Privacy Policy

Your privacy is important to us. The Syngency Inc. Privacy Policy describes what data we collect from you, the purpose for collecting the data in conjunction with the Syngency Inc. Sites and Services, how we share, process, and manage your Personal Data, and your rights associated with your data.

Syngency Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Syngency Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Syngency Inc. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/

Syngency Inc. maintains servers around the world and your information may be processed on servers located outside of the country where you live. Data protection laws vary among countries, with some providing more protection than others. Regardless of where your information is processed, we apply the same protections described in the Privacy Policy.

This Privacy Policy applies to Syngency Inc. and all of its related properties, including www.Syngency.com, www.Sourceandcast.com, Syngency Sign, and any Mobile Apps related to those platforms (together, "Syngency"). This Privacy Policy explains how we collect, store, use, disclose and transfer (hereinafter “process”) your personal data. The personal data that we collect about you depends on the context of your interactions with us, the products, services and features that you use, your location, and applicable law. Your use of Syngency constitutes your acceptance of this Privacy Policy. Please also read our Terms of Service, which govern the basic operation of Syngency. If you do not agree with the terms of this Privacy Policy or the Terms of Service, you should immediately stop using or visiting Syngency.

1. The Information We Collect and Use
• Syngency collects Personal Data that you voluntarily provide us, when you register for Syngency, create a talent profile, or create an employer profile. We also collect Personal Data when you sign up for email newsletters or alerts on Syngency.

Categories of personal data processed, and purpose of the processing

When visiting our websites or using our applications or online services (each an “Online Offering”), we may process the following categories of personal data:

• Your contact information, such as full name, work and/or home address, work and/or home telephone number, work and/or personal mobile phone number and work and/or personal email address;
• Organizational information, including job position and company name;
• Information submitted as part of a support request, survey or comment or forum post;
• Further personal data that you provide by filling in forms in our Online Offerings;
• Information on your interaction with the Online Offering, including your device and user identifier, information on your operating system, sites and services accessed during your visit, the date and time of each visitor request;
• Payment data, such as data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information;
• Information that is legally required for compliance screenings or export control checks, such as date of birth, nationality, place of residence, ID numbers, or identity cards;
• An image of your driver’s license or passport, and we may extract and store information from the scanned image, such as your date of birth, in order to verify your identity and to confirm that you are 16 years of age or older, in compliance with the US Child Online Privacy Protection Act (COPPA), the California Consumer Privacy Act (CCPA), and Article 8 of the EU General Data Protection Act (GDPR) and UK General Data Protection Act (UK GDPR);
• A log of your visits and use of Syngency, including any Syngency Mobile app, such as when you view or click on content, casting notices, or ads, perform a search, install or update one of our mobile apps, or apply for roles;
• Device information and internet protocol (“IP”) addresses to identify you, your location, and log your use;
• Data about you when you use Syngency’s messaging platform to communicate with other users;
• A "cookie” may be placed on your computer when you visit a Syngency website. Syngency may use cookies to personalize your experience using Syngency, and to gather usage data that will help to improve the quality of the website. There is a simple procedure in most browsers that allows you to deny, accept or delete cookies. If you reside within the European Economic Area (“EEA”), the United Kingdom (“UK”), or Switzerland, you must voluntarily consent to cookies before using the Syngency website as detailed in Sections 6, 7 and 8 below;
• Information from third parties, to the extent it is necessary to fulfill services requested. For example, we may utilize third party vendors to check your information on an ongoing basis against a variety of sources, which may include, but are not limited to, national criminal databases, criminal and fugitive watch lists, fraud watch lists, law enforcement reports, and other data to assist us in verifying the information you provide us (such as your name, date of birth, address, etc.) and the representations and warranties you make in the Terms of Use and on the Site; and
• Information about you through third party sources as permitted by applicable law, such as public databases, social media platforms, and marketing partners.

Syngency’s Mobile App employs third-party tracking for internal purposes only and does not collect data from its app for the purpose of targeted third-party advertising, advertising measurement, or the sharing of data collected from the Syngency App with a data broker.

2. How Syngency Uses Your Data
• To facilitate you using the Syngency casting platform, services and functions which includes creating and administering your online account, updating, securing, and troubleshooting, providing support, as well as improving and developing our Online Offerings;
• To personalize Syngency to give you a better experience, such as sending you targeted job postings based on your location;
• To respond to your requests or to manage user accounts;
• To receive product feedback and understand our users better to improve Syngency;
• To monitor the safety and security of the Syngency service and casting platform;
• To use data and content about users for communications promoting membership, job posting, and engagement with Syngency, on Syngency properties and across other platforms;
• To target and measure the performance of advertisements displayed to our users directly by Syngency or through third party advertising partners, on and off Syngency;
• To verify that Syngency account owners are 16 years of age or older to comply with COPPA, the CCPA, and the GDPR;
• To verify your identity to protect the safety and security of our customers;
• To communicate with you about our products and services, e.g. by responding to inquiries or requests or providing you with information about purchased products;
• To bill your use of the Online Offering;
• To process your order or to provide you with access to specific information or offers;
• To maintain and protect the security of our products, services and websites, prevent and detect security threats, fraud or other criminal or malicious activities;
• To contact you with information and offers concerning our products and services, to send you further marketing information or to contact you in the context of customer satisfaction surveys;
• To ensuring compliance with legal obligations (such as record keeping obligations), export control and customs, customer compliance screening obligations (to prevent white-collar or money laundering crimes), and our policies or industry standards;
• As reasonably necessary to enforce the Online Offering’s terms, to establish or preserve a legal claim or defense, to prevent fraud or other illegal activities, including attacks on our information technology systems; and
• To solve disputes and enforce contractual agreements.

Syngency may disclose your Personally Identifiable Information to third parties in connection with a corporate transaction where all or a portion of our business (e.g., a portion that includes our customer lists) is sold or transferred. We also may disclose your Personally Identifiable Information if disclosure is required by law or as part of a lawsuit or government investigation or proceeding, or to permit us to exercise or preserve our legal rights or take action regarding potentially illegal activities or to protect the safety of any person.

Syngency reserves the right, but has no obligation, to monitor information, comments, or other content that you voluntarily disclose and post to the Website. Syngency reserves the right to remove any such information or material for any reason or no reason, including without limitation, if in our sole opinion such information or material violates, or may violate, any applicable law or the Terms of Use or to protect or defend our rights or property or those of any third party. Syngency also reserves the right to remove information upon the request of any third party.

