About this policy
This policy explains when and why we collect personal information from you and how we use it, keep it secure, and your rights in relation to it.
We will always comply with GDPR when dealing with your personal data. Further details on GDPR can be found at the website of the Information Commissioner: www.ico.gov.uk
For the purposes of the GDPR, the Managing Director will be the “controller" of all personal data we hold about you. The Managing Director will be responsible for making sure we comply with the GDPR. The Managing Director (Data Protection Officer) may be contacted at firstname.lastname@example.org
Information we may collect about you
We may collect the following data about you via the following methods:
- Website Cookies
- When using our forms
You may give us information about you by filling in forms on our website www.synthax.co.uk. This includes information you provide when you register to use our site, request support on any of our products, register your products, make a warranty application for your product, make a general enquiry, and when you report a problem with our site. The information you give us may include your name, address, e-mail address and phone number, and credit card information.
- When you are placing an order
When you place an order on our site, all transaction information passed between our website and our PSP (payment service provider) Sage Pay's systems is encrypted using 128-bit SSL certificates. You can view Sage Pay's security policy which includes transaction security, encryption and data storage information as well as their PCI DSS certificate by clicking here.
We also use a Secure Sockets Layer (SSL) on our order pages for further assurance and security. You can view our SSL certificate by clicking on the padlock in your URL address bar when making an order.
- Information we receive from other sources.
We work closely with third parties (including, for example, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them. In the event of receiving personal data from a third party, we will only do so when the data owner has provided consent for this.
- When using our website search
If you use our website search function, we do not collect any personal information from you.
- When using our social media channels
- When you email us
We use Transport Layer Security (TLS) to encrypt and protect email traffic. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.
We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law
You can find out more about TLS and why it matters on the UK Government website.
- When you telephone us
If you call us, we may collect personal contact information from you with your consent in order to deal with your enquiry.
- When you enter our competitions and promotions
If you enter one of our competitions or promotions we may collect personal data from you including name, address and contact details. This may be via a form online, a paper entry at a trade show, through trusted third parties or other methods. Your consent to take and use your data will always be required before you can enter.
- When you choose to receive our e-newsletters
We use a third-party provider (Constant Contact) to manage and deliver our e-newsletters. We gather statistics around email opening and clicks using industry standard technologies (Constant Contact and Gogle Analytics) to help us monitor and improve our e-newsletters.
We give you the opportunity to unsubscribe from our e-newsletter at any time. Just click the “unsubscribe" link at the bottom of any of our e-newsletters and you will be immediately unsubscribed and removed from the e-newsletter data base. You can of course re-subscribe at any time on our website.
For more information regarding Constant Contact's data processing and Googles privacy policies and data safeguards, please use the following links.
Constant Contact: https://www.constantcontact.com/uk/legal/data-processing-agreement
Lawful basis for processing personal data…
As we are a sales organisation, we are obliged under the contract of sale to keep sales data as part of the audit trail for seven years after date of transaction. This also helps us to refer back to your purchase details should you require any after sales support.
Uses made of the information
We use information held about you in the following ways:
Information you give to us. We will use this information:
- to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
- to provide you with information about goods or services we feel may interest you. If you are an existing customer, we will only contact you by electronic means (e-mail or SMS) with information about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to you;
- to notify you about changes to our service;
- to ensure that content from our site and e-newsletter is presented in the most effective manner for you and for your computer.
Information we collect about you. We will use this information:
- to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve our site to ensure that content is presented in the most effective manner for you and for your computer;
- to allow you to participate in interactive features of our service, when you choose to do so;
- as part of our efforts to keep our site safe and secure;
- to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
- to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.
- Information we receive from other sources. We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
- We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.
Where we store and protect your personal data
All payment transactions are encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Any serious data breach would be reported within 24 hours to the ICO in line with their data breach guidelines.
Your rights under GDPR
Under the Data Protection Act 1998, you have rights as an individual which you can exercise in relation to the information we hold about you. GDPR extends these rights to offer you more control over your personal data.
How to access your personal data
If you wish to access personal data that we hold about you, you can do so by emailing the data protection officer at email@example.com. Please note that it can take up to 14 days to process your request and that you may be asked some security questions to prove your identity.
You also have the right:
- To be provided with information on how your data is used;
- To have your personal data corrected (e.g. change of home or email address);
- To have your personal data erased;
- To object to how your personal data is processed (e.g. the right not to be marketed to).
If you wish to exercise any of these rights, please email the data protection office at firstname.lastname@example.org. Again, please note that it can take up to 14 days to process your request and that you may be asked some security questions to prove your identity.
The Data Protection Officer
Unit 13, Sovereign Park