Privacy Policy
Scope of this Privacy Policy
This Privacy Policy governs and explains how we collect and process your personal information when you (“you” or “User”) use our website, located at synthesia.io (“Site”), services and products accessible through the Site (“Services”), and the associated web-based software provided by Synthesia (“Software”). The Site, the Services, and the Software are jointly referred to as the “Platform”. If you are a purchaser of our Services, you are a "Customer". If you are authorized by a Customer to use our Services, or you are a Site visitor you are an "Authorized User".
We are Synthesia Limited, a company located at Kent House, 14/17 Market Place, London W1W 8AJ, United Kingdom, and we are the controller of your personal data processed in connection with this Privacy Policy. If you have any questions or concerns regarding your privacy, you can contact us at support@synthesia.io. Our Data Protection Officer can be contacted at dpo@synthesia.io. We have designated Synthesia ApS, Vesterbrogade 149, bygning 4, 1.tv, 1620 København V. Denmark as our EU GDPR representative to act on our behalf and serve as a direct contact for supervisory authorities and individuals in the European Union, and they can be contacted at gdpr.representative@synthesia.io.
A separate agreement may govern the provision, access and use of the Services ("Agreement"), including the processing of (a) any content or information that an Authorized User submits to the Services, such as text and scripts used to prompt Avatars to speak and perform, and image and audio files uploaded to the Services; and (b) any videos created by Authorized Users using the Services (collectively, "Customer Data"). Customer Data excludes the Services, any content that Synthesia makes generally available to Customers through the Services (“Synthesia Content”) and Non-Synthesia Products. The Customer (e.g., your employer or another entity or person) that entered into the Agreement with Synthesia for the purchase of Services controls its instance of the Services and any associated Customer Data. If you have any questions about specific settings and privacy practices, please contact the Customer whose Service you use.
Identifying the Data Controller and Data Processor
Certain jurisdictions distinguish between a "controller" or "processor" of personal data. A controller is the decision-maker and exercises overall control over how and why personal data is collected and used. In general, the Customer is the controller of Customer Data. A processor acts on behalf of, and only on the instructions of, the relevant controller. In general, Synthesia is the processor of Customer Data and the controller of Other Information (which is described in the ‘Personal data that we process’ section below).
Synthesia is the controller of Other Information and a processor of Customer Data.
In addition to the definitions provided for in the Agreement, the following words and abbreviations have the meaning provided below:
"personal data" means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
"processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
"processor" means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of Synthesia.
Personal data that we process
Synthesia collects and receives the following information through the Platform and your other interactions with Synthesia.
- Customer Data. Customers or Authorized Users submit Customer Data to Synthesia when they use the Platform.
- Other Information. Synthesia also collects, generates and/or receives the following categories of personal data ("Other Information"):
- Contact information: When you contact us or otherwise communicate with us, we will process your name, email address, phone number, and any additional information which you may provide such as your title and employer.
- Financial data: When you purchase our Services, we will collect the following transaction information: payment card details if payment is done using a payment card, bank account details is payment is done using a wire transfer or ACH, details of the amounts paid or refunded, dates of payments and the services purchased.
- Account information: When you create an account on our services or Customer creates an account for you, we will process your email address, first and last name and depending on the log-in method, your password. You may also customize your user profile by adding a profile picture and changing the account settings.
- Usage information: During your interactions with the Platform, we will collect and process information about how Users use or interact with the Site and features and functionality of the Services and Software. For example, we will collect information about the most frequently visited pages, used functionalities, preferred voices and avatars, preferred voice performances and similar information relating to use and interaction, and performance and quality of the Platform.
- Technical data: As with most websites and technology services delivered over the internet, our servers automatically collect information when you access or use our Platform and record it in log files. This log data may include your internet protocol (IP) address, the address of the web page you visited before using the Platform, browser type and settings, the date and time the Platform was used, information about browser configuration and plugins, and your language preferences. We also receive information from you, our Customers, and other third-parties that helps us approximate your location. We may, for example, use a business address submitted by your employer (who is our Customer) or an IP address received from your browser or device to determine approximate location to assist with localization or for security purposes.