Syngency reserves the right to investigate abuses on the Website and enforce and apply this Privacy Policy, the Terms of Use and any other terms or conditions applicable to the Website or the use thereof. Syngency may disclose information about you to third parties if we have a good faith belief that such disclosure is reasonably necessary to (1) take action regarding suspected illegal activities; (2) enforce or apply the Terms of Use; (3) comply with legal process and law enforcement instructions and orders, such as a search warrant, subpoena, statute, judicial proceeding or other legal process served on us; (4) protect our rights, reputation, and property or that of our users or the public or (5) protect against legal liability.

3. How Syngency shares information

Talent Profile

Your talent profile will be fully visible to your Agent Representation, if applicable, and all Casting Director & Production users on Syngency. You may modify the information you have provided to Syngency at any time through your Syngency profile. In the future, there may be opt-in features which will allow you to make select profile information publicly available.

Messaging

The Syngency service allows you to share information with other users by sending and receiving messages on the Syngency messaging system. When you send email or message Syngency customer support, Syngency will collect and store your name, email address and the content of your message so we can provide customer support.

Participating in Syngency Community Forums

When you post messages on the message boards on Syngency, the information contained in your posting will be stored on Syngency servers and will be openly available by other Syngency users and across the world wide web.

Posting Casting Notices

When a user posts a job notice, the notice may contain personally identifiable information. By posting a job notice on Syngency, you consent to share the contents of the job notice with other Syngency users, as well as make the contents of your job notice publicly discoverable across the world wide web.

Other Parties Designated by You

When using the Syngency Service, you may share your data with other parties designated by you. For example, when applying to a job notice on Syngency, you may share personally identifiable data with the recipient of your application. When inviting a Syngency user to apply to your job notice, you may also share personally identifiable information with that user.

Service Providers

We employ other companies to perform functions on our behalf, such as payment processing services. These other companies process personal data only for the purpose of such services.

From time to time, we may partner with unaffiliated companies or individuals for market research, product development, quality assurance testing, or similar purposes. These companies or individuals may be provided with access to personally identifiable information, but we will require by contract that they agree to maintain the confidentiality, security, and integrity of such information. We also may subcontract with other companies and individuals to do work on our behalf; they may be provided with access to personally identifiable information, but only as needed to perform their functions.

Data Processors

Syngency, as a data controller, collects and shares data with different data processors in the following categories:

• Technology and Infrastructure: Syngency distributes data to processors to host, enable and support the Syngency platform and service.
• Analytics and Reporting: Syngency distributes data to analytics platforms to better understand user behavior and track key business metrics, to provide a better service to its users.
• Marketing Partners: Syngency distributes data to marketing companies to facilitate email marketing, mobile app messaging campaigns, on-site promotions, and social media, search, and display advertising campaigns.
• Identity Verification: Syngency works with external data processors to verify the identity of users and to confirm their date of birth, to protect the safety and security of customers on the platform, and to comply with applicable laws such as COPPA, the CCPA, the GDPR and the UK-GDPR. You acknowledge that our vendors may provide us with certain sensitive information including your name, date of birth, and criminal history.

Please direct your inquiries about any operator's privacy practices and use of children's information to the operator at its contact information provided.

Syngency’s Liability in Cases of Onward Transfer of Personal Data to Third Parties

Syngency has responsibility for the processing of personal information it receives under the Data Privacy Framework (DPF) Principles and subsequently transfers to a third party acting as an agent on its behalf. Syngency shall remain liable under the DPF Principles if its agent processes such personal information in a manner inconsistent with the DPF Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.

International Data Transfers and Standard Contractual Clauses

Information, including information collected in Switzerland, the United Kingdom (“UK”) and the EEA may be transferred, stored, and processed by Syngency and its services providers in the United States and other countries whose data protection laws may be different than the laws of your country. We will protect your Personal Data in accordance with this Privacy Notice wherever it is processed and take appropriate steps to protect the information in accordance with applicable laws.

Standard contractual clauses (SCCs) are written commitments between parties that can be used as a ground for data transfers from the EEA to third countries by providing appropriate data protection safeguards. SCCs have been approved by the European Commission and cannot be modified by the parties using them. Such clauses have also been approved for transfers of data to countries outside the UK and Switzerland. We rely on SCCs for our data transfers where required and in instances where they are not covered by an adequacy decision.

If required by applicable law, we transfer personal data to external recipients outside the EEA only if the recipient has entered into EU Standard Contractual Clauses with us.

A copy of that contractual clause can be found here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?hl=en_US

If required by applicable law, we transfer personal data to recipients outside the United Kingdom only if the recipient has entered into UK Standard Contractual Clauses with us.

A copy of that contractual clause can be found here: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/international-transfers/international-data-transfer-agreement-and-guidance/

You may request further information about the safeguards implemented in relation to specific transfers by contacting privacy@syngency.com.

Adequacy Decisions

The European Commission has determined that certain countries outside of the European Economic Area (EEA) adequately protect personal information, which means that data can be transferred from the European Union (EU) and Norway, Liechtenstein, and Iceland to those countries. The UK and Switzerland have adopted similar adequacy mechanisms. We rely on the following adequacy mechanisms:

• European Commission Adequacy Decisions: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en
• UK Adequacy Regulations: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/international-transfers/international-transfers-a-guide/#adequacy
• Swiss Adequacy Decisions: https://www.edoeb.admin.ch/edoeb/en/home/datenschutz/arbeit_wirtschaft/datenuebermittlung_ausland.html

Your Privacy Settings

The content and information of your Talent Profile is only shared and viewable with the recipient of a talent application you submit for on a job notice, or via a search by a logged in Casting Director or Production Users.

4. Children Under 16

The Children's Online Privacy Protection Act of 1998 and its rules (collectively, "COPPA") require us to inform parents and legal guardians (as used in this, "parents") about our practices for collecting, using, and disclosing personal information from children under the age of 13 ("children"). It also requires us to obtain verifiable consent from a child's parent for certain collection, use, and disclosure of the child's personal information.

Syngency does not knowingly collect Personal Data on our Website from children under the age of 16 without the prior consent of the child’s parent or guardian.

