PRIVACY POLICY
Last modified: 30/11/2025
The company SYNC SIGNAL SINGLE MEMBER P.C., having its registered office at 23 Miaouli Street, Lykovrysi, Postal Code 14123, General Commercial Registry (G.E.MI.) No.: 187067403000 (hereinafter referred to as «Sync Signal», «Company», «we»), operates the Sync Signal application and acts as the Data Controller for the personal data collected through the application and its related services. We make every effort to offer a secure and reliable experience to our users, processing the personal data we receive responsibly, transparently, and in accordance with applicable legislation.
This Privacy Policy (hereinafter "Policy") is addressed to:
users of the application,
individuals designated as emergency contacts,
and any natural person interacting with Sync Signal's services. Through this Policy, the Company explains the terms under which it collects, stores, uses, shares, and generally processes your personal data. The processing is carried out in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679 – «GDPR»), Law 4624/2019, as well as the Guidelines and decisions of the Hellenic Data Protection Authority (HDPA). For any questions or issues regarding this Policy or the processing of your personal data, you may contact us at the email address: apps@syncsignalapp.com
1. What is Personal Data?
The term "personal data" refers to any information relating to an identified or identifiable natural person, i.e., information of natural persons, such as name, postal address, email address, telephone number, etc., which identifies or can identify your identity.
2. What personal data do we collect?
The categories of personal data we collect depend on how you use the Sync Signal application and its individual functions (e.g., registration, adding emergency contacts, activating the panic button). Sync Signal collects and processes only the absolutely necessary data for the provision of its services and for the purposes described in this Policy. Depending on the use of the application, we may collect the following categories of personal data:
a. Account Data: Upon your registration in the application, we collect your full name, gender, date of birth, email address, and mobile phone number.
b. Location Data: Current location, location history. The application collects location data only when you activate the panic button. We do not perform continuous tracking.
c. Audio, Video, and Image Data: Upon activation of the panic button, the following may be collected: audio data, video, time, and date of recording. These data are sent to emergency contacts and stored for a limited time for incident documentation purposes.
d. Emergency Contact Data: When you define emergency contacts, we collect: the contact's full name, mobile phone number, email, and approval/registration status in the application. Contacts must accept their role through the application.
e. Technical and Statistical Data: During the use of the application, we collect unique device identifiers (device ID), device/operating system details, connection details (IP, timestamps), push notifications token, crash logs, and application usage data.
f. Communication Data with the Company: If you contact us for support or service, we may collect your full name, contact details, and the content of the communication.
g. Any other information you choose to provide us when using the application or interacting with us.
3. For what purposes do we process your data and what is the legal basis for processing?
3.1. Your personal data is collected and processed by Sync Signal exclusively for purposes related to the operation and provision of the application's services. The processing is based on the legal bases of the General Data Protection Regulation (GDPR), as listed below:
| Processing Purpose | Explanation | Legal Basis |
|---|---|---|
| User account creation and management | We use registration details (name, age, email, phone number, password) to create your account and provide you access to the application's functions. | Performance of a contract (Art. 6(1)(b) GDPR) |
| Definition and management of emergency contacts | We process the details of the contacts you select so that they can be notified in case of an SOS. | Performance of a contract (Art. 6(1)(b) GDPR) |
| Panic Button Activation - Sending notifications to contacts | When you activate the panic button, we process your location and audio/video to notify your emergency contacts. | Performance of a contract (Art. 6(1)(b) GDPR) |
| Notification of nearby users | We process the location of the incident to inform other users within a 1 km radius that a person may be in danger. | Performance of a contract (Art. 6(1)(b) GDPR) |
| Storage of SOS data (audio/video/location) | We store this data for a limited time when SOS is activated, to be used as evidence in the event of an incident or investigation. | Consent (Art. 6(1)(a) GDPR) |
| User Support | Contact details are used to respond to support requests and for operational communication regarding the use of the application. | Performance of a contract (Art. 6(1)(b) GDPR) |
| Sending newsletters | Only with your explicit consent, we use your email to send updates regarding new features, improvements, and services of the application. | Consent (Art. 6(1)(a) GDPR) |
| Service Improvement | We use pseudonymized data to analyze app usage and improve it. | Legitimate Interest (Art. 6(1)(f) GDPR) |
| Management of legal obligations and compliance | Your data may be used for accounting obligations, tax compliance, or to respond to requests from Authorities. | Compliance with a legal obligation (Art. 6(1)(c) GDPR) |
| Management of complaints and legal claims | Certain data may be used for the investigation of incidents, the establishment or defense of legal claims. | Legitimate Interest (Art. 6(1)(f) GDPR) |
3.2. It is noted that when processing is based on your consent, you have the right to withdraw it at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
3.3. In any case, if you wish to be informed about the legal basis under which we process your personal data, or if you have objections regarding it, you can contact us at the email address apps@syncsignalapp.com for further clarifications.
