First Implemented: October 2014
Last Updated: September 18, 2020
Protecting your privacy is important to Symphony Communication Services, LLC and its wholly owned subsidiaries, Symphony Communication Services UK Ltd., Symphony Communication Services Sweden AB, Symphony Communication Services France SAS, Symphony Communication Services Singapore Pte. Ltd., Symphony Communication Services Hong Kong Limited and Symphony Communication Services Japan GK (collectively, “Symphony”, “us”, “our” or “we”).
Our primary goals in collecting and using information are to provide and improve our Services, to administer your use of the Services (including your Account, as defined below), to respond to your comments and questions, to use your email address or other contact information to send you information related to the Services and to enable you to enjoy and easily navigate our Services. Symphony has implemented and will maintain reasonable security controls to protect the confidentiality, integrity and availability of the personal data that Symphony processes.
Visitors. If you are a Visitor, Symphony will collect the following information about you:
Direct Users and Authorized Users. If you are a Direct User or an Authorized User, we will collect and use the following information about you in connection with your use of the Services:
Please note that if you decide not to provide us with the personal data that we or the Services request, you will not be able to access or use certain features of the Services.
Retention of Personal Data.
Information Shared with Our Service Providers. We engage certain service providers to work with us to administer and provide a portion of the Services. Such service providers include, but are not limited to:
These service providers have access to and use personal data only for the purpose of performing services on our behalf, and in compliance with applicable laws and regulations (including, without limitation, the CAN-SPAM Act of 2003, the EU General Data Protection Regulation (“GDPR”) and the Privacy Shield (as defined below), as applicable). Such performance can include the processing of personal data, provided that no such service provider has access to your unencrypted Posted Data.
Such service providers will be required to maintain the confidentiality of all personal data that they process on our behalf and to implement and maintain reasonable security controls to protect the confidentiality, integrity and availability of such personal data. For Authorized Users, Symphony will comply with the terms and conditions of the MSA in effect between Symphony and your Company (who is the data controller of your personal data) in connection with any such onward transfer of your personal data. Any such service provider to whom Symphony transfers personal data for processing on behalf of Symphony is also required to only employ staff who have committed themselves to confidentiality or are under a statutory obligation of confidentiality with respect to your personal data. Symphony could remain legally accountable for the protection of your personal data that we transfer to our service providers.
Aggregated and De-identified Information Shared with Third Parties. We could collect and share aggregated and de-identified information with third parties for industry research and analysis, demographic profiling and other similar purposes, and for third-party programs to access the Services in a manner that extends the Symphony user experience and helps us operate and improve the Services.
Information Disclosed in Connection with Business Transactions. Information that we collect from our Users, including personal data, is considered to be a business asset. Thus, if we are acquired by a third party as a result of a transaction such as a merger, acquisition or asset sale or if our assets are acquired by a third party in the event we go out of business or enter bankruptcy, some or all of our assets, including your personal data, will be disclosed or transferred to a third-party acquirer in connection with the transaction. The disclosure and transfer of any of your personal data to such third-party acquirer will be done in compliance with applicable law and regulation (including but not limited to the GDPR and Privacy Shield, as the case may be), and only as necessary in order to enable Symphony or the relevant acquiror to continue to perform services to you or your Company.
Information Disclosed for Our Protection and the Protection of Others. We cooperate with government and law enforcement officials or private parties to enforce and comply with the law. In certain circumstances, we will disclose any of your personal data to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate: (i) to respond to claims, legal process (including subpoenas), law enforcement requests and national security requests; (ii) to protect our rights and safety and the rights and safety of a third party or the public in general; and (iii) to stop any activity that we consider illegal, unethical or legally actionable activity. In the event of such disclosure or transfer of your personal data to public authorities, there is a chance that Symphony will not be able to require such public authorities to implement and maintain reasonable security controls to protect the confidentiality, integrity and availability of your personal data.
Information Shared with Other Users. For Direct Users and Authorized Users, the information that is listed in your user profile, including, but not limited to, your profile photo, your organization and your name (collectively “Profile Data”), will be published and viewable by other Users in the Symphony directory of Users so that other Users can find you using the “Search” feature in the Symphony Services. For Authorized Users, the content of your Profile Data and its publication in the Symphony directory of Users will be controlled by your Company.
