- by us (or our vendors), offline or through any other means; or
- about job applicants or our employees; and/or
- by any third party, including through any application or content (including advertising) that may link to or be available from the Site.
1. Types of personal data collected
We collect and process the following types of personal data:
- Your personal identifiers and contact details such as your name, email address and Internet Protocol (IP) address;
- Internet or other electronic activity information such as your browser type and operating system, the websites you visited before and after visiting the Site, the pages you view and links you click on within the Site, information about your interactions with e-mail messages, such as the links clicked on and whether the messages were received, opened, or forwarded; and Standard Server Log Information; and
- Any other information you voluntarily provide to us e.g. when you contact us.
Sources of Personal Data
We collect personal data directly from you when you visit our Site, when you contact us via the Site, request information about our business, where you subscribe to receive our newsletter, and when you otherwise voluntarily provide us with your personal data.
2. Purposes and legal basis for processing
We use and process your personal data for the purposes and legal bases set out below:
|Communicating with you, providing you with information about our business, customer service, and operating and improving our Site.||Synthesis has a legitimate interest to operate its Site and communicate with you upon your request (Article 6(1)(f), GDPR)|
|Contact you with respect to products and/or services offered by us which we believe may interest you (including direct marketing via our newsletter) unless you advise us that you do not wish to receive marketing or market research communications from us||If applicable law requires that we receive your consent before we send you certain types of marketing communications, we will only send you those types of communications after receiving your consent (Article 6(1)(a), GDPR). If you wish to stop receiving marketing or market research communications from us you can unsubscribe via the link at the bottom of the relevant marketing e-mail or contact us using the contact details below Synthesis has a legitimate interest to carry out direct marketing in certain instances (Article 6(1)(f), GDPR)|
|Carrying out audits and investigations, and to investigate and resolve complaints||Synthesis has a legitimate interest to manage its business and to ensure that all investigations and proceedings are managed efficiently and effectively (Article 6(1)(f), GDPR) Synthesis may have a legal obligation to do so (Article 6(1)(c), GDPR)|
|Preparing for and acting in relation to enquiries, investigations or proceedings, by governmental, administrative, judicial or regulatory authorities, including civil litigation||Synthesis has a legitimate interest to manage its business and to ensure that all investigations and proceedings are managed efficiently and effectively (Article 6(1)(f), GDPR) Synthesis may have a legal obligation to do so (Article 6(1)(c), GDPR)|
|In connection with a potential asset or stock acquisition of Synthesis, or the outsourcing or insourcing of services provided by employees, providing reasonable diligence material to a third party or meeting any disclosure obligations as required by law||Synthesis has a legitimate interest to manage its business (Article 6(1)(f), GDPR)|
You have a right to object to the processing of your personal data where that processing is carried out for our legitimate interests. Please note however that we may not be able to fulfil this request in all instances.
3. Sharing of Personal Data
We make personal data available to our business partners, including IT suppliers that store and process personal data on our behalf. We also share your personal data as required or permitted by law to comply with a subpoena or similar legal process or government request, or when we believe in good faith that disclosure is legally required or otherwise necessary to protect our rights and property or the rights, property or safety of others, including to law enforcement agencies, and judicial and regulatory authorities. We also share your personal data with third parties to help detect and protect against fraