Definitions
“Personal Data”: Any information relating to an identified or identifiable natural person, directly or indirectly, by reference to an identification number or to one or more factors specific to them.
“We” or “Our”: Synotis, registered in the Commercial Register under number CHE-151.643.315, a company of the Smile Group.
“You”: Any user/visitor of the Site.
“Site”: The Synotis website available at https://synotis.ch and all authorized sub-sites that expressly adopt, display, or link to this Policy.
Who is the Data Controller?
Your Data is collected by Synotis, headquartered at Avenue de Rhodanie 64, 1007 Lausanne, acting as the Data Controller. When Synotis acts as a processor, you may refer to the specific conditions and general terms of sale.
What data is collected, on what legal grounds, for what purposes, and for how long?
You can visit the Site without needing to provide any Personal Data about yourself. However, to access certain services available on the Site, we may collect Personal Data that you provide to us voluntarily, either directly or indirectly.
(i) Categories of Personal Data collected Synotis may collect and process the following Personal Data:
- Identity data (surname, first name, etc.)
- Contact data (email, phone, address, country)
- Navigation data (IP address, pages visited, user journey)
- Professional data (job title, company, website, CV, link to social media profile, other documents at your discretion as part of your application)
(ii) Purposes We collect this Personal Data for the following purposes:
- Communication management: To keep you informed of Synotis news, offers, and events via email or newsletter.
- Event management: To track your registration and keep you informed about the event.
- Sales prospecting management: To contact you to identify your needs and determine how Synotis could meet them.
- Request processing: To send you a white paper or respond to a request/message you have left on our Site.
- Recruitment management: To use your CV or online application for recruitment purposes, which implies we may contact you by email, phone, or mail.
(iii) Legal Basis The processing implemented by Synotis is based on:
- Your consent for the management of sales prospecting and communication.
- The legitimate interest of Synotis for processing a request.
- Legal obligations and the legitimate interest of Synotis for recruitment management.
Please note that none of the processing involves automated decision-making.
(iv) Retention Periods Personal Data is kept for a duration adapted to the purposes of the processing and in accordance with current legislation and regulations, notably Article 12 of the nFADP. To define the retention period of your Personal Data, we consider several criteria such as:
- The purpose for which we hold your Personal Data;
- Our legal and regulatory obligations regarding each category of Data;
- Your consent to the processing of your Personal Data, until you potentially object to this processing or untick an opt-in box;
- Any exercise of your right to request the deletion of your Personal Data.
(v) Fate of Personal Data
When the Personal Data we collect is no longer necessary, we destroy or erase it securely.
What about cookies?
A cookie is a text file that may be saved, subject to your choices, in a dedicated space on your terminal's hard drive (computer, tablet, etc.) when consulting an online service using your browser software. It is transmitted by a website server to your browser. Each cookie is assigned an anonymous identifier. The cookie file allows its issuer to identify the terminal in which it is saved during the validity or registration period of the cookie concerned. When you consult the Site, we may install, subject to your choice, various cookies, notably navigation tracking cookies.
Here is the list we use:
HubSpot Section
- __hssc: Tracks sessions. Used to determine if HubSpot should increment the session number and timestamps.
- _hssrc: Set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session.
- __hstc: The main tracking cookie. It contains: the domain, user token (UTK), initial timestamp, last timestamp, current timestamp, and session number.
- hubspotutk: Used to keep track of the visitor. This cookie is passed to HubSpot on form submission and used when deduplicating contacts.
GTM - Piano Analytics Section
Cookies generally expire at the latest 13 months after being placed on the user's computer or mobile terminal.
How to refuse cookies If you do not wish to receive cookies from our Site, you can configure your browser to refuse them or to warn you when you receive one, asking you whether you accept the placement of such a cookie. You can also set your browser to disable cookies. Generally, you can disable the cookie feature on your browser without affecting the ergonomics of your visit to the Site. Note that these settings are only valid for pages created and owned by Synotis. When we integrate links to external websites and you click on these links, you leave our Site. Consequently, the settings and policies applicable to our Site no longer apply. It is your responsibility to consult the data protection and cookie policy of said third-party site.
How is your Personal Data secured?
We comply with current regulations regarding Personal Data protection so as not to expose any person whose Personal Data we process to any violation of these regulations.
We are committed to:
- Implementing appropriate technical and organizational protection, security, and confidentiality measures to guarantee the security, confidentiality, and integrity of Personal Data.
- Maintaining a register of all categories of processing activities in accordance with regulations.
- Conducting any necessary risk assessments and audits regarding personal data processing operations performed.
- Providing data subjects with the information required by regulations and responding to requests and complaints from data subjects.
