In a nutshell:
- Organizations worldwide trust Synerion with their workforce management and employee data. It’s our privilege and duty to protect their data and yours.
- We mostly process personal information on behalf of our customers, so in case of any issue, please contact your employer as a first step. Your employer has complete control over your personal information.
- We also collect and process personal information of our website visitors, business contacts, and customers.
- We respect your rights regarding your personal information. If you have any questions regarding your personal data, please contact us, we’re here to help: firstname.lastname@example.org
1) Introduction and Definitions
Synerion is a technology platform owned and operated by us, Synerion Systems Ltd – the Company. You can find our contact details below.
Synerion’s Workforce Management comprehensive and modular suite of software solutions helps organizations plan, monitor, and maximize the employee life cycle, including the daily operation of workforce management (such as attendance and task allocation), access control, strategic talent management, and Human Resources Management (including payroll). These organizations are our Customers.
Synerion uses a dedicated web-based interface – the Portal, a mobile application, Synerion Mobile Pro – the App, physical access control terminals – the Devices, and an on-premise or cloud Platform, accessible to Customers through the App and the Portal. Any person using the Synerion Portal, App, or Devices is an End User.
Our Customers decide the purposes for which they use Synerion, as well as the means for collecting data from Synerion’s magnitude of features. We process the data on our Customers’ behalf and according to their instructions. Our Customers control the data processed on their behalf on Synerion.
To make things clear with an example: if you’re an employee of CorpCo, you are an End User, CorpCo is our Customer and has full control over your personal data, and we process your personal data on CorpCo’s behalf and according to its instructions.
If you’re an End User and have any issue regarding your personal information, please contact your employer first! Our Customer’s contact details appear in your Portal and App and in any communication you receive from Synerion.
In addition to our processing activities above, we also operate several Websites – such as Synerion.com and Synerion.co.il – and collect personal data of Visitors. Some Visitors and other people who communicate with us, become our business Contacts or Customers. We collect and process various personal information regarding our Visitors, Contacts, and Customers, and we are the data controllers for such personal information.
2) What Personal Data Do We Process?
Our Customers decide which personal information they want to collect and manage on top of our Synerion Platform. We usually process these types of personal data about End Users, but exact data fields may vary per Customer and End User:
- Identification information, such as full name, Identification number (e.g. ID number, Social Security Number, or passport number), date of birth, gender, profile photo, usernames and passwords for accessing Synerion
- Contact details, such as country/time zone, work and home addresses, phone numbers, and email address
- Exact and approximate location information
- Work-related information, such as: employer, employee ID, division, department, role, and title information, employment start day, end day, work days, work hours, absence days, absence hours, information regarding projects and task performance, salary, wages, and other compensation information
- Any personal data contained in any photos, media, and other files uploaded by Customers or End Users
- Any other personal data our Customers or End Users enter or share on Synerion
- Important notice: Devices at the Customers’ premises that are connected to Synerion might process biometric data, such as fingerprints and profile pictures, to identify End Users, for security, access control, or time management purposes. However, no such biometric data is sent to Synerion or processed by us. All biometric data is stored locally on the Devices, which are owned and operated by the Customers, under the Customers’ sole and complete control. Synerion receives from the Devices only the employee identification number and timestamps for entry and exit, and processes such data on the Platform. Please contact your employer for any question regarding the use of Devices at the workplace.
If you’re a Contact or Customer of ours, we collect and process these types of personal data about you:
- Identification information, such as full name, Identification number (e.g. ID number, Social Security Number, or passport number), date of birth, gender, profile photo
- Contact details, such as country/time zone, work and home addresses, phone numbers, and email address
- Social networking information you’ve shared with us
- Work-related information, such as company, division, department, role, and title information
- Payment information, such as bank account number, credit card details, or other billing information
- Any personal data contained in any photos, media, and other files sent to us
- Any other personal data you provide us on any communication channel, such as email correspondence, Customer support, and product feedback.
We also collect and process these types of personal data about anyone using Synerion, the Portal, the App, or our Websites:
Usage, logs, analytics, and other device and technical data collected when you use our Websites or Synerion, including device information and identification numbers, operating system information, IP address, browser and session information, browsing history and referrals, cookies information, advertising identification numbers, language information, connectivity information, configuration information, metadata of files, and usage information (such as screen views, clicks, and usage time).
