Skip to content

    Privacy Notice

    Who we are

    We are Synthace Ltd, based at WestWorks, 195 Wood Lane, London W12 7FQ.

    We are registered with the ICO as a data controller/fee payer under number ZA297709.

    Our role

    In the most part, Synthace Ltd acts as a Processor only for our clients’ data. That means when we process personal data, we are doing so purely on the instruction of another company (the Controller).

    Synthace Ltd, does on occasion, act as a Controller. This is only for the data that we process for our day to day internal business operations. It is a small amount of data, and we keep to a minimum the information we hold about you.

    This privacy notice refers to the data we process as a Controller only.

    Your rights

    As a potential employee you have rights in respect of our processing of your personal data. The relevant rights are:

    • Right of access: You can request access to a copy of the personal data which we hold about you, as well as details about why and how we use;
    • Right to rectification: You can ask us to change or complete any personal data we hold about you which is inaccurate or incomplete;
    • Right to be forgotten/erasure: You have a right, under certain circumstances, to ask us to delete any personal data we hold about. Please note that there may be situations where we must retain your personal data after a request for erasure where we have a lawful basis for doing so;
    • Right of restriction: You can ask us to restrict (i.e. prevent) the processing of your personal data where you have objected to our use of it and we have no lawful basis to continue processing your personal data;
    • Right of data portability: In certain circumstances, you can ask us to transfer the data we hold about you to another. This would be sent in a structured, commonly used, electronic form;
    • Right to object: You can object to us using your personal data for particular purposes; and
    • Automated decision making: You have a right not to be subjected to automated decision making and profiling in certain

    You also have the right to lodge a complaint about our processing with a supervisory authority — in the UK that is the ICO whose details are here: https://ico.org.uk/global/contact-us/postal-addresses/

    If you want to exercise any of these rights, please call us on at +44 (0) 20 3976 7676 or send an email to privacy@synthace.com

    Transfers of your data outside the EEA

    We only transfer data outside of the EEA if it is to a country or organization that is deemed by the EU to have adequate protection of data, or if appropriate safeguards have been put in place, for example EU Standard Contractual Clauses. When we rely on Standard Contractual Clauses, we also carry out due diligence to ensure they provide enough protection within the local legal framework.

    Technical and operational security

    At Synthace all our employees are trained in data privacy on a regular basis. All our devices are encrypted. We maintain up to date anti-virus and anti-malware protection. We have a strong password policy and utilize active directory to control access. Our premises are protected by CCTV, external security services and security badge access.

    Automated decision making

    We do not use your personal data in any automated processes to make decisions about you.

    What happens if our business changes hands?

    We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, depending on the lawful basis, be permitted to use that data only for the same purposes for which it was originally collected by us.

    In the event that any of your data is to be transferred in such a manner, you will be contacted in advance and informed of the changes.

    Changes to our Privacy Policy

    We may change this Privacy Policy from time to time (for example, if the law changes). We recommend that you check this page regularly to keep up-to-date.

    If we make any material changes to the manner in which we process and use your personal data, we will contact you to let you know about the change.

    Contact us

    If you want to talk to us about this, please call contact the Data Privacy Lead on at +44 (0) 20 3976 7676 or send an email to privacy@synthace.com. 

    Tell me more…

    To see more about how we use your personal data, read the notice or notices which apply best to your relationship with us:

     

    Employee or Potential Employee Privacy Notice

    Data we hold on potential employees

    • Contact details
    • CV
    • Interview notes and test scores
    • Discussions relating to a potential contract with us

    We may also track when you open and interact with emails we send about recruitment or job openings. If you wish to stop receiving emails from us please just let us know.

    Where did we get your data?

    If you applied for a role with Synthace via any of the systems where we place our vacancies, then the data we hold will have come directly from you.

    If we contacted you, then we will have got your details from publicly available sources, in the knowledge that you may be a good fit for our company. We also utilize recruitment platforms to source potential candidates. Once we have your data, we will contact you as soon as we can after receiving it to let you know that we have it, why we have it, and provide you with a link to this privacy notice.

    Why we hold your data

    We use your data to recruit the best candidates for roles at Synthace. This is with a view to starting a contract with you, so our lawful basis is contract.

    When you apply, and as you go through a review and interview process, the information we hold will be updated accordingly.

    Data retention

    If you are not successful in securing a role, then we will keep your details on our database for a period of up to 24 months. This is on the basis of legitimate business interest.

    Updating or removing your data

    You may request that the information we hold is updated or removed, and we will review your request against our need to hold relevant data.

    If you would like to be removed from consideration for future openings please either contact your recruiter in the Talent team directly, or send an email to jobs@synthace.com detailing your request.

