Privacy Policy

PRIVACY POLICY

  1. General

We at Syte – Visual Conception Ltd. (“Syte”) value your privacy and are committed to take care of your data, and we take this responsibility very seriously. Please take the time to carefully read our Privacy We at Syte – Visual Conception Ltd. (“Syte”) value your privacy and are committed to taking care of your data, and we take this responsibility very seriously. Please take the time to carefully read our Privacy Policy, which explains why we collect your Personal Data and how we process it when you

  • visit our website (see section 3.1)
  • or express an interest in our Products, become a potential client (see section 3.2)
  • are our customer (see section 3.3),
  • are our supplier or partner (see section 3.4),
  • request a demo/download a report (see section 3.5),
  • contact us via the contact form (see section 3.6)
  • apply for a position with us (see section 3.7), or
  • are a data subject using a product of one of our clients where we are the processor (see section 3.8)
ControllerSyte – Visual Conception Ltd. (“Syte”) 20 Haharash street Tel Aviv 6761310 Israel [email protected]
Representative in EUPrighter Group 9 Clare Street Dublin 2 D02 HH30 IRELAND [email protected]
Representative in UKPrighter Ltd 20 Mortlake Mortlake High Street London, SW14 8JN UNITED KINGDOM [email protected]
  • Definitions

Unless otherwise indicated, capitalized terms used in this Privacy Policy are defined in Annex 1. Most of the definitions are derived from the California Consumer Privacy Act of 2018 (CCPA) which you can access from https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180SB1121 and the General Data Protection Regulation (GDPR) which you can access from https://eur-lex.europa.eu/eli/reg/2016/679/oj.

  • How do we process your Personal Data?

We process your data in different ways depending on whether you visit our website or express an interest in our Products, or whether you are our client, supplier, business partner, or job applicant:

We do not sell your data within the meaning of Section 1798.140(t) of the CCPA.

  • Processing of Personal Data relating to visitors of our website

Like many other websites, we use so-called “cookies”. Cookies are small text files that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website. Please find a detailed list of all cookies we use in our Cookie Policy https://www.syte.ai/privacy/cookies/.

IIn our Cookie Policy, we inform you furthermore about the processing of your Personal Data when you visit the website or use our services.

  • Processing of Personal Data relating to potential customers

Purpose and legal basis

When you contact us to inquire about our products, we process the Personal Data you include in such a message, especially a contact form on our website, in emails, or collected during phone calls to answer and process such inquiries in a pre-contractual stadium. Such processing is necessary for Contract Performance to take steps at your request before entering into a contract.

Furthermore, we process your Personal Data provided with an inquiry for Direct Marketing purposes to convert a potential client into an actual client. Such processing is based on a Legitimate Interest. You have the right, at all times, to object to the Processing of your Personal Data for Direct Marketing, without being required to state your reasons, and can do so by sending us a letter or emailing us at [email protected] or by our Privacy [link] https://prighter.com/q/15144429262.
The Processing of your Personal Data for Direct Marketing is not required to conduct our contractual relationship.

Furthermore, we document every call we have via Zoom for documentation purposes after you consent to this processing. You have the right, at all times, to object to the Processing of your Personal Data for Documentation, without being required to state your reasons, and can do so by sending us a letter or emailing us at [email protected] or by our Privacy [link]. The Processing of your Personal Data for Documentation is not required to conduct our contractual relationship.

Personal Data processed

We mainly process the Personal Data you provide us during a precontractual phase.

We collect:

Identifiers (CCPA Category A)

  • Name
  • E-mail address
  • Other Personal Data a Data Subjects includes in a free text field

Biometric data (CCPA Category E)

  • Voice recordings

Professional or employment-related information (CCPA Category I)

  • Position in company

Recipients

To achieve the objectives described above, it may be necessary to disclose your Data to the following Recipients in certain cases. Personal Data may be disclosed by being transferred, disseminated, or provided by other means to:

 RecipientData LocationBasis for transfer to third party country
1Leads IQUSAEU Commission-approved Standard Contractual Clauses (SCC) with supplementary measures for data transfers between EU and non-EU countries.
2Google DriveUSAEU Commission-approved Standard Contractual Clauses (SCC) with supplementary measures for data transfers between EU and non-EU countries.
3Sales ForceUSAEU Commission-approved Standard Contractual Clauses (SCC) with supplementary measures for data transfers between EU and non-EU countries.
4GongUSAEU Commission-approved Standard Contractual Clauses (SCC) with supplementary measures for data transfers between EU and non-EU countries.
5DocuSignUSAEU Commission-approved Standard Contractual Clauses (SCC) with supplementary measures for data transfers between EU and non-EU countries.
6ZoomUSAEU Commission-approved Standard Contractual Clauses (SCC) with supplementary measures for data transfers between EU and non-EU countries.

