1. PURPOSE OF NOTICE
At Synnovia Limited we are committed to protecting the privacy and security of your personal information. This privacy notice aims to inform you on how we collect and process your personal data.
It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.
Synnovia is the data controller in respect of your personal data. We are required under data protection legislation to notify you of the information contained in this privacy notice.
We are part of the Synnovia group of companies.
2. WEBSITE AND THIRD-PARTY LINKS
We do not control these third-party websites or applications and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every third-party website you visit.
3. DATA WE COLLECT
“Personal data”, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
Categories of Data
We will collect and process the following categories of personal data:
Identity Data including personal details such as name and job title, company name.
Contact Data including personal contact details, addresses, telephone numbers, and email addresses.
Financial Data including bank account details, your debit or credit card information, your credit rating information (which we acquire from credit reference agencies) and other banking information.
Profile Data including information you provide to us in your communications with us, including, for example, information you provide to us when participating in market or product surveys and information on how you use our products and services, the industry or industries you or your company are engaged in and the products or services you enquire about or purchase from us.
Marketing and Communications Data including your preferences in receiving marketing information from us and our third parties and your communication preferences.
We will only collect personal data which is relevant in the context of our relationship with you.
Special Categories of Personal Data
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
Failure to provide Data
Where we need to collect personal data by law or under the terms of our contract (or proposed contract) and you fail to provide that data when requested, we may not be able to perform the contract we have, or are trying to enter into, with you. In such event, we may have to terminate the contract (or any negotiations in relation to a proposed contract) but we will notify you if this is the case at the time.
Change of Data
It is important that personal data we hold about you is accurate and up to date and we ask you to keep us informed if your personal data changes during your relationship with us.
4. HOW WE COLLECT YOUR DATA
We collect data from and about you in different ways including through:
You may give us your personal data when you interact with us, for example in commercial discussions or through queries about the Synnovia Group.
Automated technologies or interactions
As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, and other similar technologies.
Third Parties or Publicly Available Sources
We may receive personal data and additional information from third parties including credit reference agencies or other background agencies and business directories and public sources such as Companies House.
5. HOW WE USE YOUR DATA
We will only use your personal data for a particular reason and where there is a legal basis to do so.
We will use your personal data in the following circumstances in particular:
- Where we need to perform a contract we have entered into with you or are taking steps to enter into with you.
- Where we need to comply with a legal or regulatory obligation or are required to do so by law.
- Where you have consented to such use.
- Where it is necessary for the purposes of our own legitimate business interests (or those of a relevant third party) and your interests and fundamental rights do not override those interests.
Marketing and Advertising
We will only use your personal data to determine which products, services or offers we think you may want or need or that may be of interest to you.
You will receive marketing messages from us if you have requested information, or purchased products or services, from the Synnovia Group and you have not opted out of receiving such messages.
You can ask us to stop sending you marketing messages at any time by contacting us at any time using the details below.
Where you opt out of receiving these marketing messages, this will not apply to personal data already provided to us for other purposes, for example as a result of a commercial transaction with you.
6. DATA SHARING
Sharing Personal Data with Third Parties
We may share your personal data with third parties where required by law, or where it is necessary to perform our contract with you or where we have a legitimate business interest in doing so.
“Third parties” may include third party service providers, being parties, for example, which provide software, technical or professional services to us, and may also include other members of the Synnovia group, for example as part of a sales or project process or fulfilling our contract with you.
Any third-party service provider with whom your personal data has been shared will be required to take appropriate security measures to protect such data in line with our policies and the law and to process your personal data only for specified lawful purposes in accordance with our instructions and not for their own purposes.
Transfer outside the EU
We will not transfer your personal data outside the EU without your consent and then only on terms approved by us.
7. DATA SECURITY
We have put in place appropriate security measures to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed and to deal with any suspected data security breach.
We will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and will be subject to a duty of confidentiality.
8. DATA RETENTION
Length of Retention
We will only retain your personal data for as long as is necessary to fulfil the purposes it was collected for, including the purposes of satisfying any legal, accounting, or reporting requirements.
Determination of Retention Period
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of your personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purpose for which such data is being processed and any applicable legal requirements.
9. YOUR RIGHTS IN CONNECTION WITH DATA
Access, Correction, Erasure and other Rights
By law you have the right in certain circumstances to:
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correctionof the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected if it is wrong.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no lawful reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to the data being processed (see below).
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and your particular circumstances justify your objecting to processing on this ground.
- Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example, if you want us to establish its accuracy or the lawful basis for processing it.
- Request the transfer of your personal data to another party.
If you wish to exercise any of these rights, please contact our Data Protection Manager in writing.
No Fee Usually Required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
10. WITHDRAWAL OF CONSENT
In those circumstances where you have provided your consent to the collection, processing and transfer of your personal data for a particular purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please notify our Data Protection Manager in writing.
Once we have received notification that you have withdrawn your consent, we will no longer process your data for the purpose you originally agreed to, unless there remains another lawful basis for doing so.
11. DATA PROTECTION MANAGER AND QUESTIONS
Details and Contact Information
If you have any questions about this privacy notice or how we handle your personal information, please contact our Data Protection Manager using the contact details below.
Full name of legal entity: Synnovia Limited
Name or title of Data Protection Manager: Group Legal Director
Email address: email@example.com
Postal address: c/o BNL (UK) Limited, Manse Lane, Knaresborough HG5 8LF
Telephone number: +44 0203 146 6852
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). However, as we take our obligations seriously in relation to your personal information, we would ask and encourage you to contact us first if you have any issues or concerns so that we may address and try to resolve these before you approach the ICO.
5. EFFECTIVE DATE AND UPDATE
This version is effective 23rd January 2023.
We may change this privacy notice from time to time in order to reflect changes in the law and/or our privacy practices. We encourage you to check this privacy notice for changes when you visit our website.