Privacy Policy

The SYNAC.IO project, operated by Khondakar Readul Islam (individual, pre-registration), is the controller responsible for the processing of your personal data within the meaning of the General Data Protection Regulation (GDPR).

Contact details of the Data Controller:

Khondakar Readul Islam (SYNAC.IO project)

Darmstadt

Germany

Email: privacy@synac.io

Data Protection Contact:

We do not currently have a formally appointed Data Protection Officer (DPO), as this obligation applies to registered organisations meeting specific thresholds under Art. 37 GDPR. For all data protection matters, please contact:

Email: privacy@synac.io

This Privacy Policy explains how the SYNAC.IO project ("we", "us", "our"), operated by Khondakar Readul Islam, processes personal data collected through our website synac.io, in compliance with:

We process personal data only where we have a legal basis to do so. This website is currently a pre-commercial demonstration. Products incorporating AI are in development and not yet deployed to process personal data at scale.

3.1 Website Access (Server Logs)

When you visit our website, your browser automatically transmits:

Legal basis: Art. 6(1)(f) GDPR — Legitimate interest in operating a secure and functional website.

Retention: 7 days, then deleted.

3.2 Contact and Demo Requests

When you complete a contact or pilot project request form, we collect:

Legal basis: Art. 6(1)(b) GDPR — Processing necessary for the performance of a pre-contractual relationship.

Retention: 3 years after last contact, or until you request deletion.

3.3 Newsletter and Marketing Communications

If you opt in to receive updates:

Legal basis: Art. 6(1)(a) GDPR — Freely given, specific, and informed consent.

You may withdraw consent at any time by clicking "Unsubscribe" or emailing privacy@synac.io.

3.4 Platform Usage Data (Future)

Once commercial products are launched, usage data will be processed only under a formal Data Processing Agreement (DPA). No enterprise platform is currently operational.

SYNAC.IO is developing AI and machine learning systems as part of its product roadmap. We are committed to designing these systems in compliance with the EU AI Act (Regulation (EU) 2024/1689), which entered into force on 1 August 2024.

4.1 AI System Classification (Planned)

Several planned SYNAC.IO products are designed to fall under high-risk AI system categories in Annex III of the EU AI Act, including:

Prior to any commercial deployment of these systems, we will implement:

4.2 Automated Decision-Making (Art. 22 GDPR)

No automated decision-making affecting individuals is currently in operation on this website. Future deployed systems will comply fully with Art. 22 GDPR.

4.3 AI Transparency

We will clearly disclose where AI is used in our systems prior to deployment. We will never use customer data to train AI models without explicit, separate contractual provisions.

We use cookies and similar technologies on our website in compliance with § 25 TTDSG and Art. 6 GDPR.

5.1 Strictly Necessary Cookies

Required for core website functionality. No consent required.

5.2 Functional Cookies (Consent required)

Enhance your experience:

Retention: 12 months

5.3 Analytics Cookies (Consent required)

Anonymised, aggregated usage data to improve our website:

IP addresses are truncated before any processing. No cross-site tracking.

Retention: 13 months maximum.

5.4 Marketing Cookies (Consent required)

Used with your consent for campaign measurement:

Data may be transferred to the USA under Standard Contractual Clauses (SCCs) pursuant to Art. 46 GDPR.

Retention: 90 days.

You can manage your cookie preferences at any time via the "Cookie Settings" link in the footer.

6.1 Access to Data

Access to personal data is strictly limited to the project founder and any designated collaborators on a need-to-know basis.

6.2 Service Providers (Data Processors)

We use carefully selected third-party service providers acting as data processors under Art. 28 GDPR:

6.3 International Transfers

If personal data is transferred to countries outside the European Economic Area (EEA), we ensure an adequate level of protection through:

For questions about data transfers, contact: privacy@synac.io

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by applicable law.

After expiry of the applicable retention period, data is securely deleted or anonymised.

You have the following rights under the GDPR, subject to applicable exceptions:

Art. 15 — Right of Access: You have the right to obtain confirmation as to whether personal data concerning you is being processed, and, where that is the case, access to the personal data.

Art. 16 — Right to Rectification: You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you.

Art. 17 — Right to Erasure ("Right to Be Forgotten"): You have the right to obtain the erasure of personal data concerning you without undue delay, subject to legal retention obligations.

Art. 18 — Right to Restriction of Processing: You have the right to obtain restriction of processing where you contest accuracy, object to processing, or require data for legal claims.

Art. 20 — Right to Data Portability: Where processing is based on consent or contract, you have the right to receive your personal data in a structured, commonly used, and machine-readable format.

Art. 21 — Right to Object: You have the right to object to processing based on legitimate interest or for direct marketing purposes. Objection to direct marketing is absolute and must be honoured immediately.

Art. 22 — Rights Related to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects.

Art. 77 — Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority. The competent authority for this project (based in Hesse, Germany) is:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit (HBDI)

Postfach 3163

65021 Wiesbaden

Germany

Website: https://datenschutz.hessen.de

To exercise your rights, contact us at privacy@synac.io. We will respond within one month (extendable by two further months for complex requests). We may ask you to verify your identity before processing your request.

We implement appropriate technical and organisational measures (TOMs) pursuant to Art. 32 GDPR to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage.

Our security measures include:

For security inquiries or to report a vulnerability, contact: security@synac.io

Our website and enterprise services are directed to business professionals and are not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have inadvertently collected personal data from a child under 16, we will delete that data without undue delay. If you believe we have collected data from a child, please contact privacy@synac.io immediately.

We may update this Privacy Policy from time to time to reflect changes in our data processing practices, legal requirements, or for other operational reasons. We will notify you of material changes by:

We encourage you to review this Privacy Policy periodically. Your continued use of our website and services after any changes constitutes acceptance of the updated policy.

For all privacy-related inquiries, data subject requests, or concerns about how we handle your personal data:

Privacy contact: privacy@synac.io

Security concerns: security@synac.io

Postal address:

Khondakar Readul Islam (SYNAC.IO project)

Darmstadt

Germany

We aim to respond to all privacy inquiries within 5 business days. Data subject requests will be handled within the statutory one-month period.