Retention period

Personal Data collected for purposes related to Contract Performance shall be retained until such contract has been fully performed.

We may be allowed to retain Personal Data for a longer period whenever you have given consent to such processing (e.g. subscription to our newsletter), as long as such consent is not withdrawn. Furthermore, we may be obliged to retain Personal Data for a longer period whenever required to comply with a legal obligation or upon order of an authority.

Summary

PurposeLegal BasisRecipients
SalesPerformance of Contract1-5
Direct MarketingLegitimate Interest3-4
Documentation of callsConsent6
  • Processing of Personal Data relating to clients:

Purpose and legal basis

Your Personal Data as a customer is processed, first and foremost, to provide services related to Syte Products. We may use or process Personal Data in connection with pre-contract activities and discussions with you, and to perform the contractual legal relationship we have with you.
Such processing is based on Contract Performance. We of course also have to process your financial data, for contract purposes.

Besides that, we use your contact information to send you information on our Products as a form of Direct Marketing. Your email address might be added to a contact list of those who may receive email messages containing information of commercial or promotional nature.

The processing activity related to Direct Marketing is based on Legitimate Interest. You have the right, at all times, to object to the Processing of your Personal Data for Direct Marketing, without being required to state your reasons, and can do so by sending us a letter or emailing us at [email protected] or by our Privacy [link]. The Processing of your Personal Data for Direct Marketing is not required to conduct our contractual relationship.

Furthermore, we document every call we have via Zoom or Gong for documentation purposes after you consent to this processing. You have the right, at all times, to object to the Processing of your Personal Data for Documentation, without being required to state your reasons, and can do so by sending us a letter or emailing us at [email protected] or by our Privacy [link]. The Processing of your Personal Data for Documentation is not required to conduct our contractual relationship.

Processed Personal Data

We mainly process the Personal Data you provide us with.

We collect:

Identifiers (CCPA Category A)

  • Name
  • E-mail address and other contact details
  • Position in company

Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) (CCPA Category B)

  • Payment data

Biometric data (CCPA Category E)

  • Voice recordings

Professional or employment-related information (CCPA Category I)

  • Position in company

Recipients

To achieve the objectives described above, it may be necessary to disclose your Personal Data to the following Recipients in certain cases. Personal Data may be disclosed by being transferred, disseminated, or provided by other means to:

 RecipientData LocationBasis for transfer to third party country
7NetSuiteUSAEU Commission-approved Standard Contractual Clauses (SCC) with supplementary measures for data transfers between EU and non-EU countries.
2Google DriveUSAEU Commission-approved Standard Contractual Clauses (SCC) with supplementary measures for data transfers between EU and non-EU countries.
3Sales ForceUSAEU Commission-approved Standard Contractual Clauses (SCC) with supplementary measures for data transfers between EU and non-EU countries.
4GongUSAEU Commission-approved Standard Contractual Clauses (SCC) with supplementary measures for data transfers between EU and non-EU countries.
5DocuSignUSAEU Commission-approved Standard Contractual Clauses (SCC) with supplementary measures for data transfers between EU and non-EU countries.
6ZoomUSAEU Commission-approved Standard Contractual Clauses (SCC) with supplementary measures for data transfers between EU and non-EU countries.

Retention period

All Data are necessary for tax purposes, especially contracts, invoices, and other bookkeeping documents as well as relevant correspondence about the contractual relationship we store to comply with legal obligations.

Summary

PurposeLegal BasisRecipients
Payment, FinancialPerformance of Contract7
Direct MarketingLegitimate Interest3-4
Documentation of callsConsent6
Customer Relationship ManagementPerformance of Contract2-5
  • Processing of Personal Data relating to suppliers and business partners

Purpose and legal basis

Your Personal Data is processed, first and foremost, for the purpose of Contract Performance regarding Syte Products and services. This includes our distribution partners who sell our Products. The purpYour Personal Data is processed, first and foremost, for Contract Performance regarding Syte Products and services. This includes our distribution partners who sell our Products. The purpose of processing your Data is the performance of the contract.

