Who we are
We are Synthace Ltd, based at WestWorks, 195 Wood Lane, London W12 7FQ.
We are registered with the ICO as a data controller/fee payer under number ZA297709.
Our role
For the most part, Synthace Ltd acts as a Processor only for our clients’ data. That means when we process personal data, we are doing so purely on the instruction of another company (the Controller).
Synthace Ltd, does on occasion, act as a Controller. This is only for the data that we process for our day-to-day internal business operations. It is a small amount of data, and we keep to a minimum the information we hold about you.
This privacy notice refers to the data we process as a Controller only.
Your rights
You have rights in respect of our processing of your personal data. The relevant rights are:
- Right of access: You can request access to a copy of the personal data which we hold about you, as well as details about why and how we use it;
- Right to rectification: You can ask us to change or complete any personal data we hold about you which is inaccurate or incomplete;
- Right to be forgotten/erased: You have a right, under certain circumstances, to ask us to delete any personal data we hold about you. Please note that there may be situations where we must retain your personal data after a request for erasure where we have a lawful basis for doing so;
- Right of restriction: You can ask us to restrict (i.e. prevent) the processing of your personal data where you have objected to our use of it and we have no lawful basis to continue processing your personal data;
- Right of data portability: In certain circumstances, you can ask us to transfer the data we hold about you to another service. This would be sent in a structured, commonly used, electronic form;
- Right to object: You can object to us using your personal data for particular purposes; and
- Automated decision making: You have a right not to be subjected to automated decision making and profiling in certain circumstances.
If you want to exercise any of these rights, please call us on at +44 (0) 20 3976 7676 or send an email to privacy@synthace.com
You also have the right to lodge a complaint about our processing with a supervisory authority—in the UK that is the ICO whose details are here: https://ico.org.uk/make-a-complaint/
Data sharing and transfer
We have a number of processors (such as cloud service providers) who act on our behalf. We have Data Processing Agreements in place with all of these processors to ensure that your data is processed in compliance with the law and only upon our instruction. We never sell your data.
Transfer of your data outside the UK or EEA
We only transfer data outside of the UK or EEA if it is to a country or organisation that is deemed by the UK or EU to have adequate protection of data, or if appropriate safeguards have been put in place, for example EU Standard Contractual Clauses or the UK International Data Transfer Agreement/Addendum. When we rely on these, we also carry out due diligence and transfer impact assessments to ensure they provide enough protection within the local legal framework.
Automated decision making
We do not use your personal data in any automated processes to make decisions about you.
Technical and operational security
At Synthace all our employees are trained in data privacy on a regular basis. All our devices are encrypted. We maintain up to date anti-virus and anti-malware protection. We have a strong password policy and utilise Active Directory to control access. Our premises are protected by CCTV, external security services and security badge access.
What happens if our business changes hands?
We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, depending on the lawful basis, be permitted to use that data only for the same purposes for which it was originally collected by us.
In the event that any of your data is to be transferred in such a manner, you will be contacted in advance and informed of the changes.
Changes to our Privacy Policy
We may change this Privacy Policy from time to time (for example, if the law changes). We recommend that you check this page regularly to keep up-to-date.
If we make any material changes to the manner in which we process and use your personal data, we will contact you to let you know about the change.
Contact us
If you want to talk to us about this, please call the Data Privacy Lead on +44 (0) 20 3976 7676 or send an email to privacy@synthace.com.
Tell me more...
To see more about how we use your personal data, read the notice or notices below which apply best to your relationship with us:
Potential employee privacy notice
Data that we hold and how we use it
As a potential employee we hold the following data on you: contact details, CV, interview notes and test scores, diversity and inclusion information you may provide, and correspondence relating to a potential contract with us.
We also carry out pre-employment/right to work checks, as legally obligated to do so by HMRC and various visa requirement bodies.
For information security assurance we also carry out background screening and DBS checks on anyone in certain roles with privileged security access, hence we hold the results of these checks.