As our Users and Services operate globally, we may need to transfer personal data outside of your country of residence in order to provide the Services, and therefore your personal data may be transferred to and processed in countries that may not be deemed to provide the same level of data protection as the country in which you reside. When we transfer personal data from the European Economic Area (EEA), the UK, or Switzerland to other countries, we make sure that such personal data is sent with appropriate safeguards, including the following:
The Federal Trade Commission, the relevant EU data protection authorities, the UK Information Commissioner’s Office, and the Swiss Federal Data Protection and Information Commissioner (as the case may be) have jurisdiction to investigate and enforce any issues relating to compliance with or certification to the Privacy Shield. Symphony will cooperate and comply with the dispute resolution panel established by the relevant EU data protection authorities, UK Information Commissioner’s Office, and the Swiss Federal Data Protection and Information Commissioner (as the case may be) in addition to the VeraSafe Dispute Resolution Procedure outlined in Section 7 below.
If you are a User located in the EU or the UK, then depending on whether you are an Authorized User, a Visitor, or a Direct User, we will offer you certain choices regarding the collection, use and sharing of your personal data.
Authorized Users. If you are an Authorized User, the personal data associated with your Account and your Profile Data is managed by your Company’s administrator. Symphony can only act on the instructions of your Company, so you must contact them directly to exercise any rights over your personal data.
Visitors and Direct Users. If you are a Visitor or a Direct User, you have specific rights over the personal data that Symphony controls which you can exercise in specific circumstances, such as:
Please contact us at firstname.lastname@example.org with such requests. We will respond to your request as soon as we reasonably can and we will attempt to respond to all requests within 30 days of verifying your identity.
If you are a Visitor or Direct User located in Switzerland, then we will:
You may exercise your Choice rights by contacting email@example.com.
If you are a California resident, please refer to our Supplemental Privacy Notice for California Residents.
Symphony Communication Services, LLC
1117 S. California Avenue
Palo Alto, CA 94304
Attn: General Counsel
For the purposes of EU data protection laws, our representative in the EU is Symphony Communication Services Sweden AB, registered at c/o Head Office, Grev Turegatan 3 (Trapphus D, vån 6), SE-114 6 Stockholm, Sweden with the contact email address firstname.lastname@example.org.
Complaints and Data Requests Under the Privacy Shield. You can at any time submit a complaint, personal data access request or communicate any other issues arising under the Privacy Shield with respect to your use of the Services or Symphony’s processing of your personal data to Symphony’s General Counsel at email@example.com, or by courier to:
Symphony Communication Services, LLC
1117 S. California Avenue
Palo Alto, CA 94304
Attn: General Counsel
Our London-based Office Manager, a representative of our UK subsidiary, Symphony Communication Services UK Ltd., can also be used as a point of contact for Europe-based and UK-based Users. The address of our UK office is:
Symphony Communication Services UK Ltd.
7 Harp Lane
London EC3R 6DP
Further, our Head of Sales – APAC, a representative of our Hong Kong subsidiary, Symphony Communication Services Hong Kong Ltd., can also be used as a point of contact for Asia-based Users. The address of our Hong Kong office is:
Symphony Communication Services Hong Kong Ltd.
Spaces 4/F – 6/F
Lee Garden 3
1 Sunning Road
Symphony will respond promptly to any such complaints or inquiries, within one month from the date on which we receive such complaint or inquiry and have verified your identity. This is without prejudice to your right to launch a complaint with the data protection authority in the UK or in the EEA country in which you live or work.
If a privacy complaint or dispute cannot be resolved through Symphony’s internal process, Symphony has agreed to participate in the VeraSafe Dispute Resolution Procedure. Subject to the terms of the VeraSafe Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Dispute Resolution Procedure, please submit the required information here: https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/.
In addition, under certain conditions, you could be entitled to invoke binding arbitration to resolve a complaint or dispute arising under the Privacy Shield.
Our Policy Toward Children
You must be at least 18 years of age to use the Services. Our Services are not directed to individuals under 18 and we do not knowingly collect personal data from individuals under 18. If we learn that we have collected personal data of an individual under 18, we will take steps to delete such information from our files.
(see Section 1 for further information)
Please note that this table applies only to Visitors and Direct Users located in the EU and the UK where Symphony is acting as the data controller. If you are an Authorized User, please contact your Company for information about its legal basis for processing your data.
Other Information (as defined above)
Information collected using cookies and other web technologies
Information Sent by your Device