This section notifies parents that (i) the types of information we may collect from children, (ii) how we use the information we collect, and (iii) our practices for disclosing that information is consistent with the other sections of this Privacy Policy.

This section also notifies parents of (i) our practices for notifying and obtaining parents' consent when we collect personal information from children, including how a parent may revoke consent and (ii) all operators that collect or maintain information from children through Website.

This section only applies to children under the age of 16 and supplements the other provisions of this Privacy Policy. Only the other provisions of this Privacy Policy apply to teens and adults.

Parental Consent

Only a Parent or Legal Guardian of a child under the age of 16 years old may create an account on Syngency.com to promote their child’s performing arts career. When creating a Syngency Actor Profile on behalf of their child, the Parent or Legal Guardian will be asked to enter their child’s date of birth. If the child is under 16 years of age, a Parent must affirm that they are the Parent or Legal Guadian of the Child whose profile they are creating, and consent to the release of the child’s personal information within the Syngency Actor Profile.

Syngency may require the Parent or Legal Guardian to transmit a scanned image or photograph of their driver’s license or other official identification, such as a passport, to verify their date of birth.

Accessing And Correcting Your Child's Personal Information

At any time, you may review the child's personal information maintained by us, require us to correct or delete the personal information, and/or refuse to permit us from further collecting or using the child's information.

You can review, change, or delete your child's personal information by:

• Logging into your Syngency Mobile App account and visiting your child’s account profile page.
• Sending us an email to privacy@syngency.com. To protect your privacy and security, we may require you to take certain steps or provide additional information to verify your identity before we provide any information or make corrections.

Operators That Collect or Maintain Information from Children

Please direct your inquiries about any operator's privacy practices and use of children's information to the operator at its contact information provided.

Only the Parent or Legal Guardian of a child under the age of 16 years old who is a resident in a country within the European Economic Area (“EEA”) may create an account on Syngency.com to manager their child’s performing arts career. When creating a Syngency Actor Profile on behalf of their child, the Parent or Legal Guardian will be asked to enter their child’s date of birth. If the child is under 16 years of age, a Parent must affirm that they are the Parent or Legal Guardian of the Child whose profile they are creating, and consents to the release of the child’s personal information within the Syngency Actor Profile. Children who live in EEA countries under the age of 16 are prohibited from using Syngency.

5. Data Retention

Unless indicated otherwise at the time of the collection of your personal data (e.g. within a form completed by you), we erase your personal data if the retention of that personal data is no longer necessary for the purposes for which they were collected or otherwise processed, or to comply with legal obligations (such as retention obligations under tax or commercial laws).

You may contact us at privacy@syngency.com if at any time you would like to see the Personally Identifiable Information we hold about you, or to ask us to correct or update this information, or to ask us to delete it. Please contact us if you have questions or wish to take any action with respect to information to which this Privacy Policy applies (see below for contact information).

6. Processing under the EU’s General Data Protection Regulation

Syngency Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce and has certified that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union.

This section applies and provides you with further information if your personal data is processed by one of our companies located in the European Economic Area.

Data Controller / Online Offerings

The specific company identified in the Online Offering as being the operator of the Online Offering is the data controller in the meaning of the General Data Protection Regulation for the processing activities described in this Privacy Notice.

Marketplaces

The specific company identified on the Marketplace as being the operator of the Marketplace is the data controller.

Business Partner personal data in Customer Relationship Systems

During our business relationship with you, we may share Business Partner contact information with affiliated companies. We and these affiliated companies are jointly responsible for the proper protection of your personal data (Art. 26 General Data Protection Regulation).

To allow you to effectively exercise your data subject rights in the context of this joint controllership, we entered into an agreement with these companies granting you the right to centrally exercise your data subject rights under section 11 of this Privacy Notice against Syngency.

To exercise your rights, you may reach out to: privacy@syngency.com.

Legal basis of the processing

The EU General Data Protection Act (GDPR) requires us to provide you with information on the legal basis of the processing of your personal data.

The legal basis for our processing data about you is that such processing is necessary for the purposes of

• Exercising our rights and performing our obligations under any contract we make with you (Article 6 (1)(b) General Data Protection Regulation) (“Contract Performance”);
• Compliance with our legal obligations (Article 6 (1) (c) General Data Protection Regulation) (“Compliance with Legal Obligations”); and/or
• Legitimate interests pursued by us (Article 6 (1) (f) General Data Protection Regulation) (“Legitimate Interest”). Generally, the legitimate interest pursued by us in relation to our use of your personal data is the efficient performance or management of (i) your use of the Online Offerings, and/or (ii) our business relationship with you. Where the text below states that we rely on our legitimate interests for a given purpose, we are of the opinion that our legitimate interest is not overridden by your interests and rights or freedoms, given (i) the regular reviews and related documentation of the processing activities described herein, (ii) the protection of your personal data by our data privacy processes, (iii) the transparency we provide on the processing activity, and (iv) the rights you have in relation to the processing activity. If you wish to obtain further information, please contact us at: privacy@syngency.com.

In some cases, we may ask if you consent to the relevant use of your personal data. In such cases, the legal basis for us processing that data about you may (in addition or instead) be that you have consented (Article 6 (1) (a) General Data Protection Regulation) (“Consent”).

Processing of Personal Data in the context of Online Offerings

Purpose	Legal Basis
To provide the Online Offering’s services and functions which includes creating and administering your online account, updating, securing, and troubleshooting, providing support, as well as improving and developing our Online Offerings	Contract Performance (Article 6 (1) (b) General Data Protection Regulation) Legitimate Interest (Article 6 (1) (f) GDPR)
To bill your use of the Online Offering	Contract Performance (Article 6 (1) (b) GDPR) Legitimate Interest (Article 6 (1) (f) GDPR)
To verify your identity	Contract Performance (Article 6 (1) (b) GDPR) Legitimate Interest (Article 6 (1) (f) GDPR)
To answer and fulfill your requests or instructions	Contract Performance (Article 6 (1) (b) GDPR) Legitimate Interest (Article 6 (1) (f) GDPR)
To process your order or to provide you with access to specific information or offers	Contract Performance (Article 6 (1) (b) GDPR) Legitimate Interest (Article 6 (1) (f) GDPR)
To send you marketing information or to contact you in the context of customer satisfaction surveys	Consent, if voluntarily provided (Article 6 (1) (a) GDPR) Legitimate Interest (Article 6 (1) (f) GDPR)
To enforce the Online Offering’s terms, to establish or preserve a legal claim or defense, and to prevent fraud or other illegal activities, including attacks on our information technology systems	Compliance with Legal Obligations (Article 6 (1) (c) GDPR) Legitimate Interest (Article 6 (1) (f) GDPR)

