Data Policy

Last updated: January 2025

This Data Policy outlines how Syntheris handles, processes, and protects data in our AI and analytics services. We are committed to maintaining the highest standards of data governance and security.

Data Collection Principles

Purpose Limitation

We collect and process data only for specific, explicit, and legitimate purposes related to our AI and data science services. Data is not used for purposes incompatible with the original collection purpose.

Data Minimization

We collect only the minimum amount of data necessary to achieve the specified purposes. Our data collection practices are regularly reviewed to ensure relevance and necessity.

Accuracy and Quality

We maintain data accuracy through validation processes and regular updates. Inaccurate or outdated data is corrected or deleted promptly.

Data Processing Activities

AI Model Development

When developing AI models for clients, we:

  • Use anonymized and pseudonymized data where possible
  • Implement differential privacy techniques
  • Ensure data is used only for the agreed-upon model training
  • Delete training data according to retention policies

Analytics and Insights

Our analytics services involve:

  • Aggregated data analysis to identify trends and patterns
  • Statistical modeling and predictive analytics
  • Data visualization and reporting
  • Performance monitoring and optimization

Data Security Measures

Technical Safeguards

  • End-to-end encryption
  • Secure data transmission protocols
  • Access controls and authentication
  • Regular security audits
  • Backup and disaster recovery

Organizational Measures

  • Data protection training
  • Clear data handling procedures
  • Regular compliance assessments
  • Incident response protocols
  • Vendor security requirements

Data Retention and Deletion

We retain data only for as long as necessary to fulfill the purposes for which it was collected:

  • Client project data: Retained for the duration of the project plus 2 years for support purposes
  • Contact information: Retained until you request deletion or withdraw consent
  • Analytics data: Aggregated data may be retained indefinitely for research purposes
  • Legal compliance: Some data may be retained longer to meet legal obligations

International Data Transfers

When transferring data internationally, we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions by relevant authorities
  • Binding Corporate Rules where applicable
  • Additional safeguards for sensitive data

Client Data Rights

As our client, you have specific rights regarding your data:

Data Ownership

You retain ownership of your data. We process it only as authorized by our agreements.

Data Portability

You can request your data in a structured, machine-readable format.

Processing Transparency

We provide clear information about how your data is processed and used.

Data Deletion

You can request deletion of your data when it's no longer needed.

Compliance and Governance

Our data practices comply with relevant regulations including:

  • General Data Protection Regulation (GDPR)
  • Belgian Data Protection Act
  • Spanish Data Protection Act (LOPDGDD)
  • Industry-specific regulations as applicable

Data Protection Questions?

Our data protection team is available to address your concerns and ensure compliance.

Contact Data Protection OfficerGeneral Contact