- GDPR Data Processing Addendum
We store your personal information on our servers which are located in Canada. Canada provides an adequate level of data protection as required by Art 45 (1) GDPR.
Privacy Officer (Data Protection Officer)
Sync has designated a Privacy Officer (Data Protection Officer) who you may contact via email at email@example.com.
According to Art. 13 (1) (c) and Art. 14 (1) (c) GDPR, we have to inform you about the purposes of the processing for which your personal information is being collected and used as well as the legal basis for such processing.
Moreover, we process your personal information to:
Where we process your personal information on the basis of Art. 6 (1) (b) GDPR, you are contractually required to provide us with your data and we are not able to provide our services without such data. If we process your personal information on the basis of our legitimate interests (Art. 6 (1) (f) GDPR) and in case you want to learn more about our balancing of interests, please contact our Privacy Office at firstname.lastname@example.org.
When visiting our Website, we collect and store the IP address assigned to your computer in order to provide you with the contents of our Website requested by you (e.g. texts, images and product information). The legal basis insofar is Art. 6 (1) (b) GDPR. We furthermore collect that information for the detection and defense of misuse which is justified by our legitimate interest according Art. 6 (1) (f) GDPR and is being conducted in order to ensure the proper functioning of our Website. Furthermore, we collect and process information about the browser type you use as well as date and time of access and use of our Website based on Art. 6 (1) (f) GDPR to optimize our Website and our services which also is our legitimate interest in the meaning of Art. 6 (1) (f) GDPR. This information is stored in log files and is not linked to personal information gathered elsewhere on the Website. You are contractually required to provide us with such information and we are not able to provide our services to you without such data.
When you create an account, Sync’s account creation process requires that you provide personal information and other contact information. Such personal information may include your e-mail address, first name, last name, and personal and/or business billing information. Access to your personal information is restricted to us, and in the case of a Business Pro plan, the account administrator. Your e-mail address and display name may also be visible to the people you share with, or accept a share invitation from. Your personal information will be processed by us for verification purposes and to provide our services to you on the legal basis of Art. 6 (1) (b) GDPR. You are contractually required to provide us with such information and we are not able to provide our services to you without such data.
When you use our Sync services your personal information and other information you provide is encrypted in transit using SSL/TLS encryption. Sync's desktop, mobile and web applications (“Sync Apps”) apply an additional layer of client side encryption automatically, during transit and at rest, which we define as end-to-end encryption.
Sync never collects or stores your file, file meta data, encryption keys or passwords (your “Encrypted Data”) in an unencrypted format, unless you request us to do so. The Encrypted Data you upload to Sync is always end-to-end encrypted, and stored in such a way that we cannot access it in a readable format, or share it with third-parties. Sync's applications and features allow you, and only you (or in the case of the Business Pro plan, you and the administrator) to control who can decrypt your Encrypted Data, for example when sharing with other people, when enabling in-app sharing with other apps, when enabling account or password recovery, or in the case of a Business Pro plan administrator, when provisioning an account.
We make every effort to ensure that we cannot access or decrypt your Encrypted Data, regardless of which features you may have enabled or use.
During the use of our service, you may also submit non-Encrypted Data, including your email address. We make every attempt to ensure that the transmission and storage of non-Encrypted Data is secure, and that access to this data is highly restricted. If you have any questions about the security of your Encrypted Data or non-Encrypted Data you can contact us at email@example.com
Sync may also use your personal information for purposes such as:
We will ask you for your prior consent before contacting you accordingly and the legal basis for such processing of your personal information is your consent (Art. 6 (1) (a) GDPR). Where you are able to subscribe to periodic information updates (e.g. our newsletters), we are using the double-opt-in method (confirmation of your email address by confirmation email before the first marketing communication is sent) in order to verify consent. You may withdraw your consent at any time with future effect which will not affect the processing of your personal information being undertaken until the withdrawal by
We use service providers or other third parties to help us provide our products or services to you. Such service providers may have access to your personal information. Regardless of where these service providers or other third parties are located, we require that they also comply with the GDPR and the applicable data protection laws. We use the following categories of service providers or other third parties:
We will retain your Encrypted Data for as long as your account is active. You can cancel your account at any time, which will permanently delete your Encrypted Data. In addition, when sharing, you control the deletion of data shared with other users.
Moreover, we will retain your personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
If you want to learn more about our data retention concept, please contact our Privacy Office at firstname.lastname@example.org.
You have the following rights:
We don’t use your personal information for automated decision-making, including profiling.
You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work or place of the alleged infringement if you consider that our processing of your information relating to you infringes the GDPR. Please contact our Privacy Office at email@example.com and we will provide you with detailed information as regards the contact details of the respective supervisory authority.
This file was last modified on November 22, 2019.
Copyright © 2023 Sync.com, Inc.