3) What About Personal Data of Children?
Synerion is a workforce management platform that is not intended for children, and we do not market our products and services to children. We do not knowingly collect or process information about children. Nevertheless, our Customers as employers might select to collect information about the marital and familial status of their workforce and potentially about End User’s children, for example in order to calculate social benefits. Please contact us (contact details below) if you have any concerns with respect to children’s personal data processed by Synerion.
4) How Do We Collect Your Personal Data?
If you’re a Synerion End User, there are two ways in which we receive personal data about you that we process on behalf of our Customer:
- Our Customer provide us with your personal data through Synerion, the Portal, Devices operated by the Customer, Customer’s use of the App, or otherwise.
- You provide us personal data directly through your use of the Portal, App, Devices, Website, Customer support channels, or otherwise.
If we do not receive all required data from the Portal, the App and your device, Synerion might not function properly. The data provided by Synerion to our Customer who controls your account might be incomplete or inaccurate, and that might affect your work or compensation. Please consult with your employer regarding the potential effect of disabling permissions or uninstalling the App.
If you’re a Contact or Customer of ours, there might be several ways in which we receive your personal data:
- When other Customers, Contacts, resellers, business partners or third parties, share your information with us, based on their interaction with you, their purposes, their legal bases, and their privacy policies. In such cases, we take responsibility for controlling only the personal data that we have received. (This does not apply to End Users’ data that we only process on behalf of our Customers)
- When you share it with us directly, through your communication with us on the Websites’ contact forms, by email, phone, or facsimile, in conferences, meetings, or via any other communication channel
- We might augment the personal data we have about you with information you have provided us directly, information others have provided us about you, and data we’ve collected about you from your use of Synerion, the Portal, the App, or the Websites (see below).
If you’re a Visitor to our Websites or an End User using Synerion App or the Portal, we might receive some personal data through your device, operating system, and browser, and various hosting, tracking, analytics and advertising technologies used on our Websites and App, such as cookies (see below), Microsoft Azure, WordPress and WordPress plugins, Analytics and Advertising technologies by Google and others, Customer support services by Zendesk, and other technologies. Our Websites do not currently respond to “Do Not Track” signals sent by your browser or device.
5) What About Cookies?
6) What Are The Purposes for Processing Personal Data? How Do We Use Your Personal Data?
The purposes for the processing of personal data on Synerion Platform are determined by our Customers. Each Customer might use Synerion for different purposes. Such purposes might include employee time and attendance management; human resources management; field agent management; project and task management; salary, payroll and compensation calculation and payment; and more.
If you’re an End User, we collect and use your personal data to provide our services to our Customers, according to their instructions, so they can achieve their respective purposes. Synerion may use your device and contact details, according to Customer’s instructions and settings on the Portal, to communicate with you. For example, Synerion may send you emails or text messages reminding you to punch in and out, log your work hours, attendance, project and task activity, etc. All such interactions are performed on Customers’ request, and based on the Customer’s settings or your own.
Our purpose in processing personal data on Synerion is to provide our services to the Customers according to our agreements with them and applicable law. We might also process usage and analytics information, as well as some statistical and aggregate data derived from personal data, for the improvement and further development of Synerion Platform, Portal, App, and Devices, or for research purposes.
Websites, Customers, Contacts and Visitors
If you’re a Customer, Contact, or Visitor on our Websites, we may process your personal data for our own business purposes, including:
- Delivering our products and services, and improving them
- Providing information about our company, products, and services
- Providing Customer support, billing and invoicing
- Contacting you via any communication channel, including email, phone, SMS, and other messaging platforms
- Analyzing and optimizing traffic and usage on the Websites, Synerion Platform, the Portal and the App
- Protecting our company, staff, Customers, and systems
- Online advertising in all forms and channels, including targeting you and others who share similar characteristics as you (lookalikes) online on search engines, websites, apps, messaging platforms, social networking platforms, and offline
- Direct Marketing in all forms and channels, including email, SMS, messaging, postal service, and more; you can always opt-out from Direct Marketing by unsubscribing yourself through links on any communication or by contacting us and notifying us accordingly.