We respect the principles of "privacy by design" and "privacy by default." Our Site is hosted on servers located in Switzerland (https://www.infomaniak.com/fr) to guarantee an appropriate level of protection for all Personal Data collected and processed. Furthermore, in the event of a Personal Data breach (destruction, loss, alteration, or disclosure), we have a security incident management procedure in place and commit to complying with the obligation to notify Personal Data breaches.
Who has access to your data?
The Personal Data you provide to us may be transmitted to the following recipients:
- Synotis departments authorized to access this information.
- Synotis technical service providers, including its processors, strictly within the framework of the missions entrusted to them.
- The Smile Group, of which Synotis is a part.
The information you provide will be stored and used only for purposes approved by you. We reiterate that we do not share contact information with third-party organizations. We may transfer personal data concerning you in the event that we sell or transfer all or part of our business or assets (including in the event of a reorganization, assignment, dissolution, or liquidation).
International Transfers of Personal Data
Given the international nature of the Smile Group of which we are a part, your Personal Data may be transferred to recipients, internal or external, authorized to perform services on our behalf who may be located in countries within or outside the EU. To guarantee the security and confidentiality of Personal Data thus transferred, we take all necessary measures to ensure that this data benefits from adequate protection, such as the signing of the Standard Contractual Clauses in force proposed by the European Commission.
What about Third-Party Advertisers and Links to other Websites?
To allow you to interact with other websites on which you may have accounts (such as social networks), we may provide links or integrate third-party applications allowing you to connect, publish content, or join communities from our Site. We may also provide links outside the Site. The use of these links and applications is subject to the privacy policies inherent to these third-party sites. We decline all responsibility for the content of these sites, the products and services that may be proposed there, or any other use.
What are your rights regarding your Personal Data and how to exercise them?
We are committed to facilitating the exercise of your rights in accordance with the GDPR and the nFADP. Your rights are listed in the table below:
- RIGHT OF ACCESS AND RECTIFICATION: You may request a copy of your personal data that we hold. You may also request the rectification of inaccurate personal data, or that incomplete personal data be completed.
- RIGHT TO ERASURE / RIGHT TO BE FORGOTTEN: Your right to be forgotten allows your personal data to be erased when: (i) the data is no longer necessary for the purposes for which it was collected; (ii) you decide to withdraw your consent; (iii) you object to the Processing; (iv) your data has been subject to unlawful Processing; (v) your data must be erased to comply with a legal obligation; (vi) erasure is mandatory to guarantee compliance with applicable legislation.
- RIGHT TO RESTRICTION OF PROCESSING: You may request to restrict Processing when: (i) you contest the accuracy of your data; (ii) Synotis no longer needs your data for processing purposes; (iii) you have objected to the Processing for legitimate reasons.
- RIGHT TO DATA PORTABILITY: Where applicable, you may request the portability of personal data concerning you that you have communicated to Synotis, in a structured, commonly used format, and have the right to transmit this data to another Controller without hindrance from Synotis, when: a) the Processing is based on your consent or an existing contractual relationship; and b) the Processing is carried out by automated means. You also have the right to have your personal data transmitted directly to a third party of your choice (where technically feasible).
- RIGHT TO OBJECT: You have the right to object (right of "withdrawal") to the Processing of your personal data (notably to profiling or commercial communications). When we Process your personal data based on your consent, you may withdraw your consent at any time.
- RIGHT NOT TO BE SUBJECT TO AUTOMATED DECISIONS: You have the right not to be subject to a decision based exclusively on automated processing, including profiling, producing legal effects concerning you or significantly affecting you in a similar way.
- RIGHT TO ISSUE ADVANCE DIRECTIVES ON THE PROCESSING OF YOUR PERSONAL DATA AFTER YOUR DEATH: In application of the French Data Protection Act, you may also define directives on the exercise of your rights provided for in this section after your death (notably regarding their retention, deletion, and/or communication) as well as designate a person responsible for exercising these rights.
- RIGHT TO LODGE A COMPLAINT WITH THE COMPETENT SUPERVISORY AUTHORITY: You may decide to lodge a complaint with the French Supervisory Authority (the "CNIL", www.cnil.fr).
If you do not wish to receive emails or other correspondence from us, please notify us via the unsubscribe link at the bottom of emails.
You can exercise your rights at any time or contact us for any complaint regarding the protection of your Personal Data at the following email address: dpo@smile.fr or by sending a letter to: Smile, DPO, 163 Quai du Docteur Dervaux, CS 60059, 92600 Asnières-sur-Seine
Update of our Personal Data Protection Policy
We may update or modify this policy as needed, particularly to take into account any legal developments. Please consult this page periodically to track changes.
How to contact the Data Protection Officer (DPO) appointed by Synotis?
You can contact the DPO at this address: dpo@smile.fr or send a letter to: Smile, DPO, CS 60059, 163 Quai du Docteur Dervaux, 92665 Asnières-sur-Seine Cedex