This document provides guidance regarding the protection of Personal Data
that may be transferred globally by syncreon Global Holdings Limited and
any of its subsidiary and affiliate companies (collectively the “Company”).
Policy Owner: EVP – CIO, Julian Mordaunt
Actively Involved: EVP – CHRO, Andreas Guenther
Actively Involved: General Counsel – Kenneth Pocius
- “Company” means syncreon Global Holdings Limited an any of its – directly or indirectly – majority owned subsidiaries.
- “Personal Data” or “Personal Information” means any information relating to an identified or identifiable natural person.
An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- “Process” means any on-line, off-line or manual processing, any operation or set of operations which is performed on personal data or on sets of personal data and includes such activities as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data.
- “Sensitive Personal Data” means special categories of personal data, such as personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
- “European Economic Area” (“EEA”) includes the twenty-eight member states of the European Union (“EU”) plus Iceland, Liechtenstein, and Norway.
- “Agent” means any third party that collects, maintains, or uses Personal Information under the instructions of or solely for the Company or to which the Company discloses Personal Information for use on behalf of the Company.
The Company respects individual privacy and values the confidence of our customers, employees, suppliers, independent contractors, consultants, business partners, and others. The Company adheres to the principles of the EU Data Protection Regulation (“GDPR“) concerning the transfer of Personal Data from the European Union or ‘Commonwealth’ to the United States of America. Accordingly, we follow the requirements of the GDPR with respect to the transfer of personal data between any and all countries. This statement outlines the Company’s general policy and practices for implementing data protection principles, including the types of information the company gathers, how we use it, and the choices the affected individuals have regarding our use of, and their ability to correct, that information.
This policy applies to all Personal Information or Sensitive Personal Data the Company handles, including on-line (except as noted below), off-line, and manually processed data.
Principles Protecting Individuals' Privacy Notice and Choice
To the extent permitted by applicable law, such as GDPR and national regulations, we reserve the right to process Personal Information in the course of our internal business operation without the knowledge of individuals involved in a secure and protected method. Where applicable laws only permit us to process personal data if a legal basis allows this, we will proceed accordingly.
Where the Company receives Personal Information from its subsidiaries, affiliates, or other entities in the EU or any other country, the Company will use and disclose such information in accordance with the purposes for which it was originally collected, or in accordance with the notices provided by such entities.
The Company will provide notice and provide individuals with an opportunity to “opt-out” if such Personal Information is to be disclosed to a third party or used for a purpose incompatible with the purpose for which it was originally collected if such disclosure or processing for a different purpose is permissible under applicable data protection law. For Sensitive Personal Data, affirmative or explicit, the Company will provide notice and individual choice will be given to “opt-in” if such Sensitive Personal Data is to be disclosed to a third party or used for a purpose other than the purpose for which it was originally collected.
The Company collects Personal Information from individuals only as permitted by applicable data protection law or with the consent of the individual affected. Consent for Personal Information to be collected, used, and/or disclosed in certain ways may be required in order for an individual to obtain or use our services.
Disclosures & Transfers
Disclosures and Transfers
The Company does not disclose an individual’s Personal Information to third parties, except when one or more of the following conditions is true:
- The Company has the individual’s consent to make the disclosure;
- The disclosure is required by law or mandatory professional standards;
- The disclosure is necessary to meet our legitimate interest and is not overridden by the data subject’s interests. For example, this may be the case where the disclosure is reasonably related to the sale or other disposition of all or part of our business; or reasonably necessary for the establishment of legal claims; or
- The disclosure is to another entity or to persons or entities providing services on our or the individual’s behalf (each a “Transferee”), consistent with the purpose for which the information was obtained, if the Transferee, with respect to the information in question:
• is subject to law providing an adequate level of privacy protection;
• has agreed in writing to provide an adequate level of privacy protection; or
• subscribes to the EU/US Privacy Shield Principles.
Data, Security, Integrity & Access
The Company will take all reasonable measures to ensure the protection of Personal Information from accidental loss, destruction, improper use, alteration, or disclosure. The Company processes Personal Information only in ways compatible with the purpose for which it was collected and authorized by the individual, if applicable. To the extent necessary for such purposes, the Company takes reasonable steps to make sure that Personal Information is accurate, complete, current, and otherwise reliable with regard to its intended use.
If an individual determines that the information the Company maintains about that individual is inaccurate, or if an individual would like to update or review his or her information, the individual may contact the Company using the contact information below or file a request via our Data Privacy Request Form (see link below). The individual will need to provide sufficient identifying information. We may request additional identifying information as a security precaution. In addition, the Company may limit or deny access to Personal Information where providing such access would be unreasonably burdensome or expensive in the circumstances, or as otherwise permitted by applicable data protection laws. In some circumstances, we may charge a reasonable fee, where warranted, for access to Personal Information.
Collection of Information from Minors
The Company does not collect any information on any individuals who are below the age of 16 except where mandated by law.
“Cookie” may also be called an HTTP-, web-, or browser cookie and refers to data that is sent from a website and stored by the user’s browser. When the user returns to the website at a later date, the cookie can be used by the Company’s website to obtain information about the user’s previous activity on the website.
The Company does not collect any financial payments or financial information on the Company’s public website. Financial information that is collected by the Company by other means is secured in accordance with requirements of the customer contract.
The Company retains customer information for the period specified in the contracts with specific customers. When no longer required, customer information is destroyed in accordance with the requirements of the contract or applicable law.
We are committed to ensuring the privacy of the data you entrust us with. If you have any concerns regarding data or privacy you can contact us through this link:
In the event of a merger, all data will be transferred to the new entity.
In the unlikely event of a bankruptcy proceeding, all information would be transferred in accordance with Court Order.
Limitation on Application of Principles
Adherence by the Company to these data protection principles may be limited (a) to the extent required to respond to a legal or ethical obligation; and (b) to the extent expressly permitted by an applicable law, rule or regulation.
How to file a Data Request If you would like to file a data request, such as the deletion of your data, update your data or get information on the data we hold about you, please follow the link below. https://app-de.onetrust.com/app/#/webform/ec219564-9758-4b5b-8f0f-b0dd7d90c5ec
How to Contact Us
By Telephone at +1-248-475-6227 or email at firstname.lastname@example.org
By post at the following mailing address:
2851 High Meadow Circle, Suite 250, Auburn Hills, MI 48326 USA