General part

1. The Terms governs the rights and obligations of the Data controller and Data processor in the processing of personal data (including personal data of special categories).

• EU/EEA legal entity attached Data processing agreement shall be applicable in addition to these Terms;
• non-EU/EEA legal entity DATA PROCESSING AGREEMENT (Standard contractual clauses) Module four shall be applicable in addition to these Terms.

2. In these Terms are described and specified the key provisions with that must be met by the Data controller and Data processor in order to achieve the best possible business relationship and cooperation and to comply with regulation of legal acts.

3. Under the Terms the Data controller undertakes:

• 3.1 to ensure that all personal data (including personal data of special categories) transferred to the Data processor are collected and processed lawfully by Data controller;
• 3.2 to ensure that Data controller processes personal data in Syno systems and platforms lawfully, safely, responsibly and honestly;
• 3.3 to implement the data subject’s rights;
• 3.4 to cooperate with the Data processor;
• 3.5 at the request of the Data processor, assist him in the processing of personal data and answer to any questions;
• 3.6 will not create additional obstacles and interruptions for the Data processor to carry out and implement his functions and obligations;
• 3.7 to implement the appropriate organizational and technical personal data protection measures.

4. The Data processor undertakes:

• 4.1 to select the technical and organizational measures for the protection of personal data in accordance with the nature of the data and the level of risk of processing and to ensure continuous operation;
• 4.2 to ensure that appropriate technical and organizational measures for the protection of personal data are implemented in such a way that the processing of data complies with the requirements of the legislation and ensures the protection of the rights of the data subject;
• 4.3 not to disclosed, transferred or made available personal data to any unauthorized persons;
• 4.4 not to use personal data for other purposes than agreed;
• 4.5 to take measures to prevent accidental or unlawful destruction, alteration, disclosure of personal data, as well as any other unlawful processing;
• 4.6 to inform the Data controller about breaches of personal data security;
• 4.7 to use the Data sub-processors specified in the Special Section of the Terms;
• 4.8 by using the Data sub-processors specified in the Special Section of the Terms, to ensure that all Data sub-processors will perform all obligations of the Data processor;
• 4.9 to provide for the Data controller all necessary information and assistance needed to implement the data subject’s rights under the data subject’s requests;
• 4.10 immediately to notify the Data controller if, in the opinion of the Data processor, the Data controller’s order and / or task violates the provisions of the legal acts.

5. The Data controller and the Data processor ensures:

• 5.1 to comply with General data protection regulation and other international and local legal acts related to protection of personal data and information security;
• 5.2 to guarantee confidentiality during the validity period of the Terms and cooperation between the Data controller and the Data processor, and after the expiration of the cooperation.

6. The Terms are governed by the law of the Republic of Lithuania.

7. If any provision of the Terms contradict the laws of Republic of Lithuania or due to any reason becomes partially or fully invalid, this shall not make other provisions of the Terms invalid, in such case the Data processor and the Data controller agree to change the invalid provision with the legally effective norm, which, as far as possible, would have the same legal and economic result as the changed norm.

8. Any dispute, controversy, disagreement or claim arising out of or in connection to the Terms as well as issues of the breach, termination or validity / invalidity hereof (the “Dispute”) shall be settled by mutual negotiations. If the Dispute is failed to mutually settle within 30 (thirty) calendar days starting from the receipt of one party`s request by the other party, such Dispute shall be settled in the competent court of the Republic of Lithuania.

9. Annex and 2nd (second) part to the Terms – Special part.

Special part

1. Purpose of personal data processing – to use services in the Syno systems and platforms and / or from the Syno systems and platforms (for example, to use polling platform, panel registration platform, perform data analysis, process data, get rewards, etc.).

2. Categories of personal data processed:

• 2.1 Personal data such as e-mail, telephones No., user name, password, name, surname, postal code, date of birth, country, address, gender, bank account details;
• 2.2 Special categories of personal data such as political view, religion view, health, etc.
• 2.3 Non-personal data and meta data such as IP address, the website from which you access our website, http answer code, data and time of access, files names, files type, files sizes, etc.

3. Data subject categories:

• 3.1 Data controller`s staff;
• 3.2 Data controller’s clients and their representatives;
• 3.3 Data subjects (respondents, panellists, websites visitors, etc.);
• 3.4 Other persons.

4. The country in which personal data and information are stored – the Republic of Lithuania.

5. Sub-processors (of the Data processor):

• Amazon (AWS) https://aws.amazon.com (server provider)
• Interneto vizija https://klientams.iv.lt (server provider)
• UAB "Rakrejus" https://www.rackray.com (service provider)
• MongoDB https://www.mongodb.com (service provider)
• Cint https://www.cint.com (service provider)
• Pollfish https://www.pollfish.com (service provider)
• InnovateMR https://www.innovatemr.com (service provider)
• Inbrain https://www.inbrain.com (service provider)
• PureSpectrum https://www.purespectrum.com (service provider)
• Google https://www.google.com (service provider)
• Huuray https://www.huuray.com (service provider)
• Tango cards https://www.tangocard.com (service provider)
• Microsoft https://www.microsoft.com (service provider)
• NeoCurrency https://www.neocurrency.com (service provider)
• Zendesk https://www.zendesk.com (service provider)
• Fixed & Mobile Pte. Ltd https://www.dtone.com/company/about-us (service provider)
• Virtual Incentives https://www.virtualincentives.com (service provider)
• Tremendous https://www.tremendous.com (service provider)
• Paypal https://www.paypal.com (service provider)
• Sendgrid https://sendgrid.com/en-us (service provider)

6. Information about the Data processor`s activities in the field of privacy, applicable security measures, cookies policy, appointed Data protection officers are on:

• 6.1 Privacy policy https://www.synoint.com/privacy-policy
• 6.2 Security policy https://www.synoint.com/security-policy
• 6.3 Cookies policy https://www.synoint.com/cookies-policy
• 6.4 Data protection officers https://www.synoint.com/dpo

Notes *

* At the request of the Client, these Terms can be concluded in writing at the same format with the same provisions. Syno takes the position that after the Client’s confirmation** to use Syno services, these Terms shall enter into force and valid until all commitments and obligations will be fulfilled between the Data controller and the Data processor.

** Client`s confirmation to use Syno services means (at least 1 (one) of these ways):

• the Client receives login data to 1 (one) or more Syno systems and platforms from the Data processor;
• the Client registered in the Syno system and platforms and has been authorized to use the Syno services;
• the Client has agreed to use Syno services by e-mail (e-mail sender from the Data processor side must only be with (…….) @synoint.com) and a copy of such a e-mail is kept);
• the Client has agreed on the use of the Syno services in a written agreement;
• in other cases, when was agreed and evidence of that mutual consent is kept.