Processed Personal Data

We mainly process the Personal Data you provide us with.

We collect:

Identifiers (CCPA Category A)

  • Name
  • E-mail address and other contact details
  • Position in company

Biometric data (CCPA Category E)

  • Voice recordings

Professional or employment-related information (CCPA Category I)

  • Employment
  • Role and function in the company
  • Business activity

If your company details include a name of an individual, we may be required that you provide us with your Data to enable us to enter into a business relationship with you.

Recipients

To achieve these desired objectives, it may be necessary to disclose your Data to the following Recipients in certain cases. This includes platforms regarding the support of our dealer network to collect dealer contact info and user data for purposes of servicing the account. Personal Data may be disclosed by being transferred, disseminated, or provided by other means to:

 RecipientRegistered Office (Country)Basis for transfer to third party country
2Google DriveUSAEU Commission-approved Standard Contractual Clauses (SCC) with supplementary measures for data transfers between EU and non-EU countries.
3Sales ForceUSAEU Commission-approved Standard Contractual Clauses (SCC) with supplementary measures for data transfers between EU and non-EU countries.
6ZoomUSAEU Commission-approved Standard Contractual Clauses (SCC) with supplementary measures for data transfers between EU and non-EU countries.

Retention period

All Personal data is necessary for tax purposes, especially contracts, invoices, and other bookkeeping documents as well as relevant correspondence about the contractual relationship we store to comply with legal obligations.

Summary

PurposeLegal BasisRecipients
Vendor/partner managementContract Performance2-3
Documentation of callsConsent6
  • Processing of Personal Data relating to demo requests or if you download a report:

Purpose and legal basis

Your Personal Data as a customer is processed, first and foremost, to provide the requested demo or report in a pre-contractual stage. We may use or process Personal Data in connection with pre-contract activities and discussions with you. Such processing activities are based on Contract Performance.

Besides that, we use your contact information to send you information on our Products as a form of Direct Marketing. Your email address might be added to a contact list of those who may receive email messages containing information of commercial or promotional nature.

The processing activity related to Direct Marketing is based on Legitimate Interest. You have the right, at all times, to object to the Processing of your Personal Data for Direct Marketing, without being required to state your reasons, and can do so by sending us a letter or emailing us at [email protected] or by our Privacy [link]. The Processing of your Personal Data for Direct Marketing is not required to conduct our contractual relationship.

Furthermore, we document every call we have via Zoom or Gong for documentation purposes after you consent to this processing. You have the right, at all times, to object to the Processing of your Personal Data for Documentation, without being required to state your reasons, and can do so by sending us a letter or emailing us at [email protected] or by our Privacy [link].
The Processing of your Personal Data for Documentation is not required to conduct our contractual relationship.

Processed Personal Data

We process only the Personal Data you provide us with.

We collect:

Identifiers (CCPA Category A)

  • Name
  • E-mail address and other contact details
  • Telephone number

Biometric data (CCPA Category E)

  • Voice recordings

Professional or employment-related information (CCPA Category I)

  • Employment
  • Role in the company

Recipients

To achieve these desired objectives, it may be necessary to disclose your Data to the following Recipients in certain cases. This includes platforms regarding the support of our dealer network to collect dealer contact info and user data for purposes of servicing the account. Personal Data may be disclosed by being transferred, disseminated, or provided by other means to:

 RecipientRegistered Office (Country)Basis for transfer to third party country
1Leads IQUSAEU Commission-approved Standard Contractual Clauses (SCC)  with supplementary measures for data transfers between EU and non-EU countries.
2Google DriveUSAEU Commission-approved Standard Contractual Clauses (SCC) with supplementary measures for data transfers between EU and non-EU countries.
3Sales ForceUSAEU Commission-approved Standard Contractual Clauses (SCC) with supplementary measures for data transfers between EU and non-EU countries.
4GongUSAEU Commission-approved Standard Contractual Clauses (SCC) with supplementary measures for data transfers between EU and non-EU countries.
5DocuSignUSAEU Commission-approved Standard Contractual Clauses (SCC) with supplementary measures for data transfers between EU and non-EU countries.
6ZoomUSAEU Commission-approved Standard Contractual Clauses (SCC) with supplementary measures for data transfers between EU and non-EU countries.
8Monday.comIsraeln/a
9JIRAAustraliaEU Commission-approved Standard Contractual Clauses (SCC) with supplementary measures for data transfers between EU and non-EU countries.