    To request that your data is updated or removed, please contact us on +44 (0) 20 3976 7676 or by email to privacy@synthace.com after the event.

    Data sharing

    We have a number of processors (like cloud service providers) who act on our behalf. We have Data Processing Agreements in place with all of these processors to ensure that your data is processed in compliance with the law and only upon our instruction. We never sell your data.

    If data is transferred from the UK to the EEA then it is done so on the basis of those countries having a comparable data protection regime to the UK (adequacy).

    I'm an employee

    If you are an employee, please refer to the employee handbook.

    This policy was last reviewed

    24 September 2020

    Supplier Privacy Notice

    Data that we hold and how we use it

    Data that we hold in suppliers will be mainly corporate information rather than personal data, but we do hold the name and contact details of the individual we have a working relationship with.

    Our lawful basis for processing your data is contract; all data is used enable us to fulfil our contract with you, including paying you and managing our relationship with you.

    Data retention

    We store your data for as long as you are a supplier with us or likely to be a supplier in the future, plus seven years in case of dispute.

    Data sharing

    We have a number of processors (like cloud service providers) who act on our behalf. We have Data Processing Agreements in place with all of these processors to ensure that your data is processed in compliance with the law and only upon our instruction. We never sell your data.

    We may also share your details if someone asks us to recommend a good supplier. When this happens, our lawful basis is legitimate interest.

    If data is transferred from the UK to the EEA then it is done so on the basis of those countries having a comparable data protection regime to the UK (adequacy).

    This policy was last reviewed

    24 September 2020

    Client Privacy Notice

    Data that we hold and how we use it

    Data that we hold on clients will be mainly corporate information rather than personal data, but we do hold the name and contact details of the individuals we have a working relationship with.

    Our lawful basis for processing your data is contract; all data is used enable us to fulfil our contract with you and manage our relationship.

    Data retention

    We store your data for as long as you are a client, plus seven years in case of dispute.

    Data sharing

    We have a number of processors (like cloud service providers) who act on our behalf. We have Data Processing Agreements in place with all of these processors to ensure that your data is processed in compliance with the law and only upon our instruction. We never sell your data.

    If data is transferred from the UK to the EEA then it is done so on the basis of those countries having a comparable data protection regime to the UK (adequacy).

    This policy was last reviewed

    24 September 2020

    Potential Clients Privacy Notice

    Data that we hold and how we use it

    As a potential client, we process your name, corporate email address, corporate phone number, company you work for, geographic location and potential area of interest.

    We would have sourced this data from you completing a form on our website, previously attending and event, or from research we have done based on your company website and any subsequent LinkedIn conversation.

    It is possible that your data came to us as a referral from a Third Party. If this is the case, then that Third Party will have informed you that they were passing your details to us, and will have named Synthace as the recipient.

    We use the data to invite you to participate in our events and to contact you about our services.

    We may also track when you open and interact with marketing emails we send. If you wish to stop receiving emails from us please just let us know.

    Data retention

    We will process your data until such a time when we are aware that you are no longer a potential client (either you are a new client or you have told us that you have no interest now, or in the future, in our services).

    Data sharing

    We have a number of processors (like cloud service providers) who act on our behalf. We have Data Processing Agreements in place with all of these processors to ensure that your data is processed in compliance with the law and only upon our instruction.

    If data is transferred from the UK to the EEA then it is done so on the basis of those countries having a comparable data protection regime to the UK (adequacy).

    This policy was last reviewed

    24 September 2020

    Newsletter Subscribers and Event Attendee Privacy Notice

    Data that we hold and how we use it

    If you registered for our newsletter, a webinar or a face to face event then we will process your name, corporate email address, company you work for, geographic location and area of interest.

    At face to face events there may also be photographs taken, in which case we will let you know at the time how to opt out. Dietary requirement data will also be collected if appropriate.

    We use the data to enable you to participate in our events and ensure a positive experience for you. Your data is also used to send you a follow up survey and to stay in touch with you via our newsletter or emails about our company journey and relevant goods and services. You are given the chance to opt out of this at the point at which we collected the data, and then in every subsequent communication.

    Data retention

    If you opted out of marketing and just attended an event, then we store your data for up to five years. This makes it easier for us to have a more relevant discussion with you if you then become a client.

    If you ask to unsubscribe from our newsletter/marketing, we will move your details to our suppression list to ensure that we don’t accidentally contact you again in the future.

    Data sharing

    We have a number of processors (like cloud service providers) who act on our behalf. We have Data Processing Agreements in place with all of these processors to ensure that your data is processed in compliance with the law and only upon our instruction. We never sell your data.

    If data is transferred from the UK to the EEA then it is done so on the basis of those countries having a comparable data protection regime to the UK (adequacy).

