Privacy Policy

1. Scope of this Privacy Policy

This Privacy Policy applies to the website digital-synergy.eu and the enquiry and proposal forms available through the website (the “Website”).
It explains how Digital Synergy Limited collects, uses, stores, shares and protects personal data when you:

• visit or use the Website;
• manage your cookie preferences;
• contact us by email, telephone or through a general contact form;
• request a cybersecurity services proposal;
• request a managed IT services proposal; or
• otherwise communicate with us in relation to our services.

This Privacy Policy applies to personal data processed by Digital Synergy Limited as a controller.
Where Digital Synergy Limited processes personal data on behalf of a customer in the course of providing managed IT, cybersecurity, cloud, backup, monitoring or other contracted services, those processing activities are governed by the applicable service agreement, Data Processing Agreement and customer instructions.

2. Who we are

Controller

Company / CRO number: 561118
Tax number: 3384851DH

General privacy enquiries: legal@digital-synergy.eu
Cookie-related enquiries: privacy@digital-synergy.eu
Telephone: +353 21 203 1280

Data Protection Officer

Email: dpo@digital-synergy.eu

3. How we collect personal data

We collect personal data:

• directly from you when you submit a form, send us an email, telephone us or otherwise communicate with us;
• automatically from your browser or device when you use the Website;
• through strictly necessary cookies and similar technologies;
• through analytics technologies where you have provided consent; and
• from an organisation or colleague where they contact us on behalf of their business and provide your business contact details.

We do not intentionally collect more personal data than is reasonably necessary for the relevant purpose.

4. Personal data we process

Depending on how you interact with us, we may process the following categories of personal data.

4.1 Website and device data

When you visit the Website, our website and hosting infrastructure may process:

• IP address;
• browser type and version;
• device type and operating system;
• HTTP headers;
• requested pages or resources;
• referring page;
• timestamps;
• server access and error information; and
• technical information required for security, troubleshooting and delivery of the Website.

4.2 Cookie preference and consent data

When you interact with our cookie banner or cookie settings, we may process:

• your selected cookie categories;
• consent or rejection status;
• the date and time of your choice;
• the version of the cookie banner or policy;
• a pseudonymous consent or preference identifier; and
• records of subsequent changes or withdrawal of consent.

4.3 Analytics data

Where you consent to analytics, we may process pseudonymous information such as:

• analytics client and session identifiers;
• page views;
• session activity;
• events and interactions;
• approximate device and browser information;
• general traffic source information; and
• consent status.

We do not use Google Analytics advertising features for this Website.

4.4 General contact enquiries

If you contact us through a general contact form, by email, telephone or another contact route, we may process:

• your name;
• business email address;
• telephone number, where provided;
• company or organisation name, where provided;
• subject or reason for contacting us;
• the content of your message;
• any information you choose to include; and
• subsequent correspondence relating to your enquiry.

4.5 Cybersecurity services proposal requests

If you submit the Cybersecurity Services proposal form, we may process:

• your name;
• business email address;
• company or organisation name;
• country;
• approximate number of devices or endpoints;
• selected cybersecurity service interests;
• preferred start timeline;
• information entered in the optional Note field;
• information required to assess your requested services;
• subsequent correspondence; and
• information contained in a proposal prepared in response to your request.

4.6 Managed IT services proposal requests

If you submit the Managed IT Services proposal form, we may process:

• your name;
• business email address;
• company or organisation name;
• country;
• number of users;
• selected managed IT requirement or service need;
• information entered in the optional Note field;
• information required to assess your requested services;
• subsequent correspondence; and
• information contained in a proposal prepared in response to your request.

4.7 Information you should not submit

Please do not include the following in a contact or proposal form unless we have specifically requested it through an appropriate secure channel:

• passwords;
• access credentials;
• encryption keys;
• private keys;
• detailed security configurations;
• vulnerability details that may create a security risk;
• copies of identity documents;
• payment card information;
• health data;
• biometric data;
• criminal offence data; or
• other sensitive or highly confidential personal data.

The Note and message fields should be used only for information reasonably necessary to explain your enquiry or service requirements.

5. Purposes, legal bases and retention

We process personal data only where we have an identified purpose and a valid legal basis under the General Data Protection Regulation.

5.1 Website operation and strictly necessary technologies

Purpose
To display, deliver, maintain and operate the Website, remember essential settings and ensure that requested functions work correctly.

Personal data
Website and device data, strictly necessary cookie data and technical settings.

Legal basis
Article 6(1)(f) GDPR – our legitimate interests in operating and delivering a functional, reliable and accessible Website.

Retention

• session cookies: until the end of the browser session;
• essential preference cookies: for the duration specified in our Cookie Policy; and
• server access and error logs: up to 90 days, unless longer retention is necessary to investigate a technical or security incident.