We may also track when you open and interact with emails we send about recruitment or job openings. If you wish to stop receiving emails from us please just let us know.
If you applied for a role with Synthace via any of the systems where we place our vacancies, then the data we hold will have come directly from you.
If we contacted you, then we will have got your details from publicly available sources, in the knowledge that you may be a good fit for our company. We also utilize recruitment platforms to source potential candidates. Once we have your data, we will contact you as soon as we can after receiving it to let you know that we have it, why we have it, and provide you with a link to this privacy notice.
If you are successful in gaining employment with Synthace then you will fall under the Employee Privacy Notice going forward; please refer to the employee handbook.
Lawful basis for processing
Our lawful basis for processing your data is legitimate interest and contract; we use your data to recruit the best candidates for roles at Synthace, to inform our efforts to ensure diversity and inclusion in recruitment, and to draft a contract for successful candidates. For right-to-work check evidence, our lawful basis for processing your data is legal obligation.
Retention Periods
If you are not successful in securing a role, then we will keep your details on our database for a period of up to 12 months.
This policy was last reviewed on 3rd August 2023
Supplier privacy notice
Data that we hold and how we use it
As a supplier to Synthace, we hold the corporate contact and payment details required to carry out our contract with you and data to manage our relationship with you. This data would have been gathered from you directly, although your contact details may have been sourced from a recommendation or another source, with the intention of entering into a contract with you.
Lawful basis for processing
Our lawful basis for processing your data is contract; all data is used to enable us to fulfil our contract with you, including paying you and managing our relationship with you.
We may also share your details if someone asks us to recommend a good supplier. When this happens, our lawful basis is legitimate interest.
Retention Periods
We store your data for as long as you are a supplier with us or likely to be a supplier in the future, plus six years in case of dispute.
This policy was last reviewed on 3rd August 2023
Client privacy notice
Data that we hold and how we use it
Data that we hold about clients will be mainly corporate information rather than personal data, but we do hold the name and contact details of the individuals we have a working relationship with.
As a client, we hold the contact and payment details required to carry out our contract with you, manage our relationship and keep you up to date with changes and improvements to our services. This data would have been sourced from you directly.
We may record client calls to assist with managing our service delivery and relationship with you, and for training purposes.*
We may hold information about clients’ employees who are end users of the product, for usability testing, in which case we hold contact details, information about your use of the product, and feedback shared you with us.*
Lawful basis for processing
Our lawful basis for processing your data is contract or legitimate interest; all data is used to enable us to fulfil our contract with you and manage our relationship.
*In the case of recording calls and usability testing, our lawful basis is consent; you have given clear consent for us to process your data for a specific purpose.
Retention Periods
We store your data for as long as you are a client, then six years in case of dispute/ after you cease to be our client.
This policy was last reviewed on 3rd August 2023
Potential clients privacy notice
Data that we hold and how we use it
As a potential client, we process your name, corporate email address, corporate phone number, company you work for, geographic location and potential area of interest.
We would have sourced this data from you completing a form on our website, previously attending an event, or from research we have done based on your company website and any subsequent LinkedIn conversation.
It is possible that your data came to us as a referral from a Third Party. If this is the case, then that Third Party will have informed you that they were passing your details to us, and will have named Synthace as the recipient.
We use the data to invite you to participate in our events and to contact you about our services.
We may also track when you open and interact with marketing emails we send. If you wish to stop receiving emails from us please just let us know.
Lawful basis for processing
Our lawful basis for processing your data is a Legitimate Interest for marketing purposes. As you are a corporate entity, we also abide by the Privacy and Electronic Communications Regulations (PECR). We give you the chance to opt out of all marketing on anything that we send you. We only share details of our own goods and services in our marketing. If your data was not sourced directly from you, then we contact you once we have the data to let you know that we have your data and give you the chance to opt out. Our legitimate interest balancing test indicates that this is a legitimate purpose: you would not be surprised to hear from us based on the nature of your job role, and our processing does not cause any harm or risk to you as a data subject.