4. To whom do we transfer your data? For the operation of Sync Signal, we may transfer personal data to third-party partners acting either as Data Processors or as independent Data Controllers. We transfer only the absolutely necessary data, and all partners are bound by Data Processing Agreements (DPA) in accordance with Article 28 of the GDPR. 5. Data Transfers outside the European Economic Area (EEA) Some of our partners and providers may be located in countries outside the European Economic Area (EEA). In such cases, Sync Signal ensures that any transfer is carried out in accordance with Articles 44-49 of the GDPR, applying the necessary legal safeguards, such as:
- Adequacy Decisions by the European Commission, when the transfer is to a country or organization recognized as providing an adequate level of protection (Art. 45 GDPR).
- Standard Contractual Clauses (SCCs) approved by the European Commission, when there is no adequacy decision.
- Supplementary technical and organizational measures, such as encryption during transfer and storage, pseudonymization, and limited access.
- Data minimization prior to transfer, so that only absolutely necessary data is sent.
- Transfer Impact Assessment, where required, to assess the risks associated with the destination country. We do not perform transfers outside the EU without a clear legal basis and without ensuring that the level of protection of your data is equivalent to that provided by European law. If you wish to receive information about specific providers or the safeguards applied to each transfer, you can contact us at: apps@syncsignalapp.com
6. How long do we keep your data? When do we delete your data?
6.1. We retain your personal data only for as long as necessary to achieve the processing purposes described in this Policy, unless the law requires a longer retention period. Specific retention periods are defined in Sync Signal's internal Data Retention and Destruction Policy, which applies to all our systems and procedures and is updated regularly.
6.2. Once the purpose for which they were collected has been achieved, your data is securely deleted or anonymized so that your identification is no longer possible, unless there are legal retention obligations or a pending need for retention for the establishment, exercise, or defense of legal claims.
6.3. If you delete your account, Sync Signal will proceed with the deletion or anonymization of all your data in accordance with the internal Data Retention and Destruction Policy, unless a longer retention period is imposed by law or for security reasons.
7. Is your data secure? We take all necessary technical and organizational security measures to protect your personal data from unauthorized access, loss, alteration, or unlawful processing. The principles and measures we apply are described in detail, updated regularly, and include access control procedures, encryption, system monitoring, incident management, and risk assessment.
8. What are your rights? We ensure your rights regarding the processing of personal data and their exercise. You can exercise the following rights in accordance with the terms and specific provisions of Regulation (EU) 2016/679:
Right to information regarding the collection and use of your personal data.
Right of access: You have the right to obtain confirmation as to whether or not your personal data is being processed by us and, if so, you have the right to access your personal data in a concise, intelligible, transparent, and easily accessible form.
Right to rectification of your personal data if it is inaccurate or incomplete.
Right to erasure ("Right to be forgotten") of your personal data upon your request, which will be satisfied without undue delay, unless their processing is necessary for the exercise of the Company's or third parties' legal rights, for the fulfillment of a legal obligation, for reasons of public interest, or for the defense of our legal rights before judicial or other authorities.
Right to restriction of the processing activities of your personal data only to specific purposes, under the conditions set by law.
Right to object at any time and for reasons related to your particular situation, to the processing of personal data concerning you, which is based on Article 6(1)(e) or (f), including profiling based on those provisions. The Company will no longer process your data unless the Company demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims.
