Privacy Policy
SynbasePublication date:
Last updated:
This Privacy Policy describes how Synbase OÜ (a company incorporated under Estonian law with registry code 14011154 and registered address at Tiigi tn 61b, Tartu 50410, Estonia; hereinafter “Synbase”, “us” or “we”) processes personal data on the Synbase web portal (hereinafter “Web Portal”) accessible via website www.synbase.eu, Synbase application or integrated software solution. The controller of personal data is Synbase OÜ. You can contact us by e-mail at synbase@synbase.eu.
Synbase complies with the provisions of General Data Processing Regulation (EU) 2016/679 and the Estonian Personal Data Protection Act with regard to the processing of personal data. This Privacy Policy contains important information about your privacy rights, so please read the Privacy Policy carefully.
1. PERSONAL DATA WE COLLECT AND HOW WE USE IT
In this Privacy Policy, “personal data” is defined as any information relating to an identified or identifiable natural person. Normally, we collect personal data when a user registers to use the Services (as defined in the Synbase Terms of Use) and when the user interacts with the Web Portal, the Synbase application or integrated software solutions.
1.1. Registration and use of services
When you sign up through the Web Portal to use the Services, we will collect personal data as necessary to provide the Services you request.
For this purpose, we process the following personal data:
- General identification information (such as name, surname, e-mail, phone number)
- Authentication data;
- Data relating to your profession (such as your employer, your position, your health care service provider number, etc);
- Data relating to your use of the Web Portal and other Services.
We collect these data directly from you and via authentication service providers.
Legal basis to collect the data about personal information is performance of a contract to or in order to take steps at your request prior to entering into a contract between us as well as to provide our services.
1.2. Transaction information
When you purchase the Services, we collect information about your payments and transactions, as well as other information associated with the transaction such as used payment method, the Services purchased, the amounts paid, etc.
Legal basis to collect the data about transaction information is to execute a contract between you and us as well as to provide our services. We also process this personal data to fulfil our obligations under applicable laws, such as accounting and tax laws.
1.3. Data about your use of Services
We process data on the use of various Synbase Services (e.g. statistical information about the use of the Web Portal and other Synbase solutions) in order to improve the Services and the user experience. Legal basis to collect that data is necessity to perform our service to provide you with the Services and our legitimate interest to improve them.
1.4. Inquiries and answers
When you contact us with an enquiry via the Web Portal, our application, integrated software solution and/or via other means (e.g. by phone or e-mail), we will process your contact details and content of your message to respond to your enquiry.
Legal basis to collect this data is our legitimate interest to respond to enquiries about us and our services.
1.5. Direct marketing
Synbase may send you newsletters, offers and other marketing materials regarding the Synbase services, if you have not objected to receiving such marketing materials. We only send you news and marketing materials that relate to similar services that you have already ordered from us. Legal basis to provide you with direct marketing material is our legitimate interest to advertise and grow the sales of Synbase and to provide you with relevant information about the available Synbase services. You may object to receiving such marketing materials at the time of signing up to Synbase and subsequently every time that marketing is sent to you. You can also change your marketing preferences at any time under your Synbase profile.
1.6. Cookies
What are cookies?
A cookie is a small data file that Synbase may write to your device when you use our Services. A cookie enables Synbase to remember your actions and preferences over a period, so you don’t have to keep re-entering them whenever you come back to the site or browse from one page to another.
What cookies do we use?
Synbase uses cookies to collect your IP address and browsing information, such as the websites you have visited or time you have spent on each page and allow Synbase to remember your system and preferences.
Other cookies allow us to track Synbase traffic and users’ interaction with the Services – we use these data to analyse visitors’ behaviour and to improve the visitors’ experience.
Cookies allow us to:
- give you a better user experience when you use the Services;
- allow you to set personal preferences;
- create statistical information about the use of the Services;
- and to measure the effectiveness of advertising.
We use the following categories of cookies:
Functional cookies
These cookies are essential in order to enable you to move around Synbase solutions and use their features. For example, functional cookies are used to remember your login information.
Performance Cookies
These cookies collect anonymous statistical information on how people use the Services. For example, performance cookies may help us understand how users browse or use the Services and highlight areas that are used the most.
