Privacy Policy

1. Introduction

Welcome to Sinthera ("we," "us," or "our"). We are a strategic growth firm that fuses AI, Web3, and Automation into a decisive advantage for our clients. We are committed to protecting the privacy and security of the personal data we process.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (www.sinthera.space) (the "Site") and when you use our digital services (the "Services"). This policy is prepared in accordance with global privacy laws, including the EU General Data Protection Regulation (GDPR), the UK General Data Protection Regulation (UK GDPR), and applicable U.S. state privacy laws like the California Consumer Privacy Act (CCPA) as amended by the CPRA.

2. Our Role: Data Controller vs. Data Processor

It is important to understand our role, as it changes depending on the situation:

• Data Controller: When you visit our Site, contact us for marketing purposes, or subscribe to our newsletter, Sinthera is the Data Controller. We determine the purposes and means of processing your personal data. This policy primarily governs our activities as a Data Controller.
• Data Processor: When we provide our Services to our business clients ("Clients"), we may process personal data on their behalf and under their instructions (e.g., analyzing a Client's customer data). In this situation, our Client is the Data Controller, and Sinthera is the Data Processor. Our processing of such data is governed by a separate Data Processing Agreement (DPA) with our Client.

3. Data We Collect as a Data Controller

We may collect personal information that you provide directly to us or that we collect automatically.

A. Information You Provide to Us:

• Contact & Professional Data: When you fill out a contact form, schedule a consultation, or communicate with us, we may collect your name, email address, phone number, job title, company name, and any other information you provide in your message.
• Marketing Data: If you subscribe to our publications, we collect your email address and marketing preferences.

B. Information We Collect Automatically:

• Log and Usage Data: Like most websites, we collect information that your browser sends, such as your IP address, browser type, device information, pages visited, and the date and time of your visit.
• Cookies and Tracking Technologies: We use cookies and similar technologies to analyze trends, administer the Site, and track users' movements around the Site. You can control the use of cookies at the individual browser level.

4. How We Use Your Information (as Data Controller)

Our legal basis for processing your data under GDPR/UK GDPR depends on the context:

• To Respond to Your Inquiries: We use your data to respond to your questions and consultation requests.
  • Legal Basis: Our legitimate interest to engage with potential clients, or to take steps at your request prior to entering into a contract.
• To Provide and Market Our Services: We may send you marketing communications about our services, insights, and events. You can opt-out at any time.
  • Legal Basis: Your explicit consent (where required) or our legitimate interest to market our services to other businesses.
• To Improve Our Site: We analyze usage data to understand how our Site is used and to improve its functionality and user experience.
  • Legal Basis: Our legitimate interest to maintain and improve our business and website.
• To Meet Legal Obligations: We may process your data to comply with legal and regulatory requirements.
  • Legal Basis: Compliance with a legal obligation.

5. How We Share Your Information

We do not sell your personal data. We may share your information in the following limited circumstances:

• Service Providers: With third-party vendors who perform services on our behalf, such as cloud hosting (e.g., AWS, Google Cloud), CRM systems (e.g., Salesforce, HubSpot), and analytics providers (e.g., Google Analytics). These providers are contractually bound to protect your data.
• Legal Compliance: If required by law, subpoena, or other legal process.
• Business Transfers: In connection with a merger, acquisition, or sale of all or a portion of our assets.

6. International Data Transfers

We operate globally. As such, your personal data may be transferred to, and processed in, countries outside of your own, including the United States, which may have data protection laws that are different from those in your country.

When we transfer personal data out of the European Economic Area (EEA), UK, or Switzerland, we implement appropriate safeguards, such as:

• Executing Standard Contractual Clauses (SCCs) approved by the European Commission and/or the UK Information Commissioner's Office (ICO).
• Transferring to countries that have been deemed to provide an "adequate" level of data protection.

7. Your Data Protection Rights

Depending on your location, you may have the following rights regarding your personal data:

• Right to Know/Access: The right to request what personal information we collect, use, disclose, and sell.
• Right to Rectification: The right to request correction of inaccurate personal data.
• Right to Erasure/Deletion: The right to request the deletion of your personal data, subject to certain exceptions.
• Right to Object (GDPR/UK GDPR): The right to object to processing based on our legitimate interests.
• Right to Opt-Out of Sale/Sharing (CCPA): We do not "sell" personal data. You may have the right to opt-out of "sharing" for cross-context behavioral advertising.
• Right to Limit Use of Sensitive Personal Information (CCPA): We do not typically collect sensitive personal information from our website visitors.
• Right to Data Portability: The right to receive your data in a portable format.
• Right to Withdraw Consent: Where we rely on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at [privacy@sinthera.space]. We will verify your request and respond within the timeframes required by law.

8. Data Security and Retention

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, use, or disclosure.

We will retain your personal data only for as long as is necessary for the purposes set out in this policy, to comply with our legal obligations (e.g., tax or accounting), or to resolve disputes.

9. Children's Privacy

Our Site and Services are not directed to individuals under the age of 16, and we do not knowingly collect personal information from them.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The "Last Updated" date at the top of this policy will indicate when it was last revised. We encourage you to review this policy periodically.

‍