    This policy was last reviewed

    24 September 2020

    Onsite Visitor Privacy Notice

    Data that is held

    When you visit our premises, we will receive your name and the company you work for from our building operators. This is used to ensure we know who is entering our offices and notify us of your arrival, and for security and crime prevention reasons.

    Depending on the site you are visiting, CCTV may also be recorded. Please refer to the specific details for each site below for more information.

    The WestWorks, White City Place, London, UK

    The building operator has CCTV covering the shared areas. The images are only accessible to the on-site Security team (Cornerstone), and data is kept for 30 days before being automatically erased.

    Synthace also has a separate CCTV system within the office as an additional security and crime prevention measure. This data is kept for three weeks.

    Visitor info (name of visitor, their company, and the name and company of the person they are visiting) is recorded by the building operator’s Reception and Security teams. This data is kept for up to three years.

    Temporary access cards will be issued which will enable you to move around the shared areas of the building, but the data from these is not linked to the visitor information mentioned above. To gain access to the Synthace office area and/or lab, a Synthace employee will need to accompany you.

    To obtain a copy of the latest privacy policy from White City Place / Savill’s / Cornerstone, please contact:

    Alexandre Callaud
    Property Manager WestWorks – White City Place
    alexandre.callaud@whitecityplace.com
    CIC, Cambridge, MA, USA

     

    CIC requires that all visitors register their presence at a CIC location with the building's security desk, CIC's concierge, or both.

    When CIC's concierge records the presence of a visitor, the identity of that visitor or guest is confirmed by checking a photo ID or other acceptable form of identification.

    CIC treats visitor personal information as if it belonged to a client (Synthace) employee for the purpose of this document, with the below exceptions:

    1. No identification shall be removed from the presence of the owner except by a full-time CIC staff member.
    2. Part time CIC employees shall be permitted to record the necessary information from a visitor's ID in order to register that visitor's presence at CIC with the following caveats:
    3. Part time CIC employees shall have received training on the handling of personal information before handling any identification document belonging to a visitor.
    4. Part time CIC employees who have not completed their 3-month probationary period shall not handle any identification document without the supervision a full-time CIC employee, or another part-time CIC employee that has completed their probationary period.

    Photocopies of IDs

    1. Only full-time CIC employees may photocopy or otherwise duplicate or store images of client employee IDs.
    2. After photocopying, the ID is immediately returned to the client employee.
    3. The photocopy is immediately placed in the appropriate folder in a securely locked filing cabinet in a secure office or storage location. Any space that stores ID information is under video surveillance, and is locked except when occupied.
    4. Only authorized CIC managers have access to the locked file cabinet containing these folders.

    Database entries

    1. Master copies of information on CIC client employees are to be stored only on Quickbase. All systems that access or store client employee data must use Quickbase as the source of those data.
    2. Only CIC employees have access to systems containing information on client employees.
    3. Contractors and employees of associated entities may have access to specific client data at the discretion of CIT and CIC Management.
    4. For all non-CIC employees, the principle of least permission shall be followed, and the individuals shall have access only to the records necessary to perform their contractual obligations.
    5. CIC employees connecting to Quickbase for the purpose of accessing client information must follow the guidelines described in this document.
    6. Any client data downloaded, printed, or otherwise made available when disconnected from Quickbase must be protected as described in this document.

    To obtain a copy of the latest privacy policy from CIC, please contact:

    Kristyn Fratus Salazar
    Senior Relationship Manager - CIC Cambridge
    This policy was last reviewed
    24 September 2020

     

    Investor Privacy Notice

    Data that we hold and how we use it

    As an investor or private shareholder in Synthace, we hold your contact and investment details. This data will have been sourced directly from you in the course of your investment.

    We use this data to pass to the regulators*, to issue your share certificates** and to manage our relationship with you***.

    Our lawful basis for processing your data is:

    * legal obligation

    ** contractual obligation

    *** legitimate interest

    Our legitimate interest balancing test indicates that this is a legitimate purpose; you would not be surprised to hear from us based on the nature of our relationship, and our processing does not cause any harm or risk to you as a data subject.

    Data retention

    As a shareholder/investor we hold your information for as long as we are legally required to do so.

    Data sharing

    We share your contact details in line with our regulatory requirements, so will be listed in official documents such as company filings and would be used in any potential data room.

    We have a number of processors (like cloud service providers) who act on our behalf. We have Data Processing Agreements in place with all of these processors to ensure that your data is processed in compliance with the law and only upon our instruction. We never sell your data.

    If data is transferred from the UK to the EEA then it is done so on the basis of those countries having a comparable data protection regime to the UK (adequacy).

    This policy was last reviewed

    24 September 2020