Data Protection Notice

This Data Protection Notice governs the processing of your personal data by SYNYO GmbH (hereinafter: “we”, “us”, “our”) as part of your visit to our platform (hereinafter: “PLATFORM”), your communication with us and your participation to our (online) research studies.


The data in the PLATFORM are processed and controlled by SYNYO GmbH. SYNYO GmbH is registered at the address Otto-Bauer-Gasse 5/14, 1060 Vienna (Austria), with VAT number ATU67376635, telephone number +43 1 9962011 and email address [email protected].
For any inquiries you can contact us via e-mail at [email protected].
Where we refer to certain laws or regulations, such reference shall also include any change, replacement or annulment of said laws and regulations, including any related executive decisions.
We might have to modify, change or amend this Data Protection Notice. We can do this from time to time and at our own discretion. You can always consult the last version of this Data Protection Notice on our website.


When you use our website, we collect:
  • Technical information associated with the device you use, such as your IP-address, browser type, geographical location and operating system;
  • Information concerning your browsing behaviour, such as how long you visit, what links you click on, what pages you visit and how many times you visit a page.
When you fill out a contact form on our website, register for our newsletter or contact us in another way, we collect:
  • Basic identity information you provide to us (such as your name, the company you work for, your job title, your e-mail address and phone number);
  • The content of your communication and the technical details of the communication itself (with whom you correspond at our end, date, time, etc.);
  • Your choice to receive our newsletter;
  • Any other personal data you choose to provide to us.
We receive all personal data mentioned above directly from you. It may happen that we receive additional information about your surfing behaviour from partners such as Google. If you require more information about the personal data these parties process about you and make available to others, you are kindly requested to consult their respective privacy policies.


We process your personal data to provide you in a personalised and efficient way the information, products and services you request.
We process your personal data to conduct our research studies and to develop new market related opportunities.
We process your personal data for our internal administration and our marketing purposes, i.e. to provide you with updates and market opportunities (such as reports, products and services).
We process your personal data to comply with legal obligations or to comply with any reasonable request from competent law enforcement agents or representatives, judicial authorities, governmental agencies or bodies, including competent data protection authorities. Your personal data may be transferred upon our own initiative to the police or to judicial authorities as evidence or if there are justified suspicions of an unlawful act or crime committed by you through your use of our website or services.
We process your personal data to perform statistical analyses so that we may improve our website, trainings and studies.
We process your personal data for the preservation of our legitimate interests or the legitimate interests of our partners or any third party, if your use of our website, products and services can be considered (a) a violation of any applicable terms of use or the intellectual property rights or any other right of a third party, (b) a threat to the security or integrity of our portal, (c) a danger to our portal or any of our or our subcontractors’ underlying systems due to viruses, Trojan horses, spyware, malware or any other form of malicious code, or (d) in any way hateful, obscene, discriminating, racist slanderous, spiteful, hurtful or in some other way inappropriate or illegal.


The processing of your personal data for the purposes outlined in Article 3.1, Article 3.2 and Article 3.3 is based on your consent.
For the purpose mentioned in Article 3.4, the processing of your personal data is necessary for a legal obligation that we must comply with.
For the purposes mentioned in Article 3.5 and Article 3.6 the processing of your personal data is necessary for purposes of our legitimate interests, such as:
  • Continuous improvements of our website, e.g. activities related to research, development to ensure that you have the best user-experience possible;
  • Keeping our website, products and services safe from misuse and illegal activity;
  • Efficient administration of the PLATFORM;


We rely on third-party processors who process your personal data on our behalf in order to provide you with our products and services and to improve them. These third-party processors are only allowed to process your personal data on our behalf and upon our explicit written instructions.
We warrant that all third-party processors are selected with due care and are obliged to observe the safety and integrity of your personal data.
We do not send your personal data in an identifiable manner to any third party without your explicit permission to do so other than the ones mentioned in Article 5.1.


We process your personal data within the European Economic Area (EEA). However, in order to process your personal data for the purposes outlined in Article 3 above, we may also transfer your personal data to third parties who process on our behalf outside the EEA.
Each such partner outside the EEA that processes your personal data will be bound to observe adequate safeguards with regard to the processing of your personal data. Such safeguards will be the consequence of:
  • The recipient country having legislation in place which may be considered equivalent to the protection offered within the EEA


We do our utmost to process only those personal data that are necessary to achieve the purposes mentioned in Article 3 above.
Your personal data are only processed for as long as needed to achieve the purposes mentioned in Article 3 above or up until such time where you withdraw your consent for processing them. We will de-identify your personal data when they are no longer necessary for the purposes outlined in Article 3 above, unless there is:
  • An overriding interest of us or of any other third party in keeping your personal data identifiable,
  • A legal or regulatory obligation or a judicial or administrative order that prevent us from de-identifying them.
We take appropriate technical and organisational measures to keep your personal data safe from unauthorised access or theft as well as accidental loss tampering or destruction. Access by our personnel or our third-party processors will only be on a need-to-know basis and be subject to strict confidentiality obligations. You understand, however, that safety and security are best efforts obligations which can never be guaranteed.
If you are registered to receive our newsletter via e-mail, you can opt-out from this by following the opt-out link provided in the newsletter or by sending us an e-mail with your request at [email protected].


You have the right to request access to all personal data processed by us pertaining to you. We reserve the right to charge an administrative fee for multiple subsequent requests for access that are clearly submitted for causing nuisance or harm to us. Each request will specify for which processing activity you wish to exercise your right to access and will specify to which data categories you wish to gain access to.
You have the right to ask that any personal data pertaining to you that is inaccurate, is corrected free of charge. If you submit a request for correction, your request needs to be accompanied of proof of the flawed nature of the data for which correction is asked.
You have the right to withdraw your earlier given consent for processing of your personal data.
You have the right to request that personal data pertaining to you is deleted if the data is no longer required in the light of the purposes outlined in Article 3 above or if you withdraw your consent for processing them. However, you need to keep in mind that we will evaluate a request for deletion against:
  • Our overriding interests or the overriding interests of any other third party, and
  • Legal or regulatory obligations or administrative or judicial orders which may contradict such deletion.
Instead of deletion you can also ask that we limit the processing of your personal data if (a) you contest the accuracy of the data, (b) the processing is illegitimate, or (c) the data is no longer needed for the purposes listed under Article 3 above.
You have the right to oppose the processing of personal data if you are able to prove that there are justified reasons connected with these particular circumstances that warrant such opposition. However, if the intended processing qualifies as direct marketing, you have the right to oppose such processing free of charge and without justification.
You have the right to receive from us in a structured, commonly-used and machine-readable format all personal data you have provided to us.
If you wish to submit a request to exercise one or more of the rights listed above, you can contact us by e-mail at [email protected].
A request to exercise a right will not be construed as consent with the processing of your personal data beyond what is required for handling your request. Such request should clearly state which right you wish to exercise and the reasons for it if such is required. It should also be dated and signed and accompanied by a digitally scanned copy of your valid identity card proving your identity.
We will promptly inform you of having received this request. If the request proves valid, we shall honour it as soon as reasonably possible and at the latest thirty (30) days after having received the request.
If you have any questions or complaints regarding how we process your personal data, please feel free to contact us by e-mail at [email protected]. You also have the right to file a complaint with the competent data protection authority.