Back to Home

GDPR Compliance

Last Updated: March 30, 2025

1. Introduction

At SynapseData, we are committed to protecting the privacy and rights of individuals in accordance with the General Data Protection Regulation (GDPR). This GDPR Compliance Statement outlines how we comply with GDPR requirements in our data processing activities.

This statement applies to all personal data of EU residents that we collect and process through our website, platform, and services.

2. Data Controller and Data Protection Officer

SynapseData acts as a data controller for the personal data we collect and process. We have appointed a Data Protection Officer (DPO) who is responsible for overseeing our data protection strategy and implementation to ensure compliance with GDPR requirements.

Data Protection Officer Contact:
Email: dpo@synapsedata.com
Address: 123 Data Street, Suite 456, San Francisco, CA 94105

3. Lawful Basis for Processing

We process personal data only when we have a lawful basis to do so under GDPR Article 6. The lawful bases we rely on include:

  • Consent: When you have given clear consent for us to process your personal data for a specific purpose.
  • Contract: When processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
  • Legal Obligation: When processing is necessary for compliance with a legal obligation to which we are subject.
  • Legitimate Interests: When processing is necessary for our legitimate interests or the legitimate interests of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.

4. Data Subject Rights

Under the GDPR, individuals have various rights regarding their personal data. We respect and facilitate these rights, which include:

  • Right to Access: You have the right to request a copy of the personal data we hold about you.
  • Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
  • Right to Erasure (Right to be Forgotten): You have the right to request the deletion of your personal data in certain circumstances.
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
  • Right to Object: You have the right to object to the processing of your personal data in certain circumstances, including processing for direct marketing purposes.
  • Rights Related to Automated Decision Making and Profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

To exercise any of these rights, please contact our Data Protection Officer using the contact information provided above. We will respond to your request within one month of receiving it.

5. Data Protection Principles

We adhere to the following data protection principles in our processing activities:

  • Lawfulness, Fairness, and Transparency: We process personal data lawfully, fairly, and in a transparent manner.
  • Purpose Limitation: We collect personal data for specified, explicit, and legitimate purposes and do not process it in a manner incompatible with those purposes.
  • Data Minimization: We ensure that personal data is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
  • Accuracy: We take reasonable steps to ensure that personal data is accurate and, where necessary, kept up to date.
  • Storage Limitation: We keep personal data in a form that permits identification of data subjects for no longer than necessary for the purposes for which it is processed.
  • Integrity and Confidentiality: We process personal data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
  • Accountability: We are responsible for and can demonstrate compliance with the GDPR principles.

6. International Data Transfers

As a company based in the United States, we may transfer personal data from the European Economic Area (EEA) to countries outside the EEA. When we do so, we ensure that appropriate safeguards are in place to protect your personal data, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Binding Corporate Rules
  • Adequacy decisions by the European Commission
  • Other legally approved transfer mechanisms

7. Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) when our processing activities are likely to result in a high risk to the rights and freedoms of individuals. These assessments help us identify and minimize data protection risks.

8. Data Breach Notification

In the event of a personal data breach, we have procedures in place to detect, report, and investigate it. If a breach is likely to result in a risk to the rights and freedoms of individuals, we will notify the relevant supervisory authority within 72 hours of becoming aware of it. If the breach is likely to result in a high risk to the rights and freedoms of individuals, we will also notify the affected individuals without undue delay.

9. Data Protection Training

We provide regular data protection training to our employees to ensure they understand their responsibilities when handling personal data and the procedures they must follow to protect it.

10. Cookies and Similar Technologies

Our website uses cookies and similar technologies. We provide clear information about the cookies we use and obtain your consent where required by the GDPR and the ePrivacy Directive. For more information, please see our Cookie Policy.

11. Changes to This Statement

We may update this GDPR Compliance Statement from time to time. We will notify you of any changes by posting the new statement on our website and updating the "Last Updated" date at the top of this statement.

12. Contact Us

If you have any questions about our GDPR compliance or how we handle your personal data, please contact our Data Protection Officer at:

Email: dpo@synapsedata.com
Address: 123 Data Street, Suite 456, San Francisco, CA 94105

You also have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data infringes the GDPR.