- Cookie information: We use a variety of cookies and similar technologies in our Websites and Services to help us collect Other Information. For more details about how we use these technologies, and your opt-out controls and other options, please visit our Cookie Policy.
- Other information you choose to provide. We also receive Other Information when submitted to our Platform or in other ways, such as responses or opinions you provide if you participate in a focus group, contest, activity or event, feedback you provide about our products or services, information you provide if you apply for a job with Synthesia, enrol in a certification program or other educational program hosted by Synthesia or a vendor, request support, interact with our social media accounts or otherwise communicate with Synthesia.
Generally, no one is under a statutory or contractual obligation to provide any Customer Data or Other Information (collectively, “Information”). However, certain Information is collected automatically and, if some Information, such as Account information, is not provided, we may be unable to provide the Services.
Purposes and legal basis for the processing of personal data
Customer Data will be processed by Synthesia in accordance with Customer's instructions, including any applicable terms in the Agreement, and as required by applicable law. As explained above, in general, Synthesia is a processor of Customer Data and the Customer is the controller.
Synthesia uses Other Information to operate our Platform and business. More specifically, Synthesia uses Other Information for the following purposes and under the following legal bases:
Legal bases for processing
We rely on different legal bases to process your personal data for the purposes described in this Privacy Policy. For each legal basis below, we describe the purposes of our processing (why we process your personal data) and our processing operations (how we process your personal data to achieve each purpose). We also list the categories of your personal data that we process for each purpose.
Performing our contract with you
We process personal data as necessary to conclude and perform our contract with you or the Customer. The categories of personal data used and why and how they are processed are set out below:
Legitimate interests
We rely on our legitimate interests or the legitimate interests of a third party, where they are not outweighed by your interests or fundamental rights and freedoms.
Compliance with a legal obligation
We process personal data to comply with a legal obligation including, for example, to access, preserve, or disclose certain personal data if there is a valid legal request.
Consent
We process personal data as described below when you have given us your consent to do so, which we may ask through in-product experiences, to enable particular features or to enable device-based settings.
Security
We have implemented security procedures and measures to ensure appropriate protection of the personal data we process against any misuse, unauthorised access, disclosure, or modification. More detailed information about our security is available on the Security Practices page on our Site.
Children's privacy
Our Services are intended for a general audience and are not targeted at children under the age of 16 (“minors”). We do not knowingly collect or ask for information from minors and do not knowingly allow minors to use the Platform.
Sharing/Disclosure of personal data
The policies and practices for sharing and/or disclosure of Customer Data to third parties is determined by the Customer. Synthesia has no control over the Customer's or any other third parties' choice to share and/or disclose Customer Data. Synthesia may share and disclose Customer Data in accordance with a Customer's instructions, including any applicable terms in the Master Subscription Agreement and Data Processing Addendum.
In certain circumstances we may share and/or disclose the personal data described in this Privacy Policy.
- Our affiliated companies - we will share your information with our affiliated companies in order to facilitate company business and as part of our regular reporting activities.
- Our service providers - we will share your information with affiliated and unaffiliated service providers which assist us in carrying out the processing activities described in this Privacy Policy. Our service providers include payment processing providers, IT service providers, our auditors, and our legal, accounting and other professional advisors.
- Regulators, law enforcement, public or government authorities, or courts - we will share your information if and to the extent we are required or permitted to do so by law or where disclosure is reasonably necessary to (i) comply with applicable law; (ii) comply with a valid legal request or respond to claims against Synthesia; (iii) respond to a valid legal request relating to a criminal investigation to address alleged or suspected illegal activity, or to respond to or address any other activity that may expose us, you, or any other of our Users to legal or regulatory liability; (iv) enforce and administer our Terms of Service; (v) respond to requests for or in connection with current or prospective legal claims or legal proceedings concerning Synthesia and/or third parties; or (vi) protect the rights, property or personal safety of Synthesia, our employees, our Users, or members of the public.
