Synthace Limited Privacy Policy

GDPR: This policy explains how Synthace seeks to comply with the European Union General Data Protection Regulation (GDPR) and relevant UK concerning the processing of personal data (information that relates to a natural person).

Fair Processing: We seek to use personal data fairly and in a transparent way; collecting only for explained and valid purposes and keeping it securely and only as long as necessary.

Controller: Synthace Ltd will usually be processor but may in some limited circumstances be controller. For more information contact the nominated Data Protection Officer (DPO) who can be reached by telephone at +44 (0) 20 3976 7676 at Synthace Ltd, 195 Wood Lane, London W12 7FQ or by email to privacy@synthace.com

Lawful basis: In the majority of situations, Synthace’s basis is our legitimate business interest to serve our current clients and to seek new ones. We may also have contracts with clients, suppliers, and employees that further support this interest. In some situations we may have a legal obligation. In a very limited number of areas we rely upon consent.

Collection of data: We collect data in a number of ways, including cookies on our website www.synthace.com as detailed in our Cookie Policy. For more information please contact the DPO. Retention: We seek to retain only when, and for long as, necessary to fulfil the purpose for which personal data was collected. This may include meeting legal, accounting and taxation requirements. See below.

Data sharing: Synthace has security measures (both physical and digital, including password protection, encryption and third party assessments) to reduce the risk of accidental or deliberate access or loss. Authorised employees may have access to perform their duties, and third parties may act as processors to allow us to perform our duties under contract. This may include transfer to for form the EEA or US (via suppliers who operate under the privacy shield) and will be under contracts meeting the EC standard contractual clauses. We will not seek to sell your data, nor is your data subject to automated decision making without human intervention. Your rights: You may contact us to request access, or erasure; to object to processing or request restriction. We may have good grounds to refuse to comply with your request, but if so we must explain our grounds.

Our obligations: We must consider how to apply GDPR in practice, including procedures to deal with data security breaches. We must assist data subjects in exercising their rights (see above).

Version 2.0 28-01-19

Synthace Ltd