Right to data portability, i.e., to receive the personal data concerning you, which you have provided to us with your consent, in order to use them elsewhere.
Right to withdraw consent. In cases where we process your personal data based on your consent, you also have the right to withdraw your consent at any time, with future effect, without this affecting the lawfulness of the processing for the period prior to the withdrawal of your consent. In case of withdrawal of consent, the Company may further process the personal data only in cases where there is another legal ground for the processing.
Right to be informed about breach incidents.
Right to lodge a complaint with the competent Greek independent authority, which is the Hellenic Data Protection Authority, in case you believe that your data protection rights have been violated (dpa.gr).
9. How can you exercise your rights?
9.1. To exercise your rights, we advise you to use the "Data Subject Request Form" according to the instructions contained therein. Alternatively, you can send us your request to the email address apps@syncsignalapp.com with the subject "Exercise of right of access/ rectification/ erasure/ restriction/ objection", describing your request, and we will make sure to examine it and respond to you within 30 days of its receipt, if feasible. Otherwise, we will inform you of any extension of the deadline.
9.2. Identity Verification: To protect the confidentiality of your information, we will ask you to verify your identity before responding to any request you submit based on this Privacy Policy. Proof of your identity should include a copy of an identification document, e.g., ID card, passport, residence permit, and a document certifying your address, e.g., a recent utility bill. If you submit the request on behalf of the data subject, you will need to provide us with proof of the data subject's identity and proof of your right to act on their behalf.
10. When do we respond to your Requests?
**10.1**. We respond to your requests free of charge without delay, and in any case within one (1) month from the time we receive your request. However, if your request is complex or there is a large number of requests, we will inform you within the month if we need to take an extension of another two (2) months within which we will respond to you.
**10.2.** If your requests are manifestly unfounded or excessive, in particular because of their repetitive character, the Company may charge a reasonable fee, taking into account the administrative costs of providing the information or taking the action requested, or refuse to act on the request, justifying the response to you.
**10.3.** In case you do not receive a response within the aforementioned prescribed period, or the response you received was not satisfactory, or your issue has not been resolved, you may address the Hellenic Data Protection Authority (www.dpa.gr).
11. Do we use automated decision-making or profiling?
Sync Signal does not use automated decision-making that produces legal effects or significantly affects you within the meaning of Article 22 of the GDPR. The application's functions (such as activating the Panic Button, sending notifications) rely exclusively on user actions and not on automated algorithms that make decisions without human intervention. The application does not compile behavioral profiles, does not monitor habits, does not create predictive models, and does not use data for automated assessments. Any technical processing for the purposes of improving the application, statistical recording, or error detection is limited, does not create a user profile, and does not produce automated decisions.
If features requiring automated decision-making are introduced in the future, we will inform users in a timely manner and ensure full compliance with Article 22 of the GDPR.
12. What is the applicable law when processing your Data by us?
Applicable Law is Greek Law, as formulated in accordance with the General Data Protection Regulation 2016/679/EU, and generally the applicable national and European legislative and regulatory framework for the protection of personal data. Competent courts for any emerging disputes related to your Data are the Courts of Athens.
13. Where can you appeal if we violate the applicable law for the protection of your Personal Data?
You have the right to lodge a complaint with the Hellenic Data Protection Authority if you consider that the processing of your Personal Data violates the applicable national and regulatory legal framework for the protection of personal data: Hellenic Data Protection Authority, Postal Address: 1-3 Kifisias Ave., Postal Code 115 23, Athens, tel.: 2106475600, email address: contact@dpa.gr
14. Version Information – Changes and Updates
We reserve the right to modify and update this Policy, either in whole or in part, at our absolute discretion at any time. The date of the last modification will always appear at the top of this page. In any case, by visiting and navigating the application, you accept the Policy as it applies.
15. Contact Information
SYNC SIGNAL SINGLE MEMBER P.C.
23 Miaouli Street, Lykovrysi, Postal Code 14123
Email: apps@syncsignalapp.com