- Other entities as part of a business transfer - if Synthesia undertakes or is involved in any merger, acquisition, reorganisation, sale of assets, bankruptcy, or insolvency event, then we may sell, transfer, or share some or all of our assets, including your personal data, in connection with such transaction or in contemplation of such transaction, such as due diligence.
International Data Transfers
We may transfer your personal data to recipients located outside of the United Kingdom (“UK”) and European Economic Area (“EEA”).
When we transfer your personal data outside of the UK or EEA, we ensure it benefits from an adequate level of data protection by relying on:
- Adequacy decisions. These are decisions from the European Commission under Article 45 GDPR (or equivalent decisions under other laws) which recognise that a country outside of the EEA offers an adequate level of data protection.
- Standard contractual clauses. The European Commission has approved contractual clauses under Article 46 GDPR that allow companies in the EEA to transfer data outside the EEA. These (and their approved equivalent for the UK and Switzerland) are called standard contractual clauses. We rely on standard contractual clauses to transfer personal data as described in this Privacy Policy to countries without an adequacy decision.
In certain situations, we rely on exceptions provided for under applicable law to transfer personal data to a third country.
You may obtain a copy of these adequacy decisions or standard contractual clauses by contacting us at support@synthesia.io.
Retention of personal data
We will retain Customer Data in accordance with Customer’s instructions (including to perform any applicable terms in the Agreement and through Customer’s use of Platform functionality) and as required by applicable law. The deletion of Customer Data and other use of the Services by the Customer may result in the deletion and/or de-identification of certain associated Other Information.
We may retain Other Information pertaining to you for as long as necessary for the purposes described in this Privacy Policy (such as to provide the Services, including any optional features you use, and to provide customer support). This may include keeping your Other Information after you have deleted your account for the period of time needed for us to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes, and enforce our agreements.
User's Rights
We process all personal data in accordance with the principles of GDPR and especially having in mind your data protection rights, in particular your right, in certain circumstances, to:
- Request access to any data held about you by Synthesia and information relating to how and why it is processed.
- Receive the personal data which you have provided to us in a structured, commonly used and machine-readable format and transmit this personal data to another controller, where such personal data is processed on the basis of consent or contractual necessity and the processing is carried out by automated means.
- Request the restriction of processing of your personal data in certain circumstances.
- Withdraw your consent at any time, where processing is based on your consent, without affecting the lawfulness of processing based on such consent before the consent is withdrawn.
- Ask to have inaccurate personal data rectified, or completed if it is incomplete.
- Request the erasure of your personal data where data is no longer required for the original purpose or where you have withdrawn your consent, and no other lawful processing grounds apply.
- Object to the processing of your personal data in certain circumstances.
- Not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. You may exercise these rights by contacting us at support@synthesia.io.
Where we are required to provide a copy of your personal data, this will be free of charge; however, any further copies requested may be subject to a reasonable fee based on administration costs.
Where we stop processing personal data or delete your personal data, it will possibly mean that you are unable to continue using or contributing to the provision of some of our Services, and you will be notified accordingly.
Where we rectify or erase your personal data or restrict any processing of such personal data, we may be required to notify certain third-parties to whom such personal data has been disclosed.
You have the right to lodge a complaint with the Information Commissioner's Office at 0303 123 1113 or via live chat at ico.org.uk/livechat or with your local supervisory authority.
We do not sell or rent personal information to any third-party.
Changes to the Privacy Policy
We reserve the right to change our Privacy Policy at any time. The current version of the Privacy Policy is available on the Website, indicating the effective date in the heading. We will notify you of any material changes, as appropriate, and update the effective date in the heading of this Privacy Policy. You are encouraged to check our Privacy Policy periodically.
Need more help?
If you need assistance with Synthesia or have a question about our products or services, please contact our customer support team.