Title Image of Genius Packaging About Section

Data Protection Policy

This policy describes how SY Tech Solutions collects, uses, stores, shares, and protects personal data processed through https://sy-techsolution.com (the “Website”), our products, and client engagements. Where this policy conflicts with a signed agreement or a data processing addendum (DPA), that agreement will prevail.

1) Purpose & scope

This policy applies to all personal data handled by SY Tech Solutions, including data collected via the Website, marketing activities, support channels, and during delivery of professional services to clients.

2) Key definitions

  • Personal data: Information relating to an identified or identifiable person.
  • Processing: Any operation on personal data (e.g., collection, storage, use, disclosure, deletion).
  • Controller / Processor: The party that determines purposes and means (controller) vs. the party that processes data on behalf of a controller (processor).

3) Roles & responsibilities

  • SY Tech Solutions as Controller: For Website visitors, marketing, hiring, and our own account/billing data.
  • SY Tech Solutions as Processor: When we process client data under a DPA/SOW; we act only on documented client instructions.
  • Internal owners: Executive leadership, Security, and Legal jointly oversee compliance and risk management.

4) Lawful bases

We process personal data using one or more lawful bases, including:

  • Consent (e.g., marketing opt-ins)
  • Contract (to perform an agreement with you)
  • Legitimate interests (balanced, minimal impact)
  • Legal obligation (tax, compliance, court orders)
  • Vital interests (rare, safety-related)

5) Data categories we process

  • Identity & contact data (name, email, phone, company)
  • Account & billing data (plan, invoices, payment metadata)
  • Support & communications (tickets, chat, email)
  • Technical data (IP, device/browser, logs, diagnostics)
  • Recruiting data (CVs, interview notes, references)
  • Client-provided content for services (as a processor, per DPA)

6) How we use personal data

  • Provide and improve our services and Website
  • Fulfill contracts, invoicing, and customer support
  • Security, fraud prevention, auditing, and compliance
  • Product analytics (aggregated or pseudonymized where possible)
  • Marketing with proper consent/opt-out controls

For more on collection and uses, see our Privacy Policy.

7) Minimization & retention

  • We collect only what is necessary for stated purposes.
  • Retention follows a documented schedule; when no longer needed, we delete or anonymize data unless law requires retention.
  • Clients can request deletion/export of their data in line with contract and applicable laws.

8) Security measures

  • Access control, least privilege, MFA for privileged roles
  • Encryption in transit (TLS) and at rest where applicable
  • Segregated environments, secure SDLC, code review
  • Backups, monitoring, logging, and incident response runbooks
  • Vendor due diligence and DPAs with processors
  • Periodic risk assessments and penetration testing (as applicable)

9) International transfers

If personal data is transferred across borders, we use appropriate safeguards (e.g., Standard Contractual Clauses, adequacy decisions) and follow client instructions where we act as a processor.

10) Data subject rights

Subject to local laws, individuals may have rights to access, rectify, erase, restrict, port, or object to processing, and to withdraw consent at any time (without affecting prior lawful processing).

11) Requests handling (DSR)

  • Send requests to support@sy-techsolution.com. We verify identity before acting.
  • We aim to respond within 30 days (or as required by law).
  • For processor scenarios, we forward requests to the controller (our client) and act on their instructions.

12) Processors & sub-processors

We engage vetted service providers for hosting, analytics, support, and payments. Each provider is bound by confidentiality and a DPA where required. On request, we can share a current list of sub-processors relevant to your services.

13) Incident & breach response

  • We investigate suspected incidents promptly.
  • If a personal data breach is likely to result in risk to individuals, we notify impacted parties and/or authorities in line with applicable law and contractual commitments.

14) Privacy by design & DPIA

We embed privacy by design into our development and delivery practices. Data Protection Impact Assessments (DPIAs) are performed when high-risk processing is planned, per legal requirements or client instructions.

15) Training & awareness

Team members with access to personal data receive periodic training on security, privacy, and acceptable use, and must follow company policies and confidentiality obligations.

16) Records of processing

We maintain internal records of processing activities (ROPA) suitable to our size and operations and review them periodically.

17) Cookies

We use cookies and similar technologies for essential functionality, analytics, and (with consent) marketing. See our Cookie Policy and Privacy Policy for details and choices.

18) Children’s data

Our services are not directed to children under the age specified by local law (e.g., 16 in the EU). We do not knowingly collect children’s personal data. If you believe a child provided data, contact us to remove it.

19) Changes to this policy

We may update this policy from time to time. The “Revised” date shows the latest version. Material changes may be communicated through the Website or by direct notice.

20) Contact

Questions about this policy or data protection at SY Tech Solutions? Email support@sy-techsolution.com or visit https://sy-techsolution.com.