Recipients
Digital Synergy Limited and Hetzner Online GmbH as infrastructure processor.

International transfers
No international transfer is intended for this processing where the Website is hosted within the European Union.

5.2 System security, monitoring and abuse prevention

Purpose
To protect the confidentiality, integrity and availability of the Website and our systems, detect misuse, investigate suspicious activity, prevent unauthorised access and respond to security incidents.

Personal data
IP addresses, timestamps, request information, authentication and security events, server logs and other relevant technical data.

Legal basis
Article 6(1)(f) GDPR – our legitimate interests in protecting our Website, systems, users and business against security threats, fraud and abuse. Where processing is necessary to comply with a specific legal obligation, Article 6(1)(c) GDPR may also apply.

Retention
Technical and security logs are normally retained for up to 180 days.
Relevant records may be retained for longer where necessary to investigate, manage or document a security incident, legal claim or regulatory matter.

Recipients
Authorised Digital Synergy personnel, Hetzner Online GmbH and, where necessary, professional advisers, competent authorities or security specialists.

5.3 General enquiries

Purpose
To receive, manage and respond to general questions, business enquiries and communications.

Legal basis

Article 6(1)(f) GDPR – our legitimate interests in communicating with prospective customers, business contacts and other persons who contact us.
Article 6(1)(b) GDPR applies where an individual contacts us in their own name and asks us to take specific steps before entering into a contract with that individual.

Retention
Up to 12 months from our last interaction, unless:

• the enquiry results in a contractual relationship;
• a longer period is required by law; or
• retention is necessary for the establishment, exercise or defence of legal claims.

Recipients
Authorised Digital Synergy personnel, our self-hosted email environment and Hetzner Online GmbH as infrastructure processor.

International transfers
No international transfer is intended for this processing under our current hosting and email configuration.

5.4 Cybersecurity services proposal requests

Purpose
To:

• review your cybersecurity service requirements;
• understand your organisation’s environment and requested services;
• assess the approximate scope of the requested engagement;
• respond to your enquiry;
• communicate with you as the relevant business contact; and
• prepare a requested cybersecurity services proposal.

Legal basis
Article 6(1)(f) GDPR – our legitimate interests in responding to B2B service enquiries, assessing prospective customer requirements and preparing requested proposals.
Article 6(1)(b) GDPR applies where the person submitting the request is acting in their own name and asks us to take specific pre-contractual steps before entering into a contract with that person.

Retention
Up to 12 months from our last interaction, unless:

• the proposal results in a contractual relationship;
• a longer period is required by law; or
• retention is necessary for the establishment, exercise or defence of legal claims.

Recipients
Authorised Digital Synergy personnel, our self-hosted email environment and Hetzner Online GmbH as infrastructure processor.

International transfers
No international transfer is intended for this processing under our current hosting and email configuration.

5.5 Managed IT services proposal requests

Purpose
To:

• review your managed IT service requirements;
• understand the number of users and the type of support or servicerequired;
• assess the approximate scope of the requested engagement;
• respond to your enquiry;
• communicate with you as the relevant business contact; and
• prepare a requested managed IT services proposal.

Legal basis
Article 6(1)(f) GDPR – our legitimate interests in responding to B2B service enquiries, assessing prospective customer requirements and preparing requested proposals.
Article 6(1)(b) GDPR applies where the person submitting the request is acting in their own name and asks us to take specific pre-contractual steps before entering into a contract with that person.

Retention
Up to 12 months from our last interaction, unless:

• the proposal results in a contractual relationship;
• a longer period is required by law; or
• retention is necessary for the establishment, exercise or defence of legal claims.

Recipients
Authorised Digital Synergy personnel, our self-hosted email environment and Hetzner Online GmbH as infrastructure processor.

International transfers
No international transfer is intended for this processing under our current hosting and email configuration.

5.6 Audience analytics

Purpose
To understand how visitors use the Website, identify popular pages, measure Website performance and improve content and usability.

Personal data
Pseudonymous analytics identifiers, page views, events, session information, browser and device information and related analytics data.

Legal basis
Article 6(1)(a) GDPR – your consent provided through our Consent Management Platform.
Analytics cookies and related analytics processing are not activated unless you provide the required consent.

You may withdraw your consent at any time through the “Change cookie settings” link in the Website footer.

Retention

• Google Analytics event data: up to 14 months;
• analytics cookies: for the periods specified in our Cookie Policy; and
• consent records: up to 24 months.

Recipients
Google Ireland Limited and, where applicable in connection with support or service delivery, Google LLC.

International transfers
Transfers to the United States may occur as described in Section 9.

5.7 Cookie preference and consent records

Purpose
To remember your preferences, apply your choices and demonstrate whether and when consent was provided, rejected or withdrawn.

