Syrto S.r.l. (“Syrto“, “we“) respects your right to privacy. This notice explains how we collect, use, and protect your personal data, and what rights you have in relation to us.
The Data Controller is Syrto S.r.l., VAT No. 04144070986, with registered office at Via Settembrini 2, 20124 Milan (MI), Italy. For any questions: privacy@syrto.ai.
Syrto has not appointed a Data Protection Officer (DPO).
What data we collect and how we use it
Platform user data. If you use the Syrto Next platform as a user authorized by a client organization, we collect the data necessary to manage your access: first name, last name, business email, role, and access logs. The legal basis is the performance of the contract with your organization. This data is retained for the duration of the contract and deleted within 30 days of its termination.
The content you enter into the platform (such as conversations with the AI chatbot or uploaded files) is processed by Syrto on behalf of your organization, which is the Data Controller. This processing is governed by a specific agreement (DPA) between Syrto and your organization.
Prospect and business contact data. If you contact us for information, fill out a form, or attend an event, we collect the data you provide: first name, last name, email, phone number, company. We use it to respond to your inquiries and, unless you object, to keep you updated on our services. The legal basis is our legitimate interest in developing business relationships. The data is retained for 24 months from the last contact.
Supplier and partner data. If you are a contact person of a supplier or partner company, we process your professional contact data to manage the contractual relationship. The legal basis is the performance of the contract. Data relating to the contract is retained for 7 years to comply with legal obligations; contact data is retained for 24 months from the last contact.
Website visitor data. We automatically collect certain technical data when you visit our website, such as IP address and browsing data. We use privacy-friendly analytics tools that do not collect personally identifiable data. For details on the use of cookies, please refer to our Cookie Policy.
B2B contact data from third parties. As part of certain services, we use professional contact data (first name, last name, job title, professional email, business phone number) provided by third-party providers who collect it from public sources. If you are a business contact whose data has been provided to us in this way, you have the right to object to the processing by writing to privacy@syrto.ai.
Providing your data is necessary for the delivery of the requested services or for the performance of the contract. Without it, we may not be able to provide the service or respond to your request.
Who we share your data with
We share your data only when necessary, with technical providers acting as Data Processors pursuant to Art. 28 GDPR (cloud infrastructure, CRM, payments, security), with competent authorities upon legitimate request, and with third parties in the event of extraordinary operations such as mergers or acquisitions. The updated list of our suppliers is available in our Trust Center on the website.
We do not sell your personal data to third parties.
Syrto does not use your data for decisions based solely on automated processing that produce legal effects concerning you.
Transfers outside the European Union
Some of our technical providers are based outside the EU. In such cases, we ensure that the transfer takes place on the basis of adequate safeguards pursuant to Chapter V of the GDPR (such as Standard Contractual Clauses). Details are available in our Trust Center.
Your rights
You have the right to access your data, rectify it, erase it, restrict its processing, receive it in a portable format, and object to its processing. You also have the right to withdraw your consent at any time, without affecting the lawfulness of processing carried out previously.
To exercise your rights, write to privacy@syrto.ai. We will respond within one month.
You have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) — www.garanteprivacy.it, Piazza Venezia 11, 00187 Rome, Italy.
If you are a user of a client organization and wish to exercise your rights in relation to the content you have entered into the platform, please contact your organization directly, as it is the Data Controller.
Security
We adopt appropriate technical and organizational measures to protect your data from unauthorized access, loss, or disclosure.
Cookies
For details on the use of cookies on our website, please refer to our Cookie Policy.
Changes to this notice
This notice may be updated periodically. In the event of material changes, we will provide notice on the website. The date of the last revision is indicated at the top of this page.
Contact
For any questions: privacy@syrto.ai — Syrto S.r.l., Via Settembrini 2, 20124 Milan (MI), Italy