Privacy Information Pursuant to the Art. 13 of the EU Regulation n. 679/2016
A. WHO IS THE DATA CONTROLLER?
The Data Controller is Synallagma SA (hereafter, “Synallagma”), with registered office at Rue De Hollande 13, 1060 Brussels (Belgium), VAT/TVA n. BE0774857180.
The Data Controller can be contacted for all questions relating to this policy at the email address: info@synallagma.com.
B. WHAT PERSONAL DATA WE COLLECT, WHEN, AND HOW WE PROCESS IT
B.1. Website Hosting & Logging Data
Our website, www.synallagma.com, is hosted by Digital Ocean LLC, based in California, USA, who acts as a Data Processor.
We have a signed Data Processing Agreement (DPA) with them.
Digital Ocean processes website logs and technical data only for the purpose of troubleshooting, securing the service, and monitoring usage patterns.
B.2. Website Usage Data (Cookies & Analytics)
We use cookies to improve your experience. Full details on the types of cookies used and how to manage them are available in our Cookie Policy.
We also use Google Analytics (Google, Inc., located in the United States) to understand and optimize the user experience, analyze trends, and improve our services.
Google Analytics utilizes “cookies” to process your website usage data, including your IP address.
International Data Transfer (Google Analytics): The data collected by Google is transferred to and stored on servers in the United States.
This transfer is permitted under the GDPR because Google is certified under the EU-US Data Privacy Framework (DPF), which provides an adequate level of protection for personal data.
We use this information to understand and optimize the user experience on our website and to analyze trends and improve our services.
You can prevent the collection and processing of this data by downloading and installing the Google Analytics opt-out browser add-on.
For more information on Google’s practices, please refer to their Privacy Policy and Terms of Service.
B.3. Personal Data Provided Directly by You
Mailing Lists: we use SendinBlue (a simplified joint stock company, based in France) to manage our mailing lists.
If you subscribe, we collect your email address (and any other requested data) to send you newsletters, updates, or event information.
Membership is kept confidential.
Contact Forms: we also collect personal data you voluntarily provide (such as your name, email address, and message content) when you fill out a form on our website to request information.
C. THE PURPOSES AND LEGAL BASES FOR PROCESSING
1. Responding to Your Requests (Contact Forms)
| Purpose | Legal Basis |
|---|---|
| To respond to your inquiry and provide information about Synallagma and its services and to provide assistance. | Our legitimate interest (Art. 6(1)(f) GDPR) in responding to direct communications and managing customer/stakeholder relations. |
Note: Providing your data is voluntary, but necessary for us to process your request.
2. Newsletters and Marketing Updates
| Purpose | Legal Basis |
|---|---|
| To send you newsletters, event updates, and information on initiatives organized or promoted by Synallagma or its partners. | Your explicit consent (Art. 6(1)(a) GDPR). |
Note: You may withdraw your consent at any time via the unsubscribe link in the email or by contacting us at info@synallagma.com.
D. SHARING AND DISCLOSURE OF PERSONAL DATA
We share your personal data only with appointed Data Processors who provide services necessary for the purposes listed in this policy, such as website hosting (Digital Ocean), mailing list management (SendinBlue), and analytics (Google Analytics).
We have appropriate Data Processing Agreements (DPAs) in place with all Processors.
International Transfers: Data may be transferred to a Third Country (i.e., outside the EEA/EU, specifically to the United States for Google Analytics and Digital Ocean).
These transfers are protected by the EU-US Data Privacy Framework (DPF).
E. DATA RETENTION
1. Data from Contact Forms
We will retain your personal data collected via the contact form for a period of 12 months from the date your request is fulfilled.
After this period, your data will be securely erased.
2. Data Processed with Consent (Newsletters/Updates)
Data processed based on your consent (e.g., for newsletters or updates) will be stored until you withdraw your consent or unsubscribe.
In any case, we will send you a reminder once per year to confirm you still wish to receive these communications, and we will delete your data if you do not confirm your continued consent.
F. DATA SECURITY
The Data Controller implements and maintains appropriate Technical and Organizational Measures (TOMs) to ensure a level of security appropriate to the risk.
These measures are designed to prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data.
These measures include:
- The execution of confidentiality agreements with employees, staff members, and service providers.
- Strictly limiting access to your personal information on a need-to-know basis.
- Secure erasure of personal data when it is no longer needed for the purposes for which it was collected.
Your Responsibility: As the overall security of information also depends on the security of your computer or device and the measures you take to protect your usernames and passwords, please ensure you take appropriate steps to secure your own devices.
G. YOUR RIGHTS AS A DATA SUBJECT
Under the GDPR, you have the following rights, which you can exercise at any time by writing to us at info@synallagma.com:
- Right of Access: to request confirmation of whether we are processing your personal data and to obtain a copy of that data.
- Right to Rectification: to correct inaccurate or incomplete data.
- Right to Erasure (‘Right to be Forgotten’): to request the deletion of your personal data where there is no compelling reason for its continued processing.
- Right to Restriction of Processing: to limit the way we use your data.
- Right to Object: to object to the processing of your personal data based on our legitimate interest.
- Right to Data Portability: to receive your personal data in a structured, commonly used, and machine-readable format.
Verifying Your Identity: to protect your data, and in accordance with Art. 11 GDPR, we may ask you to provide further information to confirm your identity before processing your request.
Right to Lodge a Complaint: you have the right to lodge a complaint with your national Supervisory Authority (Data Protection Authority).
We kindly ask that you attempt to resolve any issues with us before contacting your local authority.