Legal basis
Article 6(1)(c) GDPR – where processing is necessary to demonstrate compliance with applicable consent requirements.
Article 6(1)(f) GDPR – our legitimate interests in managing and respecting user preferences.

Retention
Consent and preference records may be retained for up to 24 months, unless a shorter period applies or longer retention is required to establish or defend a legal claim.

5.8 Compliance with legal obligations and legal claims

Purpose
To:

• comply with applicable legal and regulatory requirements;
• respond to lawful requests from courts, regulators or public authorities;
• maintain required records;
• investigate complaints; and
• establish, exercise or defend legal claims.

Legal basis
Article 6(1)(c) GDPR – compliance with legal obligations.
Article 6(1)(f) GDPR – our legitimate interests in protecting our rights and resolving disputes.

Retention
For the period required by applicable law or for as long as reasonably necessary in relation to the relevant complaint, investigation, dispute or legal claim.

6. Required fields and consequences of not providing personal data

Providing personal data through our enquiry and proposal forms is not a statutory requirement. Fields marked with an asterisk (*) are required to submit the relevant form. These fields are necessary so that we can:

• identify and contact you;
• identify the relevant organisation;
• understand the nature and approximate scope of the request;
• assess the requested services; and
• prepare an appropriate response or proposal.

If you do not provide the required information:

• you may not be able to submit the form;
• we may be unable to identify or contact you;
• we may be unable to assess your requirements; and
• we may be unable to prepare the requested response or proposal.

The Note or free-text message field is optional.
Submitting an enquiry or proposal request does not create a contract and does not require either party to enter into a business relationship.
Submitting an enquiry does not constitute consent to receive unrelated marketing communications.

7. Electronic marketing

We do not treat the submission of a general enquiry, Cybersecurity Services proposal request or Managed IT Services proposal request as consent to electronic marketing. Where we wish to send marketing communications to an individual and consent is required, we will request consent separately through a voluntary and unticked option.
Where electronic marketing is otherwise permitted by applicable law, each marketing communication will:

• identify Digital Synergy Limited as the sender;
• explain how to opt out; and
• provide a simple and free method of unsubscribing.

You may object to direct marketing at any time by contacting: legal@digital-synergy.eu.

Where you opt out, we may retain the minimum information required on a suppression list to ensure that your preference continues to be respected.

8. Recipients and processors

We disclose personal data only where necessary for the purposes described in this Privacy Policy.

8.1 Digital Synergy personnel

Authorised employees, contractors and representatives who require access for the relevant business, technical, legal, compliance or security purpose.

8.2 Infrastructure and hosting

Hetzner Online GmbH
Germany

Hetzner provides infrastructure and hosting services.
A Data Processing Agreement is maintained where required.

8.3 Email infrastructure

Our Website enquiry and proposal communications are processed through Digital Synergy’s self-hosted email environment on our hosting infrastructure. No separate external email relay or hosted email provider is used under our current configuration.

8.4 Analytics

Google Ireland Limited provides Google Analytics 4. Google LLC may be involved in support, infrastructure or related service delivery.
Google Analytics Measurement ID: G-5MB58K74J8

8.5 Professional advisers and authorities

Where necessary, personal data may be shared with:

• legal advisers;
• accountants;
• auditors;
• insurers;
• information security specialists;
• courts;
• regulators;
• law enforcement authorities; or
• other public authorities.

Such disclosure will take place only where legally permitted or required. We do not disclose personal data to third parties for their unrelated independent marketing purposes.

9. International data transfers

Most Website, contact and proposal information is processed within the European Economic Area. Google Analytics-related processing may involve access to or transfer of personal data outside the European Economic Area, including to the United States. Where Google LLC or another relevant recipient maintains an active certification under the EU-US Data Privacy Framework and the transfer falls within the scope of that certification, we may rely on the applicable adequacy decision.
Where an adequacy decision does not apply, we may use the European Commission’s Standard Contractual Clauses and, where required, supplementary contractual, organisational or technical measures.
We periodically review the transfer mechanism, the status of relevant,recipients and the safeguards applicable to international transfers.

You may request further information about the safeguards used for international transfers by contacting: legal@digital-synergy.eu.

10. Cookies and similar technologies

We use a Consent Management Platform that provides the following options:

• Accept;
• Reject; and
• Settings.

Strictly necessary cookies are used only where required to operate the Website, provide requested functionality, remember privacy preferences or maintain security. Non-essential analytics cookies are not activated unless you provide consent.
You may:

• accept all optional cookies;
• reject all optional cookies;
• make a granular selection;
• change your selection; or
• withdraw consent at any time.

You can change your choices through the “Change cookie settings” link in the Website footer.Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal. Details of individual cookies, providers, purposes and durations are available in our Cookie Policy.

11. Data retention

We retain personal data only for as long as reasonably necessary for the relevant purpose.
The specific periods are described in Section 5.