Retention Periods
We will process your data until such a time when we are aware that you are no longer a potential client (either you are a new client or you have told us that you have no interest now, or in the future, in our services). We hold data on Potential Clients for 5 years, or until the point at which you opt out of communications. At this point you are added to a suppression list so we do not contact you again. When you become a Client, then that Privacy Notice will apply.
This policy was last reviewed 1st August, 2023
Newsletter subscriber or event attendee privacy notice
Data that we hold and how we use it
If you registered for our newsletter, a webinar or a face-to-face event then we will process your name, corporate email address, company you work for, geographic location and area of interest.
At face-to-face events there may also be photographs taken, in which case we will let you know at the time how to opt out. Dietary requirement data will also be collected if appropriate.
We use the data to enable you to participate in our events and ensure a positive experience for you. Your data is also used to send you a follow up survey and to stay in touch with you via our newsletter or emails about our company journey and relevant goods and services. You are given the chance to opt out of this at the point at which we collected the data, and then in every subsequent communication.
Lawful basis for processing
Our lawful basis for processing your data is a Legitimate Interest for marketing purposes. As you are a corporate entity, we also abide by the Privacy and Electronic Communications Regulations (PECR). We give you the chance to opt out of all marketing on anything that we send you. We only share details of our own goods and services in our marketing. If your data was not sourced directly from you, then we contact you once we have the data to let you know that we have your data and give you the chance to opt out. Our legitimate interest balancing test indicates that this is a legitimate purpose: you would not be surprised to hear from us based on the nature of your job role, and our processing does not cause any harm or risk to you as a data subject.
Retention Periods
If you opted out of marketing and just attended an event, then we store your data for up to five years. This makes it easier for us to have a more relevant discussion with you if you then become a client.
If you ask to unsubscribe from our newsletter/marketing, we will move your details to our suppression list to ensure that we don’t accidentally contact you again in the future. If you become a Client, then that Privacy Notice will apply.
This policy was last reviewed on 3rd August 2023.
Onsite visitor privacy notice
Data that we hold and how we use it
When you visit our premises, we process your name and the company you work for, the time and date of your visit and who you are visiting. This is used for safety and security reasons to ensure we know who is entering our offices and to notify us of your arrival. CCTV footage is recorded at the WestWorks site as a security and crime prevention measure. WestWorks site is the Controller of the CCTV data in the communal areas and can be contacted through this address: White City Place, 195 Wood Lane, London W12 7FQ. Telephone: 0203 892 9901 during normal business hours. Synthace is the Controller of CCTV within our offices.
Lawful basis for processing
Our lawful basis for processing your data is legitimate interest;
Retention Periods
Synthace does not hold data about our visitors.
CCTV footage where Synthace is the Controller is kept for 30 days. Data is then overwritten after 30 days.Investor privacy notice
Data that we hold and how we use it
As an investor or private shareholder in Synthace, we hold your contact and investment details. This data will have been sourced directly from you in the course of your investment.
We use this data to pass to the regulators*, to issue your share certificates** and to manage our relationship with you***.
Lawful basis for processing
Our lawful basis for processing your data is:
* legal obligation
** contractual obligation
*** legitimate interest
Our legitimate interest balancing test indicates that this is a legitimate purpose; you would not be surprised to hear from us based on the nature of our relationship, and our processing does not cause any harm or risk to you as a data subject.
We share your contact details in line with our regulatory requirements, so it will be listed in official documents such as company filings and would be used in any potential data room.
Retention Periods
As a shareholder/investor we hold your information for as long as we are legally required to do so.
This policy was last reviewed on 3rd August 2023.
Potential employee privacy notice
Data that we hold and how we use it
As a potential employee we hold the following data on you: contact details, CV, interview notes and test scores, diversity and inclusion information you may provide, and correspondence relating to a potential contract with us.
