M
M
e
e
n
n
u
u
M
M
e
e
n
n
u
u
M
M
e
e
n
n
u
u

Let's Talk. Schedule a short, Free introductory call

Dec 22, 2025

Dec 22, 2025

Privacy policy

1. Controller Identity

SYNTHERIS BV, with registered offices at Vildersweg 6, 2222 Heist-op-den-Berg, Belgium, and
SYNTHERIS ADVISORY SL, with offices at Calle Núñez Balboa 120, 28006 Madrid, Spain
(hereinafter collectively referred to as “Syntheris”, “we”, “us”, or “our”)

takes the protection of personal data extremely seriously and processes personal data in accordance with:

  • Regulation (EU) 2016/679 (General Data Protection Regulation – “GDPR”)

  • Applicable Belgian and Spanish data protection legislation

  • Relevant provisions of the EU Artificial Intelligence Act (“EU AI Act”), where applicable

This Privacy Policy applies to all professional services, consulting engagements, research activities, and AI system deployments (collectively, the “Services”) provided by Syntheris.

2. Nature of Our Services

Syntheris is an enterprise-focused AI and data intelligence advisory firm providing, among others:

  • AI strategy, architecture, and governance consulting

  • Design, development, and deployment of AI and data systems

  • Client-hosted AI model development and integration

  • Research, pilots, and proof-of-concepts

  • Technical due diligence and advisory services

Syntheris does not provide consumer platforms, SaaS access, or public APIs.
All AI systems are deployed within customer-controlled environments, unless explicitly agreed otherwise.

3. Roles Under Data Protection Law

Depending on the engagement:

  • Syntheris acts as a Data Controller for its own business operations (e.g. marketing, HR, contracting).

  • Syntheris acts as a Data Processor when processing personal data on behalf of customers within client-hosted AI systems.

Where Syntheris acts as a processor, processing is governed by a Data Processing Agreement (DPA) agreed with the customer.

4. Categories of Personal Data Processed

4.1 Business and Professional Data

  • Name, surname, title

  • Company name and professional role

  • Email address, phone number

  • Business correspondence

  • Contractual and billing information

4.2 Recruitment and Professional Profiles (where applicable)

  • CVs, education, professional experience

  • Skills, certifications, project history

4.3 Technical and Operational Data

  • System logs and audit trails

  • Security and access logs

  • Deployment and operational metadata

4.4 AI-Related Data

Depending on the engagement, AI systems may process:

  • Structured and unstructured datasets

  • Pseudonymised or identifiable personal data

  • Sensitive personal data, including health or other special categories, only where explicitly agreed and contractually governed

Syntheris processes AI-related data strictly within the scope defined by the customer and does not repurpose such data for unrelated objectives.

5. Purposes of Processing

Personal data is processed for the following purposes:

  • Delivery of consulting, advisory, and technical services

  • Design, validation, and deployment of AI systems

  • Project management and customer communication

  • Security, auditability, and compliance

  • Legal, regulatory, and contractual obligations

  • Business administration and relationship management

6. Legal Bases for Processing

Processing is based on one or more of the following legal grounds:

  • Performance of a contract

  • Legitimate interests (enterprise operations, security, improvement of services)

  • Compliance with legal obligations

  • Explicit consent (where required, especially for sensitive data)

7. AI-Specific Safeguards and EU AI Act Alignment

Syntheris designs and deploys AI systems in line with risk-based principles consistent with the EU AI Act, including:

  • Purpose limitation and data minimisation

  • Human oversight and accountability

  • Technical robustness and accuracy

  • Logging, traceability, and auditability

  • Clear allocation of responsibilities between customer and Syntheris

Syntheris does not deploy autonomous decision-making systems affecting individuals without human oversight, unless explicitly agreed and legally permitted.

Explainability, transparency, and risk mitigation measures may be implemented depending on the system’s intended use and risk classification.

8. Data Sharing and Recipients

Personal data may be shared with:

8.1 Customers

Where necessary for the execution of consulting engagements or AI projects.

8.2 Service Providers

Trusted suppliers providing infrastructure, IT, security, accounting, or professional services, all bound by confidentiality and data protection agreements.

8.3 Legal and Regulatory Authorities

Where required by law or necessary to protect rights and security.

Syntheris does not sell personal data and does not disclose data to third parties for unrelated commercial purposes.

9. International Data Transfers

Where personal data is transferred outside the European Economic Area (EEA), Syntheris ensures appropriate safeguards, including:

  • European Commission adequacy decisions

  • Standard Contractual Clauses (SCCs)

  • Additional technical and organisational protections

10. Data Retention

Personal data is retained only for as long as necessary:

  • Professional and contractual data: up to 5 years, unless legally required otherwise

  • AI project data: as defined by customer agreements

  • Security and audit logs: limited operational retention

11. Security Measures

Syntheris implements appropriate technical and organisational measures, including:

  • Role-based access control

  • Encryption in transit and at rest where applicable

  • Secure development and deployment practices

  • Incident detection and response procedures

12. Your Rights

You have the right to:

  • Access your personal data

  • Rectify inaccurate data

  • Request erasure

  • Restrict processing

  • Object to processing

  • Request data portability

Requests can be submitted to:
📧 privacy@syntheris.com

13. Supervisory Authorities

You may lodge a complaint with:

14. Applicable Law and Jurisdiction

This Privacy Policy is governed by Belgian law.
Any disputes shall fall under the exclusive jurisdiction of the competent courts of Belgium, without prejudice to mandatory statutory rights.

15. Contact

For any questions regarding this Privacy Policy or data protection practices:

Syntheris
📧 privacy@syntheris.com

YOUR FIRST STEP

Let's talk. Book a free call.

Let's Talk

Let's Talk

Our job is to make sure you leave the first call with a clear, actionable plan.

YOUR FIRST STEP

Let's talk. Book a free call.

Let's Talk

Let's Talk

Our job is to make sure you leave the first call with a clear, actionable plan.

YOUR FIRST STEP

Let's talk. Book a free call.

Let's Talk

Let's Talk

Our job is to make sure you leave the first call with a clear, actionable plan.

13

Ready to start?

Get in touch

Whether you have questions or just want to explore options, we’re here.

By submitting, you agree to our Terms and Privacy Policy.

We Are Based in Brussels And Madrid

Hello@SYNTHERIS.com

B
B
a
a
c
c
k
k
 
 
t
t
o
o
 
 
t
t
o
o
p
p
Soft abstract gradient with white light transitioning into purple, blue, and orange hues

13

Ready to start?

Get in touch

Whether you have questions or just want to explore options, we’re here.

By submitting, you agree to our Terms and Privacy Policy.

We Are Based in Brussels And Madrid

Hello@SYNTHERIS.com

B
B
a
a
c
c
k
k
 
 
t
t
o
o
 
 
t
t
o
o
p
p
Soft abstract gradient with white light transitioning into purple, blue, and orange hues

13

Ready to start?

Get in touch

Whether you have questions or just want to explore options, we’re here.

By submitting, you agree to our Terms and Privacy Policy.

We Are Based in Brussels And Madrid

Hello@SYNTHERIS.com

B
B
a
a
c
c
k
k
 
 
t
t
o
o
 
 
t
t
o
o
p
p
Soft abstract gradient with white light transitioning into purple, blue, and orange hues