At the end of the applicable retention period, personal data is deleted, anonymised or securely restricted, unless:

• continued retention is required by law;
• a contractual relationship continues;
• a dispute or investigation is ongoing; or
• the information is necessary for the establishment, exercise or defence of legal claims.

If an enquiry results in a customer relationship, relevant business and contractual records may be retained under the applicable service agreement, accounting obligations, legal requirements and any additional privacy information provided in connection with the service.

12. Data security

We use technical and organisational measures designed to protect personal data against:

• accidental or unlawful destruction;
• loss;
• alteration;
• unauthorised disclosure;
• unauthorised access; and
• other unlawful processing.

Depending on the relevant processing activity, these measures may include:

• HTTPS encryption;
• access controls;
• role-based permissions;
• authentication controls;
• system logging;
• security monitoring;
• backups;
• server and application hardening;
• patch and vulnerability management;
• confidentiality obligations; and
• incident response procedures.

Access to personal data is limited to persons who require it for an authorised purpose. No transmission or storage system can be guaranteed to be completely secure. We therefore review and improve our safeguards in light of the nature of the processing, available technology and relevant risks.

13. Your data protection rights

Subject to the conditions and limitations provided by applicable law, you may have the following rights.

13.1 Right of access

You may request confirmation as to whether we process your personal data and obtain a copy of that data together with relevant information about the processing.

13.2 Right to rectification

You may ask us to correct inaccurate personal data or complete incomplete information.

13.3 Right to erasure

You may ask us to delete personal data where the legal conditions for erasure are met.

13.4 Right to restriction

You may ask us to restrict processing in the circumstances provided by the GDPR.

13.5 Right to data portability

Where processing is based on consent or contract and is carried out by automated means, you may have the right to receive personal data you provided in a structured, commonly used and machine-readable format and to transmit that data to another controller.

13.6 Right to withdraw consent

Where processing is based on consent, you may withdraw consent at any time. For analytics and cookies, use the “Change cookie settings” link in the Website footer.
Withdrawal does not affect the lawfulness of processing carried out before consent was withdrawn.

13.7 Right to object

Where we process personal data on the basis of Article 6(1)(f) GDPR, you have the right to object on grounds relating to your particular situation.

We will stop the relevant processing unless we demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or the processing is required for the establishment, exercise or defence of legal claims.
You may object to direct marketing at any time. If you object to direct marketing, we will stop using your personal data for that purpose.

13.8 Right to complain

You have the right to lodge a complaint with the Data Protection Commission in Ireland or another competent supervisory authority.

Website:
www.dataprotection.ie
We encourage you to contact us first so that we have an opportunity to address your concern.

14. How to exercise your rights

You may submit a privacy request by contacting:
legal@digital-synergy.eu

or
dpo@digital-synergy.eu

You may also write to:

Please describe your request clearly and identify the email address or other information relevant to your interaction with us. Where we have reasonable doubts about identity, we may request additional information necessary to verify that the request has been made by the relevant person. Any identity verification request will be proportionate to the nature of the request and the personal data involved. We will respond without undue delay and normally within one month of receiving the request.
Where necessary due to the complexity or number of requests, that period may be extended by up to two additional months. We will notify you of the extension and the reasons within the initial one-month period.
Requests are normally handled free of charge. The GDPR permits a reasonable fee or refusal to act where a request is manifestly unfounded or excessive, particularly because of its repetitive character.

15. Automated decision-making and profiling

We do not use personal data collected through this Website to make decisions based solely on automated processing, including profiling, that produce legal effects or similarly significantly affect you.
Google Analytics is used for Website audience measurement and does not make contractual, employment, credit or other significant decisions about Website visitors.

16. Children

The Website and our services are intended for businesses and professional users.
They are not directed at children, and we do not knowingly request personal data from children through our business enquiry or proposal forms.
If you believe that a child has provided personal data to us, please contact: legal@digital-synergy.eu.

17. Third-party links

The Website may contain links to third-party websites, services or resources. Digital Synergy Limited does not control the privacy practices of independent third parties. You should review the privacy information of the relevant third party before providing personal data through an external website or service.

18. Changes to this Privacy Policy

We may update this Privacy Policy where:

• our Website or forms change;
• we introduce or remove a processor or technology;
• processing purposes or legal bases change;
• retention periods change;
• international transfer arrangements change; or
• applicable legal or regulatory requirements change.

The current version and “Last updated” date will be displayed at the top of this page. Where a change is material, we may provide an additional notice on the Website or through another appropriate communication channel.

19. Contact

General privacy questions:
legal@digital-synergy.eu
Cookie-related questions:
privacy@digital-synergy.eu
Data Protection Officer:
dpo@digital-synergy.eu

Telephone:
+353 21 203 1280