Syntrio’s Privacy Policy

Last updated on September 25, 2025

Corporate History

In January 2024, Syntrio, Inc., (“Syntrio”) was acquired by Mitratech Holdings, Inc. This Privacy Policy (“Policy”) applies to Syntrio, Inc. (and its products and services), a subsidiary of Mitratech Holdings, Inc. and only for the www.syntrio.com website.

The term “Syntrio” used in this Policy will mean Syntrio, Inc., but will also refer to Syntrio’s affiliates : Syntrio Enterprises, LLC, Lighthouse Services, Inc.; In Touch Communication Services, LLC; Lighthouse Services, LLC; “Syntrio” or “Syntrio”,or “Us”.

Syntrio Enterprises, LLC, Lighthouse Services, Inc.; In Touch Communication Services, LLC; Lighthouse Services, LLC are also adhering to the EU-U.S. DPF Principles, including as applicable under the UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF Principles.

Introduction

Syntrio provides eLearning content and anonymous hotline services and products to its customers. In January 2024, Syntrio was acquired by Mitratech Holdings, Inc.

This Policy relates to personal information (i.e., information that identifies a specific individual) and related data that Syntrio collects or otherwise receives, through its website, directly from customers and through other means.

Before Syntrio uses personal information for any purpose not outlined in this policy, Syntrio will provide individuals with a clear and conspicuous statement explaining:

  • The specific purpose for which the personal information will be used.
  • Any third parties to whom the information may be disclosed.
  • The choices available to individuals to limit or opt out of such use or disclosure.
  • Individuals will be given the opportunity to review and consent to the new use or disclosure beforeany action is taken.

Syntrio is committed to adhering to the Principles of the EU-U.S. data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. data Privacy Framework (Swiss-U.S. DPF), for all personal data received from the European Union in reliance on the framework. This includes ensuring that such personal data is handled in accordance with the Privacy Principles, as outlined by the U.S. Department of Commerce. Syntrio complies with the EU-U.S. data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Syntrio has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Syntrio has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

1. Information Syntrio Collects

Syntrio collects and otherwise receives the following types of personal information and related data:

Syntrio processes personal information related to its customers’ employees for confidential and anonymous concerns reporting and administration and educational purposes, which generally includes name, email, employee ID number, and limited employee demographic data, the information that may be provided by the user may include name, email address, telephone number and address.

Depending on the request and other circumstances, other information may also be collected. It is the user’s discretion and determination whether to provide such information. Syntrio may collect information from users automatically when they contact us, which may include the name of the domain and host from which the users accesses the Internet; the Internet protocol (IP) address of their computer; the type of browser and software operating system being used; web log data, including the date and time of access to our website; the Internet address of the website from which the user linked to our site; and the phone number which the user called from.

Hotline Services

Syntrio collects information from clients’ employees and other related parties to report ethics and compliance violations. Information can be submitted to Syntrio via web form, facsimile, mail, email, text message and telephonically. Syntrio may collect information from users automatically when they contact us, which may include the name of the domain and host from which the users accesses the Internet; the Internet protocol (IP) address of their computer; the type of browser and software operating system being used; web log data, including the date and time of access to our website; the Internet address of the website from which the user linked to our site; and the phone number which the user called from.

For most communications with Syntrio regarding its hotline services, we do not require PII (“Personally Identifiable Information”). There are opportunities where the user will be given the option to provide PII. The information that may be provided by the user may include name, email address, telephone number and address. Depending on the request and other circumstances, other information may also be collected. It is the user’s discretion and determination whether to provide such information.

Syntrio may disclose aggregated data and statistics in order to describe the use of our services to our prospective and existing clients, partners, and other third parties, and for other lawful purposes. Syntrio may disclose part or all of a user’s PII when Syntrio believes, in good faith, that the law requires such disclosure. Additionally, Syntrio is required to disclose PII in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In most cases Syntrio does not require a user to provide PII to use our services. By choosing to provide PII, the user agrees to the terms of this Policy.

Syntrio does not share any specific user information outside of Syntrio and/or its authorized third-party service providers and/or subprocessors required to provide the Syntrio services.

If a user of the Syntrio services does not wish for their data to be disclosed to the person/organization that provides the user access to the Syntrio services, then the user shall directly contact such person/organization, and provide us with a written notice of the user’s right to opt-out of such sharing. If the user opts-out to such sharing, Syntrio cannot guarantee that the services will still be available to that user.

Anonymous Syntrio Site Data

Syntrio uses tracking technologies on its website to provide our visitors with certain features, to better understand how visitors use our website, and to advertise to visitors, sometimes through relationships with third parties, such as Google or Yahoo. Our website visitors are able to control certain tracking technologies through their own browsers they use to visit our website.