Processing of Personal Data related to your use of marketplaces

Purpose	Legal Basis
Communicating about our products and services, e.g. by responding to inquiries or requests or providing you with technical information	Contract Performance (Article 6 (1) (b) GDPR) Legitimate Interest (Article 6 (1) (f) GDPR)
Planning, performing and managing the (contractual) relationship; e.g. by performing transactions and orders of products or services, processing payments, performing accounting, auditing, billing and collection activities, arranging shipments and deliveries, facilitating repairs and providing support services	Contract Performance (Article 6 (1) (b) GDPR) Compliance with Legal Obligations (Article 6 (1) (c) GDPR)
To create a personal profile containing business-related information on interactions between you and us with the aim of being able to offer you relevant information and suitable offers for our services and products and to improve our personal communication with you	Legitimate Interest (Article 6 (1) (f) GDPR)
Administrating and performing market analysis, contests, or other customer activities or events	Consent, if voluntarily provided (Article 6 (1) (a) GDPR) Legitimate Interest (Article 6 (1) (f) GDPR)
Conducting customer satisfaction surveys and direct marketing activities	Consent, if voluntarily provided (Article 6 (1) (a) GDPR) Legitimate Interest (Article 6 (1) (f) GDPR)
Maintaining and protecting the security of our products, services, and websites, preventing and detecting security threats, fraud or other criminal or malicious activities	Legitimate Interest (Article 6 (1) (f) GDPR)
Ensuring compliance with legal obligations (such as record keeping obligations), export control and customs, business partner compliance screening obligations (to prevent white-collar or money laundering crimes), and our policies or industry standards	Compliance with Legal Obligations (Article 6 (1) (c) GDPR) Legitimate Interest (Article 6 (1) (f) GDPR)
Solving disputes, enforcing our contractual agreements, and establishing, exercising or defending legal claims	Compliance with Legal Obligations (Article 6 (1) (c) GDPR) Legitimate Interest (Article 6 (1) (f) GDPR)

Processing of Personal Data for customer satisfaction surveys and direct marketing

Purpose	Legal Basis
Processing of your contact information for direct marketing purposes (e.g. newsletters with further information and offers concerning our products and services) and to carry out customer satisfactions surveys	Consent, if voluntarily provided (Article 6 (1) (a) GDPR) Legitimate Interest (Article 6 (1) (f) GDPR)

Your competent data protection authority

In case of data privacy related concerns and requests, we encourage you to contact us at privacy@syngency.com. Besides contacting us, you always have the right to approach the competent data protection authority with your request or complaint.

A list and contact details of local data protection authorities is available here:

https://www.edpb.europa.eu/about-edpb/about-edpb/members_en

Additional Rights, Rules, and Provisions for European Economic Area Users

If you are a resident of a country in the EEA, you may have additional privacy rights available to you under applicable laws. We will process your requests in accordance with applicable data protection laws.

• Right not to provide or withdraw consent: you have the right not to provide or withdraw your consent at any time.
• Right to opt out: you may have the right to opt out from the sale or use of Personal Data for targeted advertising and certain types of profiling.
• Right of access: you may have the right to access the Personal Data that you provided Syngency.
• Right of erasure: you may have the right to erasure of Personal Data that we hold about you.
• Right to object to processing: you may have the right to request that Syngency stop processing your Personal Data and/or to stop sending you marketing communications.
• Right to rectification: you may have the right to require Syngency to correct any of your Personal Data.
• The right to lodge a complaint with a supervisory authority if you feel the above conditions aren’t being met.

To make such requests regarding your personal data, please email the compliance team at privacy@syngency.com with the term “privacy” in the subject line. Please contact us if you have questions or wish to take any action with respect to information to which this Privacy Policy applies (see below for contact information).

Besides contacting us, you always have the right to approach the competent data protection authority with your request or complaint. A listing of EU authorities is here:

https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm

Syngency is a casting service for modelling, film, television, theatre, commercials, and other performing arts productions. Users located in EEA countries may choose to enter personal data relating to their race or ethnicity, trade union membership, gender, and sexual orientation when using the service. This type of information is a part of the “Special Categories of Personal Data” under Article 9 of the GDPR. By choosing to enter the above categories of personal data on the Syngency service, you are giving explicit consent to the processing of this personal data for purposes referenced in this privacy policy on Syngency.

For users from EEA countries to use Syngency websites, users must accept cookies. Users will be prompted at the beginning of their session to accept cookies. Users may withdraw their consent by deleting their cookies from their browser settings at any time.

7. Processing under the United Kingdom’s Data Protection Act 2018 and the UK GDPR

Syngency Inc. complies with the UK Extension to the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce and has certified that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the United Kingdom in reliance on the UK Extension to the EU-U.S. DPF.

This section applies and provides you with further information if your personal data is processed by one of our companies located in the United Kingdom under the Data Protection Act 2018 and/or the UK GDPR (meaning Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018).

Data Controller

The specific company identified on this page as being the operator of this website is the data controller in the meaning of the UK GDPR for the processing activities described in this Privacy Notice.

In the course of our business relationship with you, we may share Business Partner contact information with affiliated Syngency companies. We and these Syngency companies are jointly responsible for the proper protection of your personal data (Art. 26 UK GDPR). To allow you to effectively exercise your data subject rights in the context of this joint controllership, we entered into an agreement with these Syngency companies granting you the right to centrally exercise your data subject rights under Section 11 of this Privacy Policy against Syngency.

To exercise your rights, you may reach out to: privacy@syngency.com.

Besides contacting us, you always have the right to approach the competent data protection authority with your request or complaint. Below is the link to the Information Commissioner's Office for more information or to file a complaint:

https://ico.org.uk/make-a-complaint/uk-extension-to-the-eu-us-data-privacy-framework-complaints-tool/

Legal basis of the processing

The UK GDPR requires us to provide you with information on the legal basis of the processing of your personal data.

