​​Data Management Policy for
SYNE SaaS Products

1. Introduction

This Data Management Policy outlines the principles and procedures governing the management, protection, and usage of data within SYNE Software as a Service (SaaS) products. The policy applies to all employees, contractors, and third parties involved in the handling of data associated with the SaaS product.

2. Data Ownership

SYNE retains ownership of all data processed or stored within the SaaS product. Clients retain ownership of their data and grant SYNE the necessary permissions to process, store, and secure it in accordance with this policy.

3. Data Collection and Usage

• Purpose: Data collected within the SaaS product is used for the sole purpose of providing, improving, and maintaining the functionality of the service.
• Consent: Clients are responsible for obtaining any necessary consents or permissions from data subjects for the collection and processing of their personal data within the SaaS product.
• Minimization: SYNE collects and processes only the data necessary to fulfill the intended purpose of the SaaS product. Unnecessary data collection is avoided.
• Anonymization and Aggregation: Where possible, SYNE anonymizes and aggregates data to prevent identification of individual data subjects.
• Data Usage Restrictions: Client data is not used for any purposes other than those explicitly stated in the client agreement or this policy.

4. Data Security

• Access Control: Access to client data within the SaaS product is restricted to authorized personnel only. Access permissions are granted based on job role and necessity.
• Encryption: Client data is encrypted both in transit and at rest using industry-standard encryption protocols.
• Data Integrity: Measures are in place to ensure the integrity of client data, including regular backups, data validation checks, and access logs.
• Security Audits: Regular security audits and assessments are conducted to identify and address potential vulnerabilities in the SaaS product.

5. Data Retention and Deletion

• Retention Period: SYNE retains client data only for as long as necessary to fulfill the purposes outlined in this policy or as required by law.
• Data Deletion: Upon termination of the client agreement or upon request, SYNE will securely delete or anonymize client data in accordance with applicable legal requirements.

6. Data Sharing and Disclosure

• Third-Party Service Providers: SYNE may engage third-party service providers to assist in the provision of the SaaS product. These providers are contractually obligated to adhere to data protection standards consistent with this policy.
• Legal Compliance: SYNE may disclose client data as required by law or in response to valid legal requests, such as subpoenas or court orders.

7. Data Privacy

• Privacy Policy: SYNE maintains a separate Privacy Policy that outlines its practices regarding the collection, use, and disclosure of personal data.
• Data Subject Rights: SYNE respects the rights of data subjects regarding their personal data, including the right to access, rectify, or delete their data.

8. Training and Awareness

All personnel involved in the handling of client data receive training on data protection principles, including their responsibilities under this policy and relevant data protection laws.

9. Compliance Monitoring and Enforcement

SYNE regularly monitors compliance with this policy and takes appropriate disciplinary action against personnel who violate its provisions. Non-compliance may result in termination of employment or contract.

10. Policy Review and Updates

This Data Management Policy is reviewed periodically and updated as necessary to reflect changes in technology, business practices, or legal requirements.

By using the SYNE SaaS products, clients agree to abide by the provisions of this Data Management Policy.

This policy is effective as of 02 April 2024 and supersedes any previous versions.