External Links

Syntrio’s website may provide links to other organizations’ websites. Syntrio is not responsible for these organizations’ privacy practices or their website content.

Syntrio also processes prospect and customer personal information for marketing and customer service purposes, which may include name, telephone number, and email, as well as website visitor tracking data. Syntrio discloses this personal information to vendors for sub-processing purposes to provide customer service.

  • Customer Service: Syntrio receives directly from business customers personal informationrelated to their employees and third parties through its learning management system (LMS) andonline courses. This data may include: name, email, employee number, department, function, andother non-sensitive Personally Identifiable Information (PII) pertaining to an employee’sdemographic characteristics. In addition, Syntrio records certain education information such asemployee course completion, course bookmark, course quiz score, course review, and other datathat enables the customer to understand their employees’ performance and to help Syntrioimprove its course quality.Syntrio receives and processes confidential and anonymous hotline reports. The informationcontained on an anonymous hotline report may contain PPI. Confidential and anonymous hotlinereport information can contain name, email, employee information, and complainant detailsregarding the incident being reported.

    Customers may directly input PII, including Sensitive PII, into the Case Management System attheir own discretion. Syntrio does not collect this information on behalf of the customer. Syntriostaff may access this information for technical maintenance purposes only. This staff have signedconfidentiality agreements with respect to protection and non-disclosure of this information.

  • Marketing: Syntrio subscribes to various services that provide individuals’ names, titles, businessemail addresses and other contact information of prospective and current customers formarketing purposes. Syntrio gathers customer and prospect names, telephone numbers, emailaddresses and related contact information at trade shows and other events. Syntrio gathers theabove contact information from visitors to our website when these individuals provide this data tous directly.

2. General Use of Data

In general, Syntrio may use data to provide the sites and services, to perform contractual agreements with partners, clients and users, and for related business purposes, such as, product development, marketing, legal compliance, and other similar business and legal purposes, such as:

  1. To provide the site and services;
  2. To operate, maintain, improve, or personalize the services or other products and servicesSyntrio offer;
  3. To provide customer service or support, or respond to individual’s comments, questions andrequests;
  4. To send technical notices, updates, security alerts, and support or transactional messages;
  5. To share aggregate, de-identified or anonymized data with authorized third-parties;
  6. To communicate with the individual about products, offers, promotions, rewards, and eventsSyntrio or others offer, or provide news and information Syntrio thinks will be of interest toclients, unless the individual have opted-out;
  7. To monitor and analyze trends, usage, and activities in connection with Syntrio’s services;
  8. To provide advertisements about content or features more relevant to individuals, unlessopted-out;
  9. To assess the effectiveness of and improve advertising and other marketing and promotionalactivities on or in connection with the services;
  10. To process client’s transactions and send related information, such as confirmations andinvoices;
  11. To refer clients to affiliates to which client request or consent;
  12. To help Syntrio develop new products and services or improve Syntrio existing products andservices;
  13. To power, provide and/or develop solutions, offerings, products and/or services powered byartificial intelligence and/or machine learning;
  14. To provide data insights to a client’s partner or sponsor;
  15. To enforce our agreements with you, and other applicable agreements or policies; and
  16. To carry out any other lawful purpose for which information was collected.

Syntrio may be required to disclose personal information in response to a lawful request by public authorities, court order, subpoena, judgment, and/or demand, including to meet national security or law enforcement requirements.

3. Accountability for Onward Transfers of Data

Syntrio may disclose personal data received under the Data Privacy Framework to third-party agents or contractors who perform tasks on our behalf and under our instructions. Such tasks include providing the Hotline services. These third parties are contractually obligated to use the data solely for the purposes specified by Syntrio.

Syntrio provides personal information to the following types of third parties for the identified purposes to:

Business partners, serving as sub-processors, to assist us in delivering our products and services to customers. In transferring personal information to these parties as sub-processors, we:

  • Only provide data for limited and specific purposes related to delivering our products andservices or other company operations;
  • Take reasonable steps to ensure the sub-processor effectively processes this data in amanner consistent with our duties under this Policy;
  • Require the sub-processor to notify us if it makes a determination that it can no longermeet obligation commensurate with this Policy;
  • Will provide a summary or a representative copy of relevant privacy provisions of ourcontract with that agent to the U.S. Department of Commerce upon request.

In the event of an onward transfer of personal data, Syntrio shall ensure that the recipient of the data is bound by appropriate contractual obligations that provide the same level of data protection and confidentiality as outlined in this Policy and any applicable law.