The legal basis for our processing data about you is that such processing is necessary for the purposes of

• Exercising our rights and performing our obligations under any contract we make with you (Article 6 (1)(b) UK GDPR) (“Contract Performance”);
• Compliance with our legal obligations (Article 6 (1) (c) UK GDPR) (“Compliance with Legal Obligations”); and/or
• Legitimate interests pursued by us (Article 6 (1) (f) UK GDPR) (“Legitimate Interest”). Generally, the legitimate interest pursued by us in relation to our use of your personal data is the efficient performance or management of (i) your use of the Online Offerings, and/or (ii) our business relationship with you. Where the text below states that we rely on our legitimate interests for a given purpose, we are of the opinion that our legitimate interest is not overridden by your interests and rights or freedoms, given (i) the regular reviews and related documentation of the processing activities described herein, (ii) the protection of your personal data by our data privacy processes, (iii) the transparency we provide on the processing activity, and (iv) the rights you have in relation to the processing activity. If you wish to obtain further information, please contact us at: privacy@syngency.com.

In some cases, we may ask if you consent to the relevant use of your personal data. In such cases, the legal basis for us processing that data about you may (in addition or instead) be that you have consented (Article 6 (1) (a) UK GDPR) (“Consent”).

Processing of Personal Data in the context of Online Offerings

Purpose	Legal Basis
To provide the Online Offering’s services and functions which includes creating and administering your online account, updating, securing, and troubleshooting, providing support, as well as improving and developing our Online Offerings	Contract Performance (Article 6 (1) (b) UK General Data Protection Regulation) Legitimate Interest (Article 6 (1) (f) UK GDPR)
To bill your use of the Online Offering	Contract Performance (Article 6 (1) (b) UK GDPR) Legitimate Interest (Article 6 (1) (f) UK GDPR)
To verify your identity	Contract Performance (Article 6 (1) (b) UK GDPR) Legitimate Interest (Article 6 (1) (f) UK GDPR)
To answer and fulfill your requests or instructions	Contract Performance (Article 6 (1) (b) UK GDPR) Legitimate Interest (Article 6 (1) (f) UK GDPR)
To process your order or to provide you with access to specific information or offers	Contract Performance (Article 6 (1) (b) UK GDPR) Legitimate Interest (Article 6 (1) (f) UK GDPR)
To send you marketing information or to contact you in the context of customer satisfaction surveys	Consent, if voluntarily provided (Article 6 (1) (a) UK GDPR) Legitimate Interest (Article 6 (1) (f) UK GDPR)
To enforce the Online Offering’s terms, to establish or preserve a legal claim or defense, and to prevent fraud or other illegal activities, including attacks on our information technology systems	Compliance with Legal Obligations (Article 6 (1) (c) UK GDPR) Legitimate Interest (Article 6 (1) (f) UK GDPR)

Processing of Personal Data related to your use of marketplaces

Purpose	Legal Basis
Communicating about our products and services, e.g. by responding to inquiries or requests or providing you with technical information	Contract Performance (Article 6 (1) (b) UK GDPR) Legitimate Interest (Article 6 (1) (f) UK GDPR)
Planning, performing, and managing the (contractual) relationship, e.g. by performing transactions and orders of products or services, processing payments, performing accounting, auditing, billing and collection activities, arranging shipments and deliveries, facilitating repairs and providing support services	Contract Performance (Article 6 (1) (b) UK GDPR) Compliance with Legal Obligations (Article 6 (1) (c) UK GDPR)
To create a personal profile containing business-related information on interactions between you and us with the aim of being able to offer you relevant information and suitable offers for our services and products and to improve our personal communication with you	Legitimate Interest (Article 6 (1) (f) UK GDPR)
Administrating and performing market analysis, contests, or other customer activities or events	Consent, if voluntarily provided (Article 6 (1) (a) UK GDPR) Legitimate Interest (Article 6 (1) (f) UK GDPR)
Conducting customer satisfaction surveys and direct marketing activities	Consent, if voluntarily provided (Article 6 (1) (a) UK GDPR) Legitimate Interest (Article 6 (1) (f) UK GDPR)
Maintaining and protecting the security of our products, services and websites, preventing and detecting security threats, fraud or other criminal or malicious activities	Legitimate Interest (Article 6 (1) (f) UK GDPR)
Ensuring compliance with legal obligations (such as record keeping obligations), export control and customs, business partner compliance screening obligations (to prevent white-collar or money laundering crimes), and our policies or industry standards	Compliance with Legal Obligations (Article 6 (1) (c) UK GDPR) Legitimate Interest (Article 6 (1) (f) UK GDPR)
Solving disputes, enforcing our contractual agreements and establishing, exercising or defending legal claims	Compliance with Legal Obligations (Article 6 (1) (c) UK GDPR) Legitimate Interest (Article 6 (1) (f) UK GDPR)

Processing of Personal Data for customer satisfaction surveys and direct marketing

Purpose	Legal Basis
Processing of your contact information for direct marketing purposes (e.g. newsletters with further information and offers concerning our products and services) and to carry out customer satisfactions surveys	Consent, if voluntarily provided (Article 6 (1) (a) UK GDPR) Legitimate Interest (Article 6 (1) (f) UK GDPR)

Additional Rights, Rules, and Provisions for United Kingdom Users

If you are a resident of a country in the United Kingdom, you may have additional privacy rights available to you under applicable laws. We will process your requests in accordance with applicable data protection laws.

• Right not to provide or withdraw consent: you have the right not to provide or withdraw your consent at any time.
• Right to opt out: you may have the right to opt out from the sale or use of Personal Data for targeted advertising and certain types of profiling.
• Right of access: you may have the right to access the Personal Data that you provided Syngency.
• Right of erasure: you may have the right to erasure of Personal Data that we hold about you.
• Right to object to processing: you may have the right to request that Syngency stop processing your Personal Data and/or to stop sending you marketing communications.
• Right to rectification: you may have the right to require Syngency to correct any of your Personal Data.
• The right to lodge a complaint with a supervisory authority if you feel the above conditions aren’t being met.

To make such requests regarding your personal data, please email the compliance team at privacy@syngency.com with the term “privacy” in the subject line. Please contact us if you have questions or wish to take any action with respect to information to which this Privacy Policy applies (see below for contact information).

Your competent data protection authority

In case of data privacy related concerns and requests, we encourage you to contact us at privacy@syngency.com. Besides contacting us, you always have the right to approach the competent data protection authority with your request or complaint.