We also carry out pre-employment/right to work checks, as legally obligated to do so by HMRC and various visa requirement bodies.
For information security assurance we also carry out background screening and DBS checks on anyone in certain roles with privileged security access, hence we hold the results of these checks.
We may also track when you open and interact with emails we send about recruitment or job openings. If you wish to stop receiving emails from us please just let us know.
If you applied for a role with Synthace via any of the systems where we place our vacancies, then the data we hold will have come directly from you.
If we contacted you, then we will have got your details from publicly available sources, in the knowledge that you may be a good fit for our company. We also utilize recruitment platforms to source potential candidates. Once we have your data, we will contact you as soon as we can after receiving it to let you know that we have it, why we have it, and provide you with a link to this privacy notice.
If you are successful in gaining employment with Synthace then you will fall under the Employee Privacy Notice going forward; please refer to the employee handbook.
Lawful basis for processing
Our lawful basis for processing your data is legitimate interest and contract; we use your data to recruit the best candidates for roles at Synthace, to inform our efforts to ensure diversity and inclusion in recruitment, and to draft a contract for successful candidates. For right-to-work check evidence, our lawful basis for processing your data is legal obligation.
Retention Periods
If you are not successful in securing a role, then we will keep your details on our database for a period of up to 12 months.
This policy was last reviewed on 3rd August 2023
Supplier privacy notice
Data that we hold and how we use it
As a supplier to Synthace, we hold the corporate contact and payment details required to carry out our contract with you and data to manage our relationship with you. This data would have been gathered from you directly, although your contact details may have been sourced from a recommendation or another source, with the intention of entering into a contract with you.
Lawful basis for processing
Our lawful basis for processing your data is contract; all data is used to enable us to fulfil our contract with you, including paying you and managing our relationship with you.
We may also share your details if someone asks us to recommend a good supplier. When this happens, our lawful basis is legitimate interest.
Retention Periods
We store your data for as long as you are a supplier with us or likely to be a supplier in the future, plus six years in case of dispute.
This policy was last reviewed on 3rd August 2023
Client privacy notice
Data that we hold and how we use it
Data that we hold about clients will be mainly corporate information rather than personal data, but we do hold the name and contact details of the individuals we have a working relationship with.
As a client, we hold the contact and payment details required to carry out our contract with you, manage our relationship and keep you up to date with changes and improvements to our services. This data would have been sourced from you directly.
We may record client calls to assist with managing our service delivery and relationship with you, and for training purposes.*
We may hold information about clients’ employees who are end users of the product, for usability testing, in which case we hold contact details, information about your use of the product, and feedback shared you with us.*
Lawful basis for processing
Our lawful basis for processing your data is contract or legitimate interest; all data is used to enable us to fulfil our contract with you and manage our relationship.
*In the case of recording calls and usability testing, our lawful basis is consent; you have given clear consent for us to process your data for a specific purpose.
Retention Periods
We store your data for as long as you are a client, then six years in case of dispute/ after you cease to be our client.
This policy was last reviewed on 3rd August 2023
Potential clients privacy notice
Data that we hold and how we use it
As a potential client, we process your name, corporate email address, corporate phone number, company you work for, geographic location and potential area of interest.
We would have sourced this data from you completing a form on our website, previously attending an event, or from research we have done based on your company website and any subsequent LinkedIn conversation.
It is possible that your data came to us as a referral from a Third Party. If this is the case, then that Third Party will have informed you that they were passing your details to us, and will have named Synthace as the recipient.
We use the data to invite you to participate in our events and to contact you about our services.
We may also track when you open and interact with marketing emails we send. If you wish to stop receiving emails from us please just let us know.