Targeted advertising cookies
These cookies collect information about your browsing habits. They are used to make advertising more relevant to you and your interests. The cookies are usually placed by third party advertising networks to create information about your interests through your online behaviour.
How long are cookies retained on my device?
The storage time for cookies on your device is divided into two categories.
Session cookies
Session cookies are set per session, meaning that they last until you close your browser. Session cookies are not stored on the hard drive of your device.
Persistent cookies
Persistent cookies are stored on your hard drive until you delete them or they reach their expiry date. We will not store cookie information from persistent cookies for longer than a maximum of 2 years.
Cookies are placed on your device only if you provide your consent, unless cookies are required for strictly technical functioning of the Services. However, note that if you do not consent to the use of cookies, certain functions of the Services may not function properly or may not function at all.
Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control.
How to control cookies?
You can control and/or delete cookies as you wish – for details, see www.youronlinechoices.com. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.
1.7. Patient information
Synbase offers an integrated clinical decision support platform. Synbase receives only anonymised health data of patients, i.e. the health information is transferred to Synbase systems without the patient’s identifiers (such as name or identity code). This means that Synbase is not able to identify the patients whose health data is processed by the healthcare professionals using the Synbase solutions. Accordingly, these anonymised data are not personal data within the meaning of the GDPR. There may be instances where the patient could be identified because their health data is extremely unique, but these cases are occasional and very rare. Synbase does not monitor the patient information processed and has taken measures to keep the data strictly confidential.
2. RECIPIENTS OF YOUR PERSONAL DATA
We put our best efforts to keep your data safe and always require the high level of security and confidentiality from our employees and partners.
We may share your personal data with our trusted services providers when they provide services to us (e.g. IT service providers, accounting service providers) or to you on behalf of us and under our instructions. We will control and shall remain responsible for the use of your personal data at all times.
Statistical browsing data may be accessible to our partners, who provide us with tools for analytics.
Your personal data may be disclosed to public authorities if we are required to disclose personal data by law or to comply with a lawful request of authorities.
As a rule, we do not transfer personal data outside of the European Economic Area. If we do so, we take all measures to ensure that transfers outside the European Economic Area are adequately protected as required by applicable law. With respect to transfers to countries not providing an adequate level of data protection, Synbase bases the transfer on appropriate safeguards, such as standard data protection clauses adopted by the European Commission.
3. HOW LONG WE KEEP YOUR DATA
Synbase processes your personal data during the provision of Services and retains the personal data as long as necessary for the specific purpose for which the data was collected, including to comply with legal requirements applicable to Synbase.
We may be required to retain certain personal data to comply with applicable legislation, such as laws regarding accounting and bookkeeping. Synbase will delete or anonymize your personal data when processing is no longer necessary for intended purposes.
In some cases, personal data may be stored for a longer period if storage of personal data is required in order to protect our or any third parties’ legitimate interests, e.g. in case of a legal dispute.
4. UPDATES
From time to time, we will update this Privacy Policy. Any changes will become effective when we post the revised Privacy Policy on the Web Portal. In case of any material updates, we will notify you via the e-mail that you provided during your registration. This Privacy Policy was last updated as of the “Last Updated” date shown above.
5. YOUR RIGHTS
By contacting us at you may exercise your rights as the data subject, including the following:
- The right to request access to your personal data. You may access, correct, update, change or remove your personal data at any time. However, please note that certain information is strictly necessary in order to fulfil the purposes defined in this Privacy Policy and may also be required by law. Thus, you may not remove such personal data;
- The right to request rectification of your personal data;
- The right to request erasure of your personal data. If personal data is erased under your request, we will only retain such copies of the information as are necessary for us to protect our or third parties’ legitimate interests, comply with governmental orders, resolve disputes, troubleshoot problems, or enforce any agreement you have entered into with us.;
- The right to withdraw consent regarding processing of personal data;
- The right to data portability.
- In some cases you may have a right to request restriction of processing of your personal data or to object to processing of your personal data.
If you think there is a problem with the way we are handling your personal data, you have a right to file in a complaint to your national data protection authority in the EU/EEA, or seek judicial remedy. In Estonia, the competent supervisory authority is the Estonian Data Protection Inspectorate. You can find contact details of the Estonian Data Protection Inspectorate here: www.aki.ee.