A list and contact details of local data protection authorities is available here:

https://ec.europa.eu/newsroom/article29/items/612080/en

8. Processing under Swiss Data Protection Law

Syngency Inc. complies with the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce and has certified that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

Every data subject has the right to enforce her/his rights in court or to lodge a complaint with the competent data protection authority. The competent data protection authority of Switzerland is the Federal Data Protection and Information Commissioner.

More information is available here:

https://www.edoeb.admin.ch/edoeb/en/home.html

Here is the contact form for the Federal Data Protection and Information Commissioner:

https://www.edoeb.admin.ch/edoeb/en/home/deredoeb/kontakt/kontaktformular_uebrige.html

Additional Rights, Rules, and Provisions for Switzerland Users

If you are a resident of Switzerland, you may have additional privacy rights available to you under applicable laws. We will process your requests in accordance with applicable data protection laws.

• Right not to provide or withdraw consent: you have the right not to provide or withdraw your consent at any time.
• Right to opt out: you may have the right to opt out from the sale or use of Personal Data for targeted advertising and certain types of profiling.
• Right of access: you may have the right to access the Personal Data that you provided Syngency.
• Right of erasure: you may have the right to erasure of Personal Data that we hold about you.
• Right to object to processing: you may have the right to request that Syngency stop processing your Personal Data and/or to stop sending you marketing communications.
• Right to rectification: you may have the right to require Syngency to correct any of your Personal Data.
• The right to lodge a complaint with a supervisory authority if you feel the above conditions aren’t being met.

To make such requests regarding your personal data, please email the compliance team at privacy@syngency.com with the term “privacy” in the subject line. Please contact us if you have questions or wish to take any action with respect to information to which this Privacy Policy applies (see below for contact information).

9. Processing under South Africa’s Protection of Personal Information Act

For Business Partners and users located in South Africa, please take note of the following:

In terms of section 1 of the Protection of Personal Information Act, 2013 (“POPI”), “personal data” or “personal information” includes “information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing, juristic person.”

The corresponding legal grounds and conditions for lawful processing of personal data in South Africa are contained in Sections 8 to 25 of POPI and relate to “Accountability”; “Processing limitation”; “Purpose specification”; “Further processing limitation”; “Information quality”; “Openness”; “Security safeguards” and “Data subject participation”.

In terms of section 69 of POPI, the processing of personal information of a data subject for the purposes of direct marketing by means of any form of electronic communication, including automatic calling machines, facsimile machines, SMS’s or e-mail is prohibited unless the data subject has provided consent to the processing, or is, subject to further conditions, an existing customer of the responsible party.

For purposes of a Data Subject exercising its rights further enquiries and the exercise of its rights in relation to access, objection to, and complaints in respect of the processing of personal data, the contact particulars of the Information Regulator of South Africa, are as follows:

JD House, 27 Stiemens Street

Braamfontein

Johannesburg 2001

PO Box 31533

Braamfontein

Johannesburg 2017

Complaints: complaints.IR@justice.gov.za

General enquiries: inforeg@justice.gov.za

10. Links to other Websites

This Privacy Policy applies only to the Website. The Website may contain links to other websites that Syngency may not own or operate. The links from the Website do not imply that Syngency endorses or has reviewed these websites. The policies and procedures we describe here do not apply to these websites. We neither can control nor are responsible for the privacy practices or content of these websites. We suggest contacting these websites directly for information on their privacy policies.

11. Your Privacy Rights

The data protection laws in the jurisdiction in which you reside may entitle you to specific rights in relation to your personal data.

In particular, and subject to the legal requirements, you may be entitled to

• Obtain from us confirmation as to whether or not personal data concerning you are being processed, and where that is the case, access to the personal data;
• Obtain from us the correction of inaccurate personal data concerning you;
• Obtain from us the erasure of your personal data;
• Obtain from us restriction of processing regarding your personal data;
• Data portability concerning personal data, which you actively provided;
• Object, on grounds relating to your particular situation, to further processing of personal data concerning you; and
• Withdraw your consent to our processing of your personal data.

Further Information for U.S. Residents

U.S. state privacy laws also provide the right to request information about how Syngency collects, uses, and discloses your information, and they give you the right to access your information, sometimes in a portable format; correct your information; and to request that Syngency delete that information. Many of these laws also provide the right to opt out of certain forms of profiling and targeted advertising. They also provide the right to not be discriminated against for exercising these privacy rights.

Some U.S. state privacy laws also require a description of data practices using specific categories. The listing below uses these categories to organize the information in this Privacy Policy.

Categories of information we collect

Identifiers and similar information such as your name and password, phone number, and address, as well as unique identifiers tied to the browser, application, or device you’re using. Some services may provide the option to submit a valid ID (such as a passport or driver’s license) to verify your identity and to confirm that you are 16 years of age or older, in compliance with the US Child Online Privacy Protection Act (COPPA), the California Consumer Privacy Act (CCPA), and Article 8 of the EU General Data Protection Act (GDPR).

Demographic information, such as your age, gender and language. Depending on the application, you can also provide additional information, like your gender identity or race and ethnicity.

Geolocation data, such as may be determined by GPS, IP address, and other data from sensors on or around your device, depending in part on your device and account settings. Depending on these settings, this may include precise location data.

Internet, network, and other activity information such as information about the interaction of your apps, browsers, and devices with our services (like IP address, crash reports, and system activity); and activity on third-party sites and apps that use our services.

Other information you create or provide, such as the content you create, upload, or receive (like photos, videos, texts or emails), or additional personal data provided by filling in forms in our Online Offerings.

Communications data, such as texts or emails, as part of a support request, survey or comment on a forum post.

Payment Data such as data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information.

Organizational information such as your company name and job title.

Usage history and patterns of your visits and use of Syngency, including any Syngency Mobile app, such as when you view or click on content, casting notices, ads, perform a search, install or update one of our mobile apps, or apply for roles.

A "cookie” may be placed on your computer when you visit a Syngency website. Syngency may use cookies to personalize your experience using Syngency, and to gather usage data that will help to improve the quality of the website.