Lawful basis for processing
Our lawful basis for processing your data is a Legitimate Interest for marketing purposes. As you are a corporate entity, we also abide by the Privacy and Electronic Communications Regulations (PECR). We give you the chance to opt out of all marketing on anything that we send you. We only share details of our own goods and services in our marketing. If your data was not sourced directly from you, then we contact you once we have the data to let you know that we have your data and give you the chance to opt out. Our legitimate interest balancing test indicates that this is a legitimate purpose: you would not be surprised to hear from us based on the nature of your job role, and our processing does not cause any harm or risk to you as a data subject.
Retention Periods
We will process your data until such a time when we are aware that you are no longer a potential client (either you are a new client or you have told us that you have no interest now, or in the future, in our services). We hold data on Potential Clients for 5 years, or until the point at which you opt out of communications. At this point you are added to a suppression list so we do not contact you again. When you become a Client, then that Privacy Notice will apply.
This policy was last reviewed 1st August, 2023
Newsletter subscriber or event attendee privacy notice
Data that we hold and how we use it
If you registered for our newsletter, a webinar or a face-to-face event then we will process your name, corporate email address, company you work for, geographic location and area of interest.
At face-to-face events there may also be photographs taken, in which case we will let you know at the time how to opt out. Dietary requirement data will also be collected if appropriate.
We use the data to enable you to participate in our events and ensure a positive experience for you. Your data is also used to send you a follow up survey and to stay in touch with you via our newsletter or emails about our company journey and relevant goods and services. You are given the chance to opt out of this at the point at which we collected the data, and then in every subsequent communication.
Lawful basis for processing
Our lawful basis for processing your data is a Legitimate Interest for marketing purposes. As you are a corporate entity, we also abide by the Privacy and Electronic Communications Regulations (PECR). We give you the chance to opt out of all marketing on anything that we send you. We only share details of our own goods and services in our marketing. If your data was not sourced directly from you, then we contact you once we have the data to let you know that we have your data and give you the chance to opt out. Our legitimate interest balancing test indicates that this is a legitimate purpose: you would not be surprised to hear from us based on the nature of your job role, and our processing does not cause any harm or risk to you as a data subject.
Retention Periods
If you opted out of marketing and just attended an event, then we store your data for up to five years. This makes it easier for us to have a more relevant discussion with you if you then become a client.
If you ask to unsubscribe from our newsletter/marketing, we will move your details to our suppression list to ensure that we don’t accidentally contact you again in the future. If you become a Client, then that Privacy Notice will apply.
This policy was last reviewed on 3rd August 2023.
Onsite visitor privacy notice
Data that we hold and how we use it
When you visit our premises, we process your name and the company you work for, the time and date of your visit and who you are visiting. This is used for safety and security reasons to ensure we know who is entering our offices and to notify us of your arrival. CCTV footage is recorded at the WestWorks site as a security and crime prevention measure. WestWorks site is the Controller of the CCTV data in the communal areas and can be contacted through this address: White City Place, 195 Wood Lane, London W12 7FQ. Telephone: 0203 892 9901 during normal business hours. Synthace is the Controller of CCTV within our offices.
Lawful basis for processing
Our lawful basis for processing your data is legitimate interest;
Retention Periods
Synthace does not hold data about our visitors.
CCTV footage where Synthace is the Controller is kept for 30 days. Data is then overwritten after 30 days.Investor privacy notice
Data that we hold and how we use it
As an investor or private shareholder in Synthace, we hold your contact and investment details. This data will have been sourced directly from you in the course of your investment.
We use this data to pass to the regulators*, to issue your share certificates** and to manage our relationship with you***.
Lawful basis for processing
Our lawful basis for processing your data is:
* legal obligation
** contractual obligation
*** legitimate interest
Our legitimate interest balancing test indicates that this is a legitimate purpose; you would not be surprised to hear from us based on the nature of our relationship, and our processing does not cause any harm or risk to you as a data subject.
We share your contact details in line with our regulatory requirements, so it will be listed in official documents such as company filings and would be used in any potential data room.
Retention Periods
As a shareholder/investor we hold your information for as long as we are legally required to do so.
This policy was last reviewed on 3rd August 2023.