Protecting your privacy is important to Synapse Research Institute (SRI) and your data is there for treated with care. In this privacy statement we explain you how we handle your personal data.
SRI is the controller of your personal data. This policy is directed to website visitors, symposium attendees, newsletter subscribers, customers and suppliers.
If you have a query about this privacy statement or you want to know more about how we handle personal data, or if you have a complaint, please contact:
Synapse Research Institute
Koningin Emmaplein 7
6217 KD Maastricht
2. What personal data is being processed?
SRI always has a purpose for processes personal data, and we do not process more data than is necessary for that purpose. A general overview of these various purposes can be found further on in this privacy statement. Your personal data is received directly from you or from a third party that is authorized or required to share this personal data with us.
An overview of the categories of (special) personal data that we may process is set out below:
|Category||What information may be collected|
|Name and address details||First name, last name, title, (mobile) phone number, company, company address, personal address|
|Location data||Logging data, IP address, browser, cookies|
|Photos and video images||Visual materials, promotional materials|
3. Purposes of collection of Personal Data
With regard to the data subjects described in the scope of this statement, SRI processes personal data for the following purposes:
• educational activities (organizing online or offline symposia)
• customer relationship management
• sending newsletters
• monitoring website visitors
3.2 Educational activities like organization of online or offline symposia. De obtained data is used for administrative purposes, related to attendees and speakers of those activities. Also, we may record and broadcast lectures given by the speakers.
3.3 Customer relationship management
3.4 SRI also sends out newsletters. If you subscribe to such a newsletter, be either subscribing for a symposium or the newsletter directly, you will receive it at the email address you have specified. You can always unsubscribe in the newsletters themselves. In order to be able to measure the efficiency and relevance of our newsletters, statistics are kept on the interaction between the recipients and the information sent.
3.6 Our cookies statements vary per website.
4.2 Cookies are small text files that are placed on your computer, mobile phone or tablet when you consult pages on our website(s).
4.3 A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
4.4 Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
4.5 Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
4.8 Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version.
4.9 Blocking all cookies will have a negative impact upon the usability of many websites.
4.10 If you block cookies, you may not be able to use all the features on our website.
5. Lawful basis for the processing of personal data
Whenever we process your personal data, it should have a lawful ground for processing. With regard to the data subjects described in the scope of this statement, their data is processed based on legitimate interest or consent.
Those legal ground for processing are used, when monitoring and improving our website and services, for proper administration of our website and business, and communication with symposium attendees, newsletter readers and other contacts in the field.
6. Retention periods
We do not keep your personal data for longer than is necessary to achieve the purpose of processing. We have defined a retention period for each type of processing.
If you would like to know the retention period for a specific type of processing, please contact SRI via firstname.lastname@example.org.
We may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
7. Data subject rights
You may exercise any of your rights in relation to your personal data by written notice to email@example.com.
|Data subject’s right||Explained|
|the right to access||You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.|
|the right to rectification||You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.|
|the right to erasure||In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.|
|the right to restrict processing||In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.|
|the right to object to processing||You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.|
|the right to data portability||To the extent that the legal basis for our processing of your personal data is:
(a) consent; or
(b) that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
|the right to complain to a supervisory authority||If you consider that our processing of your personal information
infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
|the right to withdraw consent||To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.|
8. Recipients of personal data
SRI shares data only with third parties where this is necessary for the performance of its tasks, e.g., suppliers of software that is used to process personal data or other service providers that need personal data to provide their services.
When Synapse contracts those processors for services involving the processing of personal data on our behalf, only processors providing sufficient technical and organizational measures are be chosen.
SRI has ‘data processing agreements’ (DPAs) with these parties that set out the processing and security of personal data e.g., the duration of the processing, the nature and purpose of the processing, the type of and categories of the data subjects, the obligations and rights of the controller/processor and the appropriate technical and organizational security measures that must be in place.
9. International processing
Transfer of personal data to a processor established outside the EEA is prohibited, except when specific conditions are fulfilled and the data is transferred to a processor that is established in a country with an adequate level of protection (deemed by the European Commission).