The European Union has taken steps in protecting the fundamental right to privacy for every EU resident with the General Data Protection Regulation (GDPR) which will be effective from May 25, 2018. EU residents will now have greater say over what, how, why, where, and when their personal data is used, processed, or disposed.
This rule clarifies how the EU personal data laws apply even beyond the borders of the EU. Any organisation that works with EU residents' personal data in any manner, irrespective of location, has obligations to protect the data.
SynergySuite Software provides Software as a Service (SaaS) to the hospitality industry. SynergySuite follows the GDPR steps to ensure full compliance with the Data Protection Regulation.
SynergySuite provides a processing platform for data to be entered by a user. No data is held for reasons beyond the scope of client’s own use. The client owns full responsibility for the accuracy of the data entered. The data is entered by the client or by SynergySuite at the request of the client, however ownership and management lies with the client. In this view SynergySuite is deemed a Data Processor and not a Data Controller, as such tools are provided to ensure the client is capable of completing any request deemed appropriate under GDPR.
As according to Article 17 section 2 and 3, SynergySuite shall only act on the client's instructions and that personal data we process is stored securely. In the event SynergySuite believes the clients instructions conflict with the requirements of the GDPR or other EU or Member State laws, under Article 28 section 3 the data protection office will inform the client immediately.
SynergySuite will contact your assigned DPO contact, in the event SynergySuite requires to publish any updates, or changes in relation to GDPR or data production. In the event of a data breach SynergySuite has specific steps in relation to notification, or communication. This is detailed further in this document.