Retention period

All Personal data is necessary for tax purposes, especially contracts, invoices, and other bookkeeping documents as well as relevant correspondence about the contractual relationship we store to comply with legal obligations.

Summary

PurposeLegal BasisRecipients
SalesPerformance of Contract1-5
Direct MarketingLegitimate Interest3-4
Documentation of callsConsent6
Customer RequestConsent8-9
  • Processing of Personal Data relating to the contact form:

Purpose and legal basis

We process your data to process and answer the request you send to us via the contact form on our website.

Processed Personal Data

We process only the Personal Data you provide us with.

We collect:

Identifiers (CCPA Category A)

  • Name
  • E-mail address and other contact details
  • Telephone number

Professional or employment-related information (CCPA Category I)

  • Employment
  • Role in the company

Recipients

 RecipientRegistered Office (Country)Basis for transfer to third party country
8Monday.comIsraeln/a
9JIRAAustraliaEU Commission-approved Standard Contractual Clauses (SCC) with supplementary measures for data transfers between EU and non-EU countries.

Retention Period

If the data subject consents to their Personal Data being kept on file for future sales and marketing activities, we do not delete such Personal Data.

Summary

PurposeLegal BasisRecipients
Customer RequestConsent8-9
  • Processing of Personal Data relating to applicants:

Purpose and legal basis

We process your Personal Data either

  • to take steps before entering into a contract (conclusion of an employment agreement),
  • based on your explicit consent if we would like to keep your application on file for future consideration,
  • and to fulfill our legal obligations (registering you as an employee in the social security system).

Your Personal Data is processed to complete the application process. If you do not provide us with your Personal Data, we cannot process your application.

Furthermore, we document every call we have via Zoom or Gong for documentation purposes after you consent to this processing. You have the right, at all times, to object to the Processing of your Personal Data for Documentation, without being required to state your reasons, and can do so by sending us a letter or emailing us at [email protected] or by our Privacy [link].
The Processing of your Personal Data for Documentation is not required to conduct our contractual relationship.

Processed Personal Data

We mainly process the Personal Data you provide us with.

We collect:

Identifiers (CCPA Category A)

  • Name
  • E-mail address and other contact details

Biometric data (CCPA Category E)

  • Voice recordings

Professional or employment-related information (CCPA Category I)

  • Employment
  • Role and function in the company
  • Business activity

Recipients

To achieve these desired objectives, it may be necessary to disclose your Data to the following Recipients in certain cases. Personal Data may be disclosed by being transferred, disseminated, or provided by other means.

 RecipientRegistered Office (Country)Basis for transfer to third party country
10ComeetUSAEU Commission-approved Standard Contractual Clauses (SCC) for data transfers between EU and non-EU countries.
11HiBobUSAEU Commission-approved Standard Contractual Clauses (SCC) for data transfers between EU and non-EU countries.
5DocuSignUSAEU Commission-approved Standard Contractual Clauses (SCC) for data transfers between EU and non-EU countries.
6ZoomUSAEU Commission-approved Standard Contractual Clauses (SCC) for data transfers between EU and non-EU countries.

Retention period

With your consent, we keep the Personal Data of applicants for future vacancies. Without consent, we delete the data after the end of the hiring process

Summary

PurposeLegal BasisRecipients
RecruitingContract Performance5, 10-11
Documentation of callsConsent6
  • Processing of Personal Data as a Processor on behalf of Clients:

Processing as a Processor

On behalf of our clients, we process the personal data of their customers. Our clients are predominantly companies operating an e-commerce shop. They integrate our SaaS solution into their offering. For any questions on the processing of your data please also have a look into the privacy policy of our client.