Information from third parties to the extent it is necessary to fulfill services requested. For example, we may utilize third party vendors to check your information on an ongoing basis against a variety of sources, which may include, but are not limited to, national criminal databases, criminal and fugitive watch lists, fraud watch lists, law enforcement reports, and other data to assist us in verifying the information you provide us (such as your name, date of birth, address, etc.) and the representations and warranties you make in the Terms of Service and on the Websites.

Business purposes for which information may be used or disclosed

Protecting against security threats, abuse, and illegal activity: Syngency uses and may disclose information to detect, prevent and respond to security incidents, and for protecting against other malicious, deceptive, fraudulent, or illegal activity. For example, to protect our services, Syngency may receive or disclose information about IP addresses that malicious actors have compromised.

Auditing and measurement: Syngency uses information for analytics and measurement to understand how our services are used, including for auditing purposes.

Maintaining our services: Syngency uses information to ensure our services are working as intended, such as tracking outages or troubleshooting bugs and other issues that you report to us.

Legal reasons: Syngency also uses information to satisfy applicable laws or regulations and discloses information in response to legal process or enforceable government requests, including to law enforcement.

Use of service providers: Syngency shares information with service providers to perform services on our behalf, in compliance with our Privacy Policy and other appropriate confidentiality and security measures.

Research and development: Syngency uses information to improve our services and to develop new products and features that benefit our users and customer base.

To facilitate you using Syngency services and applications, which includes creating and administering your online account, updating, securing, and troubleshooting, and providing support.

Parties with whom information may be disclosed

Service providers, trusted businesses, or persons that process information on Syngency’s behalf, based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures.

Other people with whom you choose to share your information, like videos or photos.

Law enforcement or other third parties, for legal reasons described elsewhere in this Privacy Policy.

Third parties with your consent, such as services that integrate with Syngency’s services.

If you are a U.S. resident, then please take note of the following:

Do Not Track

At this time our Online Offerings do not recognize or respond to “Do Not Track” browser signals. For more information on “Do Not Track”, please visit your browser’s support page.

Usage by Children

This Online Offering is not directed to children under the age of sixteen. We will not knowingly collect personal data from children under the age of sixteen without insisting that they seek prior parental consent if required by applicable law. We will only use or disclose personal data about a child to the extent permitted by law, to seek parental consent, pursuant to local law and regulations or to protect a child.

Exercise of your Rights and filing a Complaint

If you would like to exercise your rights under this Policy or the GDPR, or would like to lodge a complaint with respect to the implementation of this Policy and our processing of your Personal Data, please contact:

Syngency, Inc.

Attn: Privacy

1100 Busch Garden Court, CA 91105

United States

+1 (909) 235-9069

Please note that we may request official identification information, such as a copy of your ID card, drivers’ license, etc. from you when you submit a complaint.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Syngency Inc. commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss- U.S. DPF.

You may, subject to its terms, invoke binding arbitration in accordance with Annex I of the DPF Principles:https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset35584=2

This provides that you may invoke binding arbitration by delivering notice to Syngency Inc. and following the procedures and subject to conditions set forth in Annex I of the Principles.

Please note that we are subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

Specific Rights for State Residents

Depending on the U.S. state in which you reside, you may have special rights with respect to your personal data.

The following section provides additional information and describes specific rights that may be applicable to residents of the following U.S. states:

California – the California Consumer Privacy Act (CCPA)

Colorado – the Colorado Privacy Act (CPA)

Connecticut – the Connecticut Data Privacy Act (CTDPA)

Utah – the Utah Consumer Privacy Act (UCPA)

Virginia – the Virginia Consumer Data Protection Act (VCDPA)

This section is not applicable to and may not be relied upon by anyone who resides outside of the U.S. states listed above. If you reside in one of these U.S. states, (a) you may have additional rights with respect to your personal data, and (b) you should note the following:

Syngency may, through a variety of online and offline sources, collect the categories of personal information identified below and separately in the Privacy Policy:

• Personal identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, social security number, driver’s license number, passport number, telephone number, state identification card number, insurance policy number, bank account number, credit card number, debit card number, financial information, medical information, or health insurance information.
• Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
• Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement
• Geolocation data.
• Biometric and physical characteristics such as audio, electronic, visual, thermal, olfactory, or similar information.
• Professional or employment-related information.
• Education information

The categories of third parties with which we may share personal data are described elsewhere in this Privacy Policy. Please note that we do not engage in the sale of personal data to third parties at this time.

Exercise of Applicable Rights; Appeal

To exercise any rights that may be available to you under the law of the state in which you reside (for example, any rights to deletion or disclosure of personal data or to appeal a decision that we have made with respect to your request), please contact us at privacy@syngency.com.

Please note that any requests may be subject to verification of the identification of the requestor. The method we would use to verify your identity will be different depending on the manner and context in which your data was collected and may require the provision by you of such personal information as may be necessary to match you to our records of you (if any). Depending on the laws of your state, you may be entitled to use an authorized agent to exercise your rights on your behalf and, if you choose to do so, such an agent may contact us in the same manner as described above and will also be required to verify their own identity and their authority to act on your behalf.

If you have questions, concerns, or comments, please contact us at privacy@syngency.com.

Additional Notices for California Residents Only

This section applies and provides further information to California residents and notifies them of their rights under California law. This section is not applicable to and may not be relied upon by anyone else besides California residents.

California’s “Shine the Light” law

California’s “Shine the Light” law permits those of our customers who are California residents to annually request a list of their personal data (if any) that we have disclosed to third parties for direct marketing purposes in the preceding calendar year, and the names and addresses of those third parties. Currently, we currently do not share any personal data with third parties for their direct marketing purposes.

Notices

The sources from which the personal information may be collected may include:

• the internet sites of Syngency and its affiliates that you visit
• the mobile applications of Syngency and its affiliates that you use
• you or your employer, such as via telephone, mail, email, or in connection with potential business opportunities
• our customers, vendors, and suppliers
• third parties from whom we purchase contact data

California Privacy Rights

California Civil Code Section §1798.83 permits users of our Websites that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an e-mail to privacy@syngency.com.

The California Consumer Privacy Act of 2018, California Civil Code Sections 1798.100 et seq. (CCPA), may additionally afford rights to our users and customers who are California residents.