We may use anonymous, statistical or aggregated information we collect, in a form that does not enable the identification of a specific individual, by posting, disseminating, transmitting or otherwise communicating or making available such information to customers, vendors, partners and any other third party.
7) What Is The Legal Basis For Our Processing of Data?
As data controllers, our Customers usually process personal data on Synerion and on their own systems (and we process such data as a data processor on their behalf and according to their instructions) based on any or some of the following legal bases:
- Processing is necessary for compliance with a legal obligation to which the Customer is subject, for example labor regulation;
- Processing is necessary for the performance of a contract to which the data subject is party (for example, an employment agreement you have with our Customer, or Synerion’s Terms of Service) or in order to take steps at the request of the data subject prior to entering into a contract;
- Processing is necessary in order to protect the vital interests of the data subject or of another natural person, for example the right to receive accurate payment for their work hours;
- Processing is necessary for the purposes of the legitimate interests pursued by our Customer or by a third party, for example validating attendance at work or for work, or assigning projects and tasks to the workforce in an efficient manner;
- In certain cases, processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in our Customer as data controller; or
As data processors, we process personal data on Synerion based on the legal bases above, and also any or some of the following legal bases:
- Processing is necessary for the performance of our contracts with our Customers;
- Processing is necessary for compliance with a legal obligation to which we are subject as data processors, for example data protection and privacy regulation;
- Processing is necessary in order to protect the vital interests of our Customers, their staff and management;
- Processing is necessary for the purposes of the legitimate interests pursued by us, such as the conduct of our business.
- The data subject (End User or Customer representative) has given us consent, through the Portal, the App, or otherwise, to the processing of his or her personal data for the specific purposes communicated in this policy.
Websites, Customers, Contacts, and Visitors
As data controllers for our Customers, Contacts and Visitors’ personal data, we process personal data based on any or some of the following legal bases:
- The data subject has given us consent to the processing of his or her personal data for specific purposes communicated in this policy;
- Processing is necessary in order to protect the vital interests of the data subject or of another natural person, for example protecting our Customers and our staff;
- Processing is necessary for compliance with a legal obligation to which we are subject, for example the need to maintain billing records for transactions;
- Processing is necessary for the purposes of the legitimate interests pursued by us, or our Customers, for example the conduct of our business, the development and delivery of our products and services, and the promotion and sales of such products and services.
8) Who Do We Share Your Information With?
Our services sometime enable you to share information, including personal data, with your consent. This section deals with information we share about you with others.
For the delivery of our services, we share all End User data on Synerion with the Customer who is the data controller with respect to such End User. This means that your employer has access and control over all the information we collect about you. We also share Customer’s representatives contact details to all End Users and others who might need them to comply with any applicable law. Our Customers may select to share the information with some of their staff, HR software providers, payment providers, and others.
Customers, Contacts, and Visitors
We process your personal data on our servers and computers, but also on third-party Customer Relationship Management (CRM) systems (such as Microsoft Dynamic CRM), support systems (such as TeamViewer and Zendesk), and billing systems. We may share some of your details with our staff, consultants, resellers, affiliates, and other third-party business partners for research and analysis, cooperation opportunities, joint promotions, sales, and events.
We use additional processors around the world for various processing activities needed for the performance of our Websites, Synerion Platform, our other products and services, our operations, and our business, and share information with such processors on a need basis. Such processors include hosting and backup providers (such as Microsoft Azure and Triple C), analytics providers (such as Google Analytics), website technology (such as WordPress and WordPress plugins), advertising technology (such as Google and Facebook), security technology and vendors (such as Checkpoint, Exact, and Cellcom), newsletter and mail technologies (such as Pionet), terminal and Devices technology (such as Rosslare), and more. We limit the information we share with each processor based on the business need in using such processor, to protect your information while still effectively benefiting from the services of such processor.
We may also share non-personally identifiable information and aggregate information for any purpose. Such data is not personal data, and its sharing cannot be used to identify you.
We may need to share your information with law enforcement agencies, courts of law, and other governmental organizations, if ordered to do so by competent bodies and according to applicable law.
