GDPR: This policy explains how Synthace seeks to comply with the European Union General Data Protection Regulation (GDPR) and relevant UK concerning the processing of personal data (information that relates to a natural person).
Fair Processing: We seek to use personal data fairly and in a transparent way; collecting only for explained and valid purposes and keeping it securely and only as long as necessary.
Controller: Synthace Ltd will usually be processor but may in some limited circumstances be controller. For more information contact the nominated Data Protection Officer (DPO) who can be reached by telephone at +44 (0) 20 3976 7676 at Synthace Ltd, 195 Wood Lane, London W12 7FQ or by email to firstname.lastname@example.org
Lawful basis: In the majority of situations, Synthace’s basis is our legitimate business interest to serve our current clients and to seek new ones. We may also have contracts with clients, suppliers, and employees that further support this interest. In some situations we may have a legal obligation. In a very limited number of areas we rely upon consent.
Data sharing: Synthace has security measures (both physical and digital, including password protection, encryption and third party assessments) to reduce the risk of accidental or deliberate access or loss. Authorised employees may have access to perform their duties, and third parties may act as processors to allow us to perform our duties under contract. This may include transfer to for form the EEA or US (via suppliers who operate under the privacy shield) and will be under contracts meeting the EC standard contractual clauses. We will not seek to sell your data, nor is your data subject to automated decision making without human intervention. Your rights: You may contact us to request access, or erasure; to object to processing or request restriction. We may have good grounds to refuse to comply with your request, but if so we must explain our grounds.
Our obligations: We must consider how to apply GDPR in practice, including procedures to deal with data security breaches. We must assist data subjects in exercising their rights (see above).
Version 2.0 28-01-19