California residents have the right to request that we delete the personal data that we have collected about that resident. Please note that there are circumstances under which such a right of deletion does not apply, such as where it is reasonable for us to maintain the personal information to:

• Complete the transaction for which the personal information was collected, provide a good or service requested or reasonably anticipated, or otherwise perform a contract with the resident.
• Detect security incidents; protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.
• Debug to identify and repair errors that impair existing intended functionality.
• Exercise free speech, ensure the right of another resident to exercise his or her right of free speech, or exercise another right provided for by law, or Comply with a legal obligation.
• Comply with the California Electronic Communications Privacy Act.
• Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest (when deletion of the information is likely to render impossible or seriously impair the achievement of such research) if the resident has provided informed consent.
• To enable solely internal uses that are reasonably aligned with the resident's expectations based on the relationship with us.
• To otherwise use the personal information, internally, in a lawful manner that is compatible with the context in which the resident provided the information.

California residents have the right to request that we disclose, with respect to that resident,

• The categories of personal information we have collected.
• The categories of sources from which we collected personal information.
• The purpose for collecting or selling personal information.
• The categories of third parties with whom we share personal information.
• The specific pieces of personal information we have collected.

California residents have the right to request correction of inaccurate personal information.

Syngency does not discriminate against our users and customers on the basis of their exercising any of their rights afforded by the CCPA, which is further in accordance with California residents’ rights under that title.

Following any request, we will verify your identity. You may also authorize an agent to submit a request on your behalf, so long as you provide the authorized agent written permission to request on your behalf, and your authorized agent is able to verify their identity with us.

More information about the California Consumer Privacy Act (CCPA) can be found here:

https://oag.ca.gov/privacy/ccpa

Additional Notices for Colorado Residents Only

The Colorado Privacy Act (CPA) permits users of our Websites that are Colorado residents to have the following rights with respect to their personal data:

• The right to opt-out from the sale of their personal data, or use of personal data for targeted advertising and certain types of profiling;
• The right to know whether a controller is collecting personal data;
• The right to access personal data that a controller has collected about them;
• The right to correct personal data;
• The right to delete personal data; and
• The right to download and remove personal data from a platform in a format that allows the transfer to another platform.

More information about the Colorado Privacy Act (CPA) can be found here:

https://coag.gov/resources/colorado-privacy-act/

Additional Notices for Connecticut Residents Only

The Connecticut Data Privacy Act (CTDPA) permits users of our Websites that are Connecticut residents to have the following rights with respect to their personal data:

• The right to access personal data that a controller has collected about them.
• The right to correct inaccuracies in their personal data.
• The right to delete their personal data, including personal data that a controller collected through third parties.
• The right to obtain a copy of their personal data in a portable and readily usable format that allows them to transfer the data to another controller with ease.
• The right to opt-out of:
• the sale of their personal data;
• the processing of personal data for the purposes of targeted advertising; and
• profiling that may have a legal or other significant impact.

More information about the Connecticut Data Privacy Act (CTDPA) can be found here:

https://portal.ct.gov/AG/Sections/Privacy/The-Connecticut-Data-Privacy-Act

Additional Notices for Utah Residents Only

The Utah Consumer Privacy Act (UCPA) permits users of our Websites that are Utah residents to have the following rights with respect to their personal data:

A consumer in the state of Utah has the right to:

• Confirm whether a business is processing their personal data;
• Access their personal data;
• Request that the personal data that they provided to a business be deleted;
• Obtain a copy of the personal data that they previously provided to a business; and
• Opt out of having their personal data used for the purpose of:
• Targeted advertising; or
• The sale of personal data.

A consumer must be provided with a reasonably accessible and clear privacy notice which describes:

• The categories of personal data processed by a business;
• The purposes for which the personal data are processed;
• How a consumer may exercise their rights;
• The categories of personal data that the business shares with third parties, if any; and
• The categories of third parties, if any, with whom the business shares personal data.

If a consumer’s personal data is sold and used for targeted advertising, a consumer must be informed about how a consumer may opt out of the:

• Sale of their personal data; or
• The processing of their personal data for targeted advertising.

The right to notice and an opportunity to opt out of processing also applies to a consumer’s sensitive data. A consumer may exercise any of these rights by submitting a request to a business, specifying the right the consumer intends to exercise. The business must then respond to the consumer’s request within 45 days.

For more information contact the Utah Consumer Protection Division at https://dcp.utah.gov/ucpa/

Additional Notices for Virginia Residents Only

The Virginia Consumer Data Protection Act (VCDPA) permits users of our Websites that are Virginia residents to request that the controller of their personal data:

• Confirm if the controller is actually processing their personal data.
• Correct inaccuracies in the consumer’s personal data that is collected by the controller.
• Delete personal data provided by or obtained about the consumer.
• Obtain copies of the personal data collected by the controller.
• Opt out of the processing of personal data for purposes of targeted advertising, the sale of personal data, or further profiling.

More information about the Virginia Consumer Data Protection Act (VCDPA) can be found here:

https://law.lis.virginia.gov/vacodefull/title59.1/chapter53/

12. Security of Your Data

Syngency Inc. is committed to protecting the security of Your Personal Data. We use a variety of industry-standard security technologies and procedures to help protect Your personal data from accidental or unlawful destruction, loss, use, or alteration and against unauthorized disclosure or access.

13. How To Contact Us

You may contact Syngency Inc. regarding our privacy practices at the following address:

Syngency Inc.
1100 Busch Garden Court
Pasadena, CA 91105

Email: privacy@syngency.com

If you have any questions regarding Syngency's privacy practices, need to access the policy in an alternative format due to a disability, exercise your right to opt-out from the sale of your personal data, or use of your personal data for targeted advertising and certain types of profiling or if you would like to access, update, or delete your personal information, please contact us via email at privacy@syngency.com.

Our team will assist you with any data privacy related questions, comments, concerns, or complaints or in case you wish to exercise any of your data privacy related rights.

We will always use reasonable efforts to address and settle any requests or complaints you bring to our attention. Besides contacting us, you always have the right to approach the competent data protection authority with your request or complaint.

14. Changes To the Privacy Policy

This Privacy Policy is effective as of July 31, 2024. Syngency Inc. reserves the right to change this Privacy Policy at any time. Syngency Inc. does not undertake to provide you with personal notice of any changes. In the event of material changes, Syngency Inc. will provide notice by means that are reasonable under the circumstances, such as by posting a notice on the website. Your continued use of Syngency Inc. following the posting of changes to this Privacy Policy means you accept those changes.

Last updated July 17, 2024