Legal
Privacy Policy
Last updated: May 2026. This policy explains how Synovo GmbH collects, uses, and protects personal data when you visit synovo.com or contact us.
01 — Controller
Who is responsible for your data
The controller responsible for the processing of personal data on this website and at Synovo GmbH is:
Synovo GmbH
Paul-Ehrlich-Str. 15
72076 Tübingen
Germany
Email: contact@synovo.com
Phone: +49 (0) 7071 539824810
Represented by: Michael Burnet, Managing Director
We have not appointed a Data Protection Officer as we are not required to do so under §38 BDSG.
02 — Processing purposes
When you visit our website
When you access our website (www.synovo.com), the browser on your device automatically sends information to our website's server. This information is temporarily stored in a log file. The following data is collected without any action on your part and stored until automated deletion:
• IP address and host name of the requesting device
• Date and time of access
• Name and URL of the file accessed
• Website from which access was made (referrer URL)
• Browser used (type and version) and, where applicable, the operating system of your device and the name of your access provider
This data is not combined with other data sources.
We collect and process the data listed above for the following purposes:
• Ensuring a smooth connection to the website
• Ensuring comfortable use of our website
• Evaluating system security and stability
• For further administrative purposes
The legal basis for data processing is Art. 6 (1) (f) GDPR. Our legitimate interest follows from the purposes listed above. We do not use this data to draw conclusions about you personally.
Server log files are retained by our hosting provider only for as long as necessary to ensure the security, stability, and proper functioning of the website, and are deleted thereafter through automated processes. The data is not used to identify individual visitors.
03 — Contact form
When you submit our contact form
Our website includes a contact form that allows you to send us inquiries about our services. When you submit this form, the following data is collected and transmitted to us:
• Your name
• Your email address
• The name of your company or organization
• The content of your message
We process this data for the sole purpose of responding to your inquiry and any follow-up communication that arises from it. The legal basis for this processing is Art. 6 (1) (b) GDPR, as the processing is necessary for taking steps at your request prior to entering into a possible contractual or service relationship. Where your inquiry does not relate to a potential service engagement, the legal basis is our legitimate interest in responding to communications addressed to us under Art. 6 (1) (f) GDPR.
Submitted form data is transmitted via our website hosting infrastructure and delivered to a company mailbox hosted on Microsoft 365 (Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland). Microsoft acts as our processor under Art. 28 GDPR. Microsoft may process data on infrastructure located in the United States; this transfer is safeguarded by the EU Commission's Standard Contractual Clauses (SCCs) and Microsoft's EU Data Boundary commitments.
We retain inquiry messages and the associated data only for as long as necessary to handle your inquiry and any reasonable follow-up communication. Once the matter is resolved and no further contact is required, the data is deleted, unless statutory retention obligations apply (for example, retention periods under tax or commercial law for communications that lead to a contractual relationship).
Providing your data is voluntary, but without your name, email address, and a message we cannot respond to your inquiry. You may withdraw your consent or object to further processing at any time by emailing contact@synovo.com.
04 — Cookies
Cookies and similar technologies
Our website uses only strictly necessary cookies and similar technologies that are required for the site to function correctly — for example, to maintain session state or remember basic display preferences. These do not require your consent under §25 (2) TTDSG.
We do not use analytics, advertising, or tracking cookies, and we do not load third-party scripts that set cookies on your device. If this changes in the future, we will update this policy and request your consent before any non-essential cookies are set.
You can configure your browser to block or delete cookies at any time. Blocking strictly necessary cookies may affect basic site functionality.
[TODO: Cookie inventory. Once the Framer site is live, check the deployed site in an incognito browser (DevTools → Application → Cookies) and list each cookie here — name, purpose, and retention period. Framer typically sets only essential cookies in its default configuration.]
05 — Disclosure
Sharing your data with third parties
We do not transfer your personal data to third parties for purposes other than those listed below.
We only share your personal data with third parties if:
• You have given your explicit consent under Art. 6 (1) (a) GDPR
• Disclosure is necessary under Art. 6 (1) (f) GDPR to assert, exercise, or defend legal claims, and there is no reason to assume that you have an overriding legitimate interest in non-disclosure
• There is a legal obligation to share data under Art. 6 (1) (c) GDPR
• It is legally permissible and necessary under Art. 6 (1) (b) GDPR for the performance of contracts with you
Our website is hosted by Framer B.V. (Keizersgracht 585, 1017 DR Amsterdam, Netherlands), which acts as our processor under Art. 28 GDPR for the purpose of website hosting. Framer's hosting infrastructure is operated on Amazon Web Services (AWS) in the United States, which means a transfer of personal data to a third country outside the EU/EEA takes place. This transfer is safeguarded by the EU Commission's Standard Contractual Clauses (SCCs) as set out in Implementing Decision 2021/914, incorporated into our data processing agreement with Framer. We do not currently engage other processors and do not transfer your personal data to other third parties beyond the cases described above.
06 — Your rights
Rights of data subjects
Any person whose data we have collected or stored is entitled:
• Under Art. 15 GDPR, to request information about the personal data we process about you. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing, or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, where applicable, meaningful information about its details
• Under Art. 16 GDPR, to request without undue delay the rectification of inaccurate personal data or the completion of your personal data stored with us
• Under Art. 17 GDPR, to request the erasure of your personal data stored with us, unless processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defence of legal claims
• Under Art. 18 GDPR, to request the restriction of the processing of your personal data, where the accuracy of the data is contested by you, processing is unlawful but you object to erasure, we no longer need the data but you require it to establish, exercise, or defend legal claims, or you have objected to processing under Art. 21 GDPR
• Under Art. 20 GDPR, to receive your personal data, which you have provided to us, in a structured, commonly used, and machine-readable format, or to request its transmission to another controller
• Under Art. 7 (3) GDPR, to withdraw your consent at any time. This means that we may no longer continue the data processing based on this consent in the future
• Under Art. 77 GDPR, to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence, your workplace, or our company headquarters. The competent authority for Synovo is the State Commissioner for Data Protection and Freedom of Information Baden-Württemberg (Landesbeauftragter für den Datenschutz und die Informationsfreiheit Baden-Württemberg), Königstraße 10a, 70173 Stuttgart, Germany
07 — Objection
Right to object
If your personal data is processed on the basis of legitimate interests under Art. 6 (1) (f) GDPR, you have the right under Art. 21 GDPR to object to the processing of your personal data, provided there are grounds arising from your particular situation, or where the objection is directed against direct marketing. In the latter case, you have a general right of objection that we will implement without you having to provide a particular situation.
To exercise your right of withdrawal or objection, an email to contact@synovo.com is sufficient.
08 — Automated decisions
No automated decision-making
We do not process your personal data in a way that one or more personal attributes of your data are read out and used for automated decision-making (profiling).
09 — Security
Data security
We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized third-party access. Our security measures are continuously improved in line with technological developments.
10 — Changes
Validity and changes to this policy
This privacy policy is currently valid and was last updated in May 2026.
Due to the ongoing development of our website and offerings, or due to changed legal or regulatory requirements, it may become necessary to amend this privacy policy. The current privacy policy can be accessed and printed at any time on the website at synovo.com/privacy-policy.
Questions
Contact us about your data
If you have questions about this privacy policy or how we handle your personal data, write to contact@synovo.com or call +49 (0) 7071 539824810.