing is necessary for our legitimate business interests, such interests include: (i) providing, improving, and promoting our Services; (ii) communicating with current and potential customers, other business partners, and their individual points of contact; (iii) managing our relationships with our customers and other business partners, and their individual points of contact; (iv) other business development purposes; (v) sharing information within Synacor, as well as with service providers and other third parties; and (vi) maintaining the safety and security of our products, Services, and employees, including fraud protection.
Processing on the basis of performance of a contract.Examples of situations in which we process Personal Data as necessary for performance of a contract include e-commerce transactions in which you purchase a service from us.
Processing on the basis of consent.Examples of processing activities for which we may use consent as its legal basis include: (i) collecting and processing precise location information from your mobile device; (ii) sending promotional emails when consent is required under applicable law; and (iii) processing Personal Data on Company Services through cookies and similar technologies when consent is required by applicable law.
Processing because we are under a legal obligation to do so.Examples of situations in which we must processes Personal Data to comply with our legal obligations include: (i) providing your Personal Data to law enforcement agencies and other governmental bodies when required by applicable laws; (ii) retaining business records required to be retained by applicable laws; and (iii) complying with court orders or other legal process.
If the processing of your Information is based on your consent, the GDPR and Data Protection Act 2018 as amended by the UK GDPR law of 1/2021 also allow users the right to access, revoke, or modify your consent at any time. Please see the Contact Us section, below, to review or modify your consents.
-
Consent to Transfer
We are operated in the United States, and we may use service providers based in the United States to operate our business and our relationship with you. Please be aware that Information, including your Personal Data, that we collect will be transferred to, stored, and processed in the United States, a jurisdiction in which the privacy laws may not be as comprehensive as those in the country where you reside and/or are a citizen. We maintain measures to address the transfer of your Personal Data between our group companies and between us and our third-party providers in accordance with applicable data protection laws and regulations.
-
Retention
We will retain your Personal Data for as long as needed for the purposes described in this Privacy Policy. More specifically, the time we maintain your Information depends on the following factors:
-
Whether we need the Information to provide the Services. We will maintain any data needed to provide you with the Services, such as contact information and payment or transaction information, for as long as needed for us to provide you with the Services, respond to your questions and requests, and/or administer your account (if applicable).
-
Whether we need the Information to comply with our legal obligations. We may have legal obligations to maintain your Personal Data where a legal or regulatory body may ask for it in the future, for example in response to a data subject request or complaint. This information may include contact information and location information.
-
Whether we need the Information for a legitimate business interest.We may store Personal Data like contact information, cookies, and location information in order to perform analytics, troubleshoot errors, or improve our Services. In any event, we delete the Information when it is no longer needed for our legitimate interest.
Regardless of our reason for retaining your information, we delete all Personal Data in accordance with our routine record keeping policies.
-
The requests above will be considered and responded to in the time-period stated by applicable law. Note, certain Personal Data may be exempt from such requests. We may require additional Personal Data from you to confirm your identity in responding to such requests.
You have the right to lodge a complaint with the supervisory authorities applicable to you and your situation, although we invite you to contact us with any concern as we would be happy to try and resolve it directly. Please contact us at:
Email: privacypolicy@synacor.com
Call us: 1-877-492-9484
Write us: Synacor, Inc.
Attn: Data Protection Officer
505 Ellicott Street, Suite A39
Buffalo, NY 14203
XIII. EXERCISING YOUR RIGHTS
To exercise any of the rights described above, please submit a verifiable consumer request to us via the methods described below. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information, or an authorized representative; and
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
To help protect your privacy and maintain security, if you request access to or deletion of your Personal Information, we will take steps and may require you to provide certain information to verify your identity before granting you access to your Personal Information or complying with your request. In addition, if you ask us to provide you with specific pieces of Personal Information, we may require you to sign a declaration under penalty of perjury that you are the consumer whose Personal Information is the subject of the request. Only you or your authorized agent may make a verifiable consumer request related to your Personal Information. If you designate an authorized agent to make a request on your behalf, we may require you to provide the authorized agent written permission to do so and to verify your own identity directly with us (as described above). You may also make a verifiable consumer request on behalf of your minor child.
Email: privacypolicy@synacor.com
Call us: 1-877-492-9484
Write us: Synacor, Inc.
Attn: Data Protection Officer
505 Ellicott Street, Suite A39
Buffalo, NY 14203
XIV. GEOGRAPHIC LOCATION OF DATA STORAGE AND PROCESSING
Synacor is a US based company. As such, the Services collect Personal Information and process and store that Personal Information in databases located in the United States. If you are visiting the Services from a country outside the United States, you should be aware that you may transfer personally identifiable Information about yourself to the United States, and that the data protection laws of the United States may not be as comprehensive as those in your own country. By visiting the Services and submitting any personally identifiable Information you consent to the transfer of such personally identifiable Information to the United States.
XV. DIFFICULTY ACCESSING OUR PRIVACY POLICY
Individuals with disabilities who are unable to usefully access our Privacy Policy online may contact us to inquire how they can obtain a copy of our policy in another, more easily readable format.
XVI. “DO NOT TRACK” SIGNALS
We do support “Do Not Track.” Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable “Do Not Track” by visiting the “Preferences” or “Settings” page of your web browser. Do Not Track is different from Global Privacy Controls (“GPC”), which may notify websites of consumers’ privacy preferences regarding the sale or sharing of personal Information, or the use of sensitive personal Information.
XVII. DISPUTE RESOLUTION
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
XVIII. CHANGES TO THIS PRIVACY POLICY
We reserve the right to change, modify, or amend this Privacy Policy at any time to reflect changes in our products and service offerings, accommodate new technologies, regulatory requirements, or other purposes. If we modify our Privacy Policy, we will update the “Effective Date” and such changes will be effective upon posting. If you provide us an email address, we will provide any updated Privacy Policy to you. In that email, we will provide the option to opt-out of receiving further emails. It is your obligation to check our current Privacy Policy for any changes.
XIX. CONTACT US
If you have any questions about this Privacy Policy or the Personal Information, we have collected about you, please contact us at the following:
Email: privacypolicy@synacor.com
Call us: 1-877-492-9484
Write us: Synacor, Inc.
Attn: Data Protection Officer
505 Ellicott Street, Suite A39
Buffalo, NY 14203
Last Updated on: April 18, 2024