In the event that the onward transfer involves transferring personal data to a third country or an international organization, Syntrio will ensure that appropriate safeguards are implemented, including but not limited to the use of Standard Contractual Clauses (SCCs).

Syntrio remains liable under the Data Privacy Framework Principles if any third-party agent processes personal data in a manner inconsistent with the Data Privacy Framework Principles, unless Syntrio can demonstrate that it is not responsible for the event giving rise to the damage.

4. User Data Rights

Syntrio processes information on behalf of its partners, clients and users. Syntrio will only use an individual’s data if Syntrio has a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity, and our legitimate business interests or the legitimate interest of others, as further described below. The individual has the right to request that the individual’s personal information or data not be processed by us. However, this may impair the quality and deliverability of our services.

Syntrio seeks to maintain the accuracy, completeness and relevance of personal information it maintains. It provides individuals subject to this data with an opportunity to review their personal information, upon request, to ensure that it is accurate, complete, current, timely and reliable for its intended use. Syntrio will work with these individuals to ensure personal information meets these objectives.

Individuals have certain rights with respect to their data, and want to help the individuals review and update their information to ensure it is accurate and up-to-date. Syntrio may limit or reject individual’s request in certain cases, such as if it is frivolous, unverified or unduly burdensome, if it jeopardizes the rights of others, if it is not required by law, or if the burden or expense of providing access would be disproportionate to the risks to individual privacy in the case in question, or if it materially alters the way Syntrio provide the Syntrio Services to the individual. In some cases, Syntrio may also need the individual to provide us with additional information, which may include personal information, to verify the individual’s identity and the nature of the individual’s request. Syntrio will take reasonable steps to respond to all requests within 30 calendar days.

If the individual wish to exercise any of the following rights, the individual may do so by contacting Syntrio at [email protected]:

  1. Access
    The individual can request more information about the data Syntrio hold about the individual and request a copy of such data. Individuals also can raise any complaints regarding the Company’s data privacy practices as follows. The Company will respond within a reasonable time to any request or complaint, not to exceed 45 days. Individuals can contact the following regarding any questions or complaints regarding their personal information: https://www.syntrio.com/success-center/
  2. Rectification
    If the individual believes that any personal information that we hold about the individual is incorrect or incomplete, the individual can request that Syntrio correct, edit or supplement such information.
  3. Erasure
    The individual can request that Syntrio delete some or all of the individual’s personal information from our systems. Please note that if the individual requests the deletion of information required to provide the service to the individual, the individual’s account will be deactivated and the individual may lose access to the service, forfeiting all refunds, credits and other outstanding or earned items. If any personally identifiable data is collected through the use of the services, Syntrio will ensure that it is destroyed, returned, or modified to make it unreadable or indecipherable, at the end of individual’s use of the services, unless required to be retained and maintained in original form pursuant to law enforcement, legal proceeding, court order or subpoena. Disposition shall include (1) the shredding of any hard copies of any personal information or data; (2)erasure, freezing, anonymization or de-identification; or (3) otherwise modifying the personal information in those records to make it unreadable or indecipherable.
  4. Portability
    The individual can ask for a copy of the individual’s personal information to be provided to the individual in a machine-readable format. The individual can also request that Syntrio transmit the data to another controller where technically feasible.
  5. Withdrawal of Consent
    If Syntrio is processing an individual’s personal information based on individual’s consent(as indicated at the time of collection of such data), the individual has the right to withdraw individual’s consent at any time by writing to us. Please note, however, that if the individual exercises this right, the individual may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of the individual’s personal information, if such use or disclosure is necessary to enable the individual to utilize some or all of our Services.
  6. Objection
    The individual can contact us to let us know that the individual objects to the further use or disclosure of the individual’s personal information for certain purposes, such as for marketing purposes.
  7. Restriction of processing
    The individual can ask us to restrict further processing of individual personal information.
  8. Opt out of marketing electronic communications
    The individual may opt out of receiving newsletters and other marketing communications by using the “unsubscribe” function included in all such emails. However, the individual will continue to receive notices and transactional emails so long as the individual has an account with Syntrio.
  9. Disable cookies
    The individual can disable cookies before visiting the sites. However, if the individual does so, the individual may not be able to use certain features of the website properly. The individual also has the right to file a complaint about Syntrio’s data and/or privacy practices with respect to the individual’s personal information with the supervisory authority of the individual’s jurisdiction.

Choice

Individuals from whom Syntrio collects and for whom it maintains personal information may limit use and disclosure of this personal information through the following:

  • To be disclosed to a third party, other than as an agent, or
  • To be used for a purpose that is materially different from the purpose(s) for which it was originallycollected or subsequently authorized by the individuals.

