(May 10th 2024)

CONTROLLER OF PERSONAL DATA/ INFORMATION

Any Personal Data/ Information provided or to be gathered via the websites:

• http://cirasync.com
• https://dashboard.CiraSync.com
• https://cirahub.com
• https://dashboard.CiraHub.com
• https://syncgene.com
• https://app.syncgene.com

is processed by CIRA APPS LIMITED (ahead referred as “Cira Apps”, “we”, “us”), notwithstanding this fact, with regards to this website Cira Apps acts as the Controller yet with regards to the Apps, each Corporate Client that uses them acts as the Controller and Cira Apps the Processor.

NOTE: This Notice does not apply to information collected by third party websites or API’s that may link to or be accessible through the use of our website or products that We do not have control over. Please refer to those third party privacy policies.

COLLECTION AND USE OF PERSONAL DATA/ INFORMATION

With regards to website visitors and users

The information we gather from website visitors is either collected via Cookies (please check our Cookie Management Tool) or formulars. and it helps us to fulfil your requests and continually improve your experience.

Where a website visitor or user voluntarily submits Personal Data pertaining to him/ her, we Process it under Legitimate Interest; whereas regarding Cookies by not disabling or enabling them, you are Consenting to the Processing.

With regards to our Apps

The information which is present on our Apps is inputted by our Corporate Clients’ users, which includes their own Personal Data as well as Personal Data from any Partner representatives or Customers or still, other natural persons as they see fit while acting as the Controller.

Our Legal Basis to Process that Personal Data consist of a Contractual Obligation before the Corporate Client.

PERSONAL DATA UNDER PROCESSING

The Personal Data under Processing by us includes, but is not limited to, the following:

• Name
• email
• Scheduling (Calendar)
• Phone
• Home Address
• Company
• Role
• IP address

NOTE: When you use our applications, we may collect your device ID, authentication and profile data and send it to a different application programming interface (API). This information is needed to send information back and forth to the device through the application. The core functionality and capability of the application is synchronization of data from one or more sources to one or more targets and thus the information collected and used is integral to the proper functioning of the services provided.

PURPOSE OF THE PROCESSING OF PERSONAL DATA

We Process Personal Data to identify our users (and validate their Credentials as well as to which Corporate Client they relate to) and to allow you to use our Apps and website functionalities.

We also Process Personal Data pertaining to representatives of Prospective or existing Corporate Clients for Business Purposes under strictly a B2B context.

We do not collect or use Personal Data for any other purpose.

EMAIL COMMUNICATIONS

We receive and store your email address when you fill in one of our online forms and also if you subscribe to our newsletters or other e-publications we may offer.

Email addresses are never divulged by CIRA APPS to other organizations (except our Processors) and are only shared with third parties if and where required by law.

COOKIES

Cookies are small programs that are transferred to a site visitor’s web browser running as programs (session Cookies) or to the site visitor hard drive through their web browser running as programs from there (persistent Cookies. Cira Apps website exclusively uses “session cookies”, which you can manage via our Cookie Management tool and exclusively for the purposes outlined in this notice.

Beware that “persistent Cookies” are potentially dangerous and illegal in the sense that they will be running on your machine (laptop, tablet, smartphone, desktop) after you have left the website that downloaded them, profiling you and submitting the gathered information to 3^rd parties.

The GDPR

CIRA APPS has undergone an adequacy process towards applicable Personal Data Protection laws being enforced across the Globe where we operate. Nevertheless, we follow the “highest standard” in terms of ensuring the Security and Protection of Personal Data pertaining to you, and at this point in time that means to take as lead guidance what is established in the the provisions of the GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data; the General Data Protection Regulation.

YOUR RIGHTS UNDER THE LAW

[GDPR] Right of access. The right to obtain from the controller confirmation as to whether their Personal Data are being processed, and, if so, to access such Personal Data as well as related information. CIRA APPS will share the Personal Data over a secure channel, and that (depending on the type of data as well as volume) may necessitate a “password” via an alternative communication channel to the Data Subject to ensure authorized secure access.

[CCPA/CPRA] Right to know and access your personal information – similar to the Right of Access under the GDPR, California residents have the right to:

• Know the categories of personal information we collect and the categories of sources from which we got the information;
• Know the business or commercial purposes for which we collect and share personal information;
• Know the categories of third parties and other entities with whom we share personal information;
• Access the specific pieces of personal information we have collected about you.

[GDPR] Right to rectification. The right to obtain the rectification of inaccurate Personal Data pertaining to that Data Subject.

[GDPR] Right to erasure. The right to have Personal Data pertaining to a Data Subject that is processed by CIRA APPS erased and, therefore, to have processing stopped, unless a legal duty or have a legitimate legal basis to retain certain data prevents CIRA APPS from observing such right, in which case the Data Subject shall be duly informed.

[CCPA/CPRA] Right to deletion – again similar to the GDPR regime, natural persons who reside in the state of California may, in some circumstances, ask us to delete their Personal Data/ information. We may refuse the exercise of such right if it prevents us from exercising legal defense, if we cannot do so because of a legal obligation or there is the risk that by doing so, we cannot fulfill any current contractual obligations.

[GDPR] The right to restrict processing. Under relevant conditions set out by the law, the right to request and impose processing restrictions (in scope and purpose) for Personal Data that pertains to a Data Subject. When exercising this right, the Data Subject must be specific about which processing activities are being requested to be restricted and the Controller shall provide feedback to the Data Subject on either the completion of the request or any potential collateral impact that may derive from implementing the requested objection to processing, asking for additional confirmation prior to implementing the request.

[GDPR] The right to object to processing. The right to object to processing activities that have been qualified under this Privacy Policy as arising under the legal basis of Legitimate Interest on the part of CIRA APPS. The exercise of this right may also occur where the Data Subject wishes to opt-out from an existing service (and not necessarily to cancel the service). When exercising this right, the Data Subject must be specific about which processing activities are being requested to cease and the Controller shall provide feedback to the Data Subject on either the completion of the request or any potential collateral impact that may derive from implementing the requested objection to processing, asking for additional confirmation prior to implementing the request.

[CCPA/CPRA] Right to opt out of sales; DO NOT TRACK/ DO NOT SELL – We do not track our users and visitors over time and across third party websites to provide targeted advertising. Consequently, we do not respond to Do Not Track (DNT) signals. Other third-party websites may keep track of your browsing activities when they provide you with content, which enables them to customize what they present to you on their websites.
We do NOT sell Personal Data pertaining to any natural person under any circumstances.

[GDPR] Right to data portability. The right to receive the Personal Data pertaining to that Data Subject, in a structured, commonly used and machine-readable format as well as the right to transmit such Personal Data to another controller without hindrance. CIRA APPS will share the Personal Data over a secure channel, and that (depending on the type of data as well as volume) may necessitate a “password” via an alternative communication channel to the Data Subject to ensure authorized secure access.

[GDPR] Right to be informed about a Personal Data Breach. The Data Subject has the right (and it is the Controller’s obligation by law to ensure it) to be informed of any unauthorized disclosure or potential disclosure of his/ her Personal Data to unauthorized 3rd parties within 72 hours of the occurrence of such disclosure or knowledge by CIRA APPS of potential disclosure, as the case may be.

[GDPR] Right to lodge a complaint with a supervisory authority. The right to lodge a complaint regarding CIRA APPS’s processing activities in relation to Personal Data with any of the EU Member States’ data protection Supervisory Authorities. CIRA APPS is however also available to provide any clarification towards those Data Subjects who may feel that its processing of the Personal Data that pertains to them has negatively impacted them or somehow breached their rights under GDPR and/ or the right to Privacy, having such Personal Data processed in a secure manner and Confidentiality assurance. A Data Subject may submit a complaint via the request process as here defined above.

[CCPA/CPRA] Right to be free from discrimination – You may exercise any of the above rights without fear of being discriminated against. For any of the above-mentioned CCPA/CPRA related rights, you may designate an authorized agent to make a request on your behalf. In the request, you or your authorized agent must provide including information sufficient for us to confirm the identity of an authorized agent. We are required to verify that your agent has been properly authorized to request information on your behalf and this may mean that it takes additional time to fulfil your request.

Furthermore, where the processing is based on your consent you have a right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

In order to exercise your rights under the law please send an email to [email protected].

CONFIDENTIALITY

We maintain physical, electronic, and procedural safeguards in connection with the collection, storage, and disclosure of Personal Data. Our security procedures mean that we may occasionally request proof of identity before we disclose Personal Data/ Information to you.

We have implemented security policies, rules, and adequate technical and operational measures to ensure that any personal data held under our control is protected from unauthorized access, unauthorized modification, unlawful destruction, accidental loss, improper use, or improper disclosure. Our employees and data processors who have access to, and are associated with the processing of, personal data are obliged to respect the confidentiality of our site and Apps user, visitor’s and remaining hosted Personal Data.