Mergers and Acquisitions
If we are involved with a merger, asset sale, financing, liquidation, bankruptcy, or the acquisition of all or part of our business to another company, we may share your information with that company and its advisors before and after the transaction date.
9) How Do We Safeguard Your Personal Data?
We take information security very seriously. We are ISO 27001:2013 certified and implement the state of the art security standards to prevent unauthorized access, maintain data accuracy, and ensure the correct use of information. We also implement appropriate organizational measures to protect your information.
We apply our security standards also when working with business and technology partners. We only select and contract with processors and third parties who use appropriate security measures and provide sufficient guarantees, including technical and organizational measures, to ensure the appropriate protection of the data we entrust with them. Unfortunately, although we make every effort to keep your data safe, we cannot fully ensure or warrant the security of your personal information.
You can take part in securing your personal data on Synerion. You can prevent unauthorized access to your account and personal information by selecting a strong password and protecting your login credentials appropriately. Limit access to your computer and mobile device. If you’re using the Portal, sign off when you finish accessing your account.
10) Do We Transfer Personal Data Internationally?
Most of the Synerion information is securely stored on Customers’ premises or on Microsoft Azure cloud in the U.S.. Microsoft takes extreme measures with respect to privacy and data security. Read more about it here.
At the same time, our business is international – we serve Customers that manage their workforce around the world on Synerion, and we utilize additional processors and service providers in various countries. Therefore, we transfer, store or otherwise process your personal information in other countries. We take appropriate safeguards in the selection of our processing vendors around the world to require that your personal information is well protected. Despite our efforts, it may be the case that a country where your personal information is processed has different, or less protective, data protection and privacy regulation than the country you live in.
11) For How Long Do We Keep Personal Data?
If we no longer need your information for the purposes mentioned in this policy, we will delete or de-identify it. In certain occasions we might not be able to fully delete or de-identify your personal information due to technical or operational reasons, for example deleting from backup storage and archives. In such cases, we shall take reasonable measures to secure any information still maintained by us according to our standard data security practices.
What Are Your Rights With Respect to Your Personal Data?
If you’re an End User of Synerion, please approach your employer to exercise any rights you may have, as they are the data controllers of your personal information. Otherwise, please contact us (details below).
According to the data protection and privacy regulation where you live, you may have certain rights with respect to your personal information.
Your rights may include, under certain terms and conditions set in applicable law:
- Right of Access to your personal data processed by us
- Right to Rectification of inaccurate or incomplete personal data
- Right to Erasure of your personal data (“Right to be Forgotten”)
- Right to Restriction of Processing for a certain period or under certain conditions
- Right to Data Portability of your personal data to another data controller in a structured format
- Right to Object the processing of your personal data. Specifically, you have the right to object further processing of your personal data for direct marketing purposes.
- Right Not To Be Subject to a Decision Based Solely on Automated Decision-Making. We do not make any decisions based solely on automated decision-making.
- Right to File a Complaint with the applicable data protection authority in your country
After deletion or de-identification of your personal data following its retention period, the rights to access, erasure, rectification, and data portability cannot be enforced.
Your personal information is processed based on several legal bases, including your consent. You can withdraw your consent at any time. Other legal bases, including statutory or contractual requirements that apply to you or our Customer might remain intact even following the withdrawal of your consent. You can also revoke any permissions you have granted the App or Portal and uninstall the App from your device – this will stop the App and Portal from automatically sending new personal data to Synerion. If we do not receive all required data from the Portal, the App or your device, Synerion might not function properly. The data provided by Synerion to our Customer who controls your account might be incomplete or inaccurate, and that might affect your work or compensation. Please consult with your employer regarding the potential effect of withdrawing your consent, disabling permissions or uninstalling the App.
14) Who Can I Contact Regarding My Personal Data?
If you’re an End User of Synerion, please contact your employer first with any issue, as they are the data controllers of your personal information. Your organization’s contact details appear within the Portal and the App and in any automatic communication you receive from Synerion. If you do not know who your data controller is, please contact our customer support and we will let you know.
You can contact us with any question or concern you have at:
Synerion Systems Ltd.
25 Basel St., P.O.B. 3403
Kiryat Arye, Petah Tikva, 4951038, Israel