Syntrio provides opt-out mechanisms in related communications that allows individuals to remove themselves from future or unrelated communications. Individuals can always contact us directly to exercise their choice regarding these communications. Specifically, we provide an opt-out mechanism where we intend to share an email address with a third-party for a purpose other than that for which the personal information was collected.

Note that Syntrio must process certain personal information to provide its products and services to its customers. For example, Syntrio may need to provide product/service update information to fulfill the terms of its service. In such situations, no opt-out mechanism is available, other than cancelling the product or service.

For sensitive personal information: If Syntrio collects sensitive personal information, such as personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual, we

will provide an opt-in mechanism before using it or sharing it with third parties if such use would be for a purpose other than what it was intended for when initially collected.

To the extent permitted or required by applicable law, the individual can opt-out of having the user information shared with a third party, by contacting us at [email protected]. However, please note that opting-out of information sharing or collection may affect the user ability to use the Syntrio services.

5. Security

Syntrio takes reasonable and appropriate measures to protect personal information that it creates,maintains, uses or disseminates from loss, misuse and unauthorized access, disclosure, alteration anddestruction, taking into due account the risks involved in the processing and the nature of the personaldata.

6. Data Integrity and Purpose Limitation

Data Processing: Personal information is limited to the information that is relevant for the purposes ofprocessing.

Syntrio strives not to process personal information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the individual. To the extent necessary for those purposes, Syntrio takes reasonable steps to ensure that personal information is reliable for its intended use, accurate, complete, and current. Syntrio adheres to the Principles for as long as it retains such information.

Data Retention: Syntrio retains personal information in a form identifying or making identifiable the individual only for as long as it serves a purpose of processing. Syntrio takes reasonable and appropriate measures in complying with this provision.

7. Policy Changes

Syntrio may change this policy to remain consistent with governing law and other good practices of dataprivacy protection. When changes are made to this Policy, the company will communicate these changesto all employees, update it on the Company’s website and maintain a copy of the previous privacypolicies. The Company will also notify customers of any materials changes to this policy to allow them tomake any choices of how we will use their personal information going forward.

8. Recourse, Enforcement and Liability

Syntrio is subject to the investigatory and enforcement powers of the US Federal Trade Commission(FTC), which has jurisdiction over Syntrio’s compliance with this DPF Notice and the DPF Principles. In compliance with the DPF Principles, Syntrio commits to resolve DPF Principles-related complaints about or collection or use of personal data transferred from our customers in the EU, the UK or Switzerland.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Syntrio commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to Judicial Arbitration and Mediation Services, Inc., an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of Judicial Arbitration and Mediation Services, Inc. are provided at no cost to you. The following link provides additional information regarding binding arbitration: https://www.jamsadr.com/DPF-Dispute-Resolution

 

In addition to any other recourse available herein or under applicable law, users have the right, under certain conditions and subject to conditions set forth in Annex I of Principles, to invoke binding arbitration for complaints regarding the EU-U.S. data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. data Privacy Framework (Swiss-U.S. DPF) compliance. See https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction for further information.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Syntrio commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.

9. Self-Certification

Syntrio will assess its adherence to its privacy policies annually. This assessment include the following:

  •  A review of Syntrio privacy policies for ongoing conformance with applicable law.
  • Review of the personal data that Syntrio collects and means of collecting this data.
  • Inclusion of mechanisms, and related communications, that individuals can review their personaldata, correct it, ask questions or file a complaint.
  • Training for Syntrio employees, based on their degree of involvement with personal data.

10. Business Transfer

If Syntrio should undergo a business transfer, such as a merger, acquisition, divestiture, or other suchaction, that will likely lead to personal information being transferred to a new entity, the company willprovide a notification on our website of any change in ownership or uses of this personal information, aswell as any choices related parties may have regarding this personal information.

This Policy supersedes all prior privacy policies prior to the effective date listed herein. The individual can contact Syntrio to learn more about updates included in this Policy.

11. Contact Us

If the individual have any questions or complaints regarding this Privacy Policy, please feel free to contactus at:

Syntrio, Inc.

Attn: Legal Department – Syntrio 13301 Galleria Circle Bldg. B Suite 200

Bee Cave, TX 78738

Phone: (+1) 888 784 7224

Email: [email protected]

Empower. Automate. Elevate. Mitratech

©2025 Mitratech, Inc. All rights reserved.

Empower. Automate. Elevate. Mitratech

©2025 Mitratech, Inc. All rights reserved.