Processed Personal Data

On behalf of our clients we process:

  • IP addresses state location only– used for analytical data
  • UUID Cookie– 1 year or until the application cache has been cleared. Random user ID that is anonymous (UUID). Session ID and UUID are overwritten at the beginning of every new session.  Syte allows its customers to manage the data privacy settings of their users by controlling cookie creation and data collection (UUID & Session). In case we enable this functionality, Syte cookies will not be created, and no forbidding information will be collected.
  • Cookies– Syte also uses Cookies to record your interactions with the Site to optimize the relevancy of recommendations offered. These interactions are stored on our behalf in a pseudonymized user profile that cannot be associated with any specific user:
    • Stimgs– valid throughout the session or until 30mins of inactivity
    • personalisation_session_skus_ls– valid throughout the session or until 30mins of inactivity.
    • syte_ab_tests– keeps serialized data of the current active ab-test if relevant. (Only used for AB)

Biometric data (CCPA Category E)

  • Images uploaded by the data subject – Only when using Syte Camera search services. Image uploads are also anonymized and deleted after 24 hours

Recipients

To achieve these desired objectives, it may be necessary to disclose your Data to the following Recipients in certain cases. Personal Data may be disclosed by being transferred, disseminated, or provided by other means.

 RecipientRegistered Office (Country)Basis for transfer to third party country
10Amazon Web ServicesUSAEU Commission-approved Standard Contractual Clauses (SCC) for data transfers between EU and non-EU countries.
11Microsoft Power BIUSAEU Commission-approved Standard Contractual Clauses (SCC) for data transfers between EU and non-EU countries.
5TableauUSAEU Commission-approved Standard Contractual Clauses (SCC) for data transfers between EU and non-EU countries.
6SnowflakeUSAEU Commission-approved Standard Contractual Clauses (SCC) for data transfers between EU and non-EU countries.

Retention period

The retention period of the Personal Data of our clients’ customers depends on the clients’ retention policy and obligations. Images are deleted in most cases after a few seconds, but the latest after 24 hours.

Summary

PurposeLegal BasisRecipients
Providing the Syte SaaS solutionProcessor1-6
  • Data security

We handle Personal Data only as permitted by data protection regulations. We use a variety of technical and organizational measures to help protect your Data from unauthorized access, disclosure, modification, loss, or destruction by applicable data protection laws.

If we store or process Personal Data, it occurs in a high-security data center. To protect the security of your Personal Data during transfer, we use encryption techniques (e.g., SSL) over HTTPS. Our servers are secured by firewall and virus protection. Back-up and recovery procedures as well as roles and authorization policies are a given for us.

We employ external audits to help review our work. When handling Personal Data, our employees are obliged to comply with the regulations of the GDPR and the CCPA.

  • What are your rights with respect to Processing of Personal Data?
  • Rights under CCPA and GDPR.

CCPA, GDPR, and other applicable data protection laws protect certain rights for Data Subjects. In particular:

Right of Access – right to obtain confirmation of which of your Personal Data is processed and information about it, for instance, which are the purposes of the processing, what are the conservation periods, among others.

Right to Erasure or “right to be forgotten” – right to erase your Personal Data, provided that there are no valid grounds for its retention, for example in cases where we have to keep the Personal Data to comply with a legal obligation or because a court case is in progress.

Right to Data Portability – right to receive the Personal Data you have provided us in a digital format of current use and automatic reading or to request the direct transmission of your Personal Data to another entity that becomes the new responsible for your Personal Data, however only if technically possible.

  • Rights exclusively under GDPR

The GDPR protects further rights fur Data Subjects in the European Union:

Right of Rectification – right to request a modification of your Personal Data that is inaccurate or request incomplete Personal Data, such as the address, VAT, email, telephone contacts, or others.

Right to Withdraw Consent or Right of Opposition – right to object or withdraw consent at any time to processing, for example in the case of Processing for marketing purposes, provided that no Legitimate Interests exist prevailing over your interests, rights, and freedoms, such as defending a right in a judicial process.

Right of Limitation – right to request the limitation of the Processing of your Personal Data, in the form of (i) suspension of processing or (ii) limitation of the scope of Processing to certain categories of Personal Data or purposes of Processing.

Right to object and ADM – When the Processing of Personal Data, including the Processing for the definition of profiles, is exclusively automatic (without human intervention) and may have effects in your legal sphere or significantly affect it, you shall have the right not to remain subject to any decision based on such automatic Processing, except as otherwise provided by law and shall have the right that we take appropriate measures to safeguard its rights and freedoms and legitimate interests, including the right to have human intervention in decision making by us, the right to express its point of view or contest the decision taken based on automated individual information Processing.

Right to complain – right to complain to the supervisory authority, in addition to us.

  • Rights exclusively under CCPA

Right to Opt-out to the sale of Personal Data – According to Section 1798.120 you have the right to opt-out of the sale of your Personal Data. This means that whenever you request us to stop selling your data, we will abide by your request. Such requests can be made freely, at any time, without submitting any verifiable request, simply by clicking on this [link].

The exercise of rights is free of charge, except in the case of a manifestly unfounded or excessive request, in which case a reasonable fee may be charged regarding its costs.

The information must be provided in writing but may be given orally if requested. In this case, we should verify your identity by means other than oral.

The response to requests based on the provisions of the CCPA should be provided within a maximum of 45 days. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.

For rights asserted by Data Subjects from the EU under the GDPR the period for handling a request is 30 days unless it is a particularly complex request.

Once the retention period expires, Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification, and the right to data portability cannot be enforced after the expiration of the retention period.

  • Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

  • Deny your goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you with a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
  • Changes to our data protection provisions

We reserve the right to modify this Privacy Policy, so it is always in compliance with the current legal requirements or to implement changes to services in the Privacy Policy, e.g., when introducing new services. In this case, your future visits to our website will be subject to the updated Privacy Policy.
If you have additional questions regarding the processing of your Personal Data, please feel free to contact us directly, either by email at [email protected] or via our privacy [link].

  • Contact Information
  • General

If you have any questions or comments about this Privacy Policy, how we collect and use your Personal Data, your choices, and rights regarding such use please do not hesitate to contact us:

Privacy Link: https://prighter.com/q/15144429262
Email: [email protected]
Postal Address: 20 Haharash street, Tel Aviv, Israel.

  • Requests from California residents according to the CCPA

To exercise the access, data portability, and deletion rights described above in 7.1., California residents may submit a verifiable consumer request to us by either:

Privacy Link: https://prighter.com/q/15144429262
Email: [email protected]

Only you or a person registered with the California Secretary of State that you authorize to act on your behalf may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access or data portability twice within 12 months. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

  • Representative for data subjects in the EU and UK

We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact.
Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative Prighter or make use of your data subject rights, please visit the following website [link].

Annex 1

ADMmeans Automated decision-making;
CCPAmeans the California Consumer Privacy Act (CCPA) signed into law on June 28, 2018, to amend Part 4 of Division 3 of the California Civil Code. http://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201720180AB375
CCPA Categorymeans the categories (A) to (K) of Personal nformation as defined in the CCPA;
Consent of the Data Subjectmeans any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the Processing of Personal Data relating to him or her;
Contract Performancemeans concluding, maintaining, and completing of a contract concluded between the Controller and a Data Subject, including Processing activities which take place at the request of the Data Subject before entering into a contractual relation;
Controllermeans the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data; where the purposes and means of such Processing are determined by Union or Member State law, the Controller or the specific criteria for its nomination may be provided for by Union or Member State law;
Data Subjectis any natural person whose Personal Data is being collected, held or processed. Examples of a Data Subject can be an individual, a customer, a prospect, an employee, a contact person, etc;
Direct Marketingmeans personal data processed to communicate a marketing or advertising message. This definition includes messages from commercial organisations, as well as from charities and political organisations;
General Data Protection Regulation (GDPR)is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA); Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) https://eur-lex.europa.eu/eli/reg/2016/679/oj ;
Legitimate Interestmeans the Controller’s interest to process Personal Data in order to carry out tasks related to the Controller‘s business activities. The processing of Personal Data in that context may not necessarily be justified by a legal obligation or carried out to execute the terms of a contract with a Data Subject;
Personal Datameans any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This includes, but is not limited to the term ‘Personal Information’ according to Article 1798.140 (o) (1-2) of the CCPA;
Personal Informationmeans personally identifiable information that you could trace back to a real person according to Article 1798.140 (o) (1-2) of the CCPA;
Processingmeans any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Processormeans a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller;
Productsmeans all products distributed and sold by Syte;
Recipientmeans a natural or legal person, public authority, agency or another body, to which the Personal Data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as Recipients; the Processing of those Personal Data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the Processing;

Personal Data Breach Notification Procedure (GDPR)
When required by law or contract, the company notifies an individual whose Personal Data (PD) has been breached, a Supervisory Authority, government regulator, and/or other persons or entities about a breach.


Notification of Supervisory Authority
The company notifies the supervisory authority as follows:
In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent following Article 55, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.
The processor shall notify the controller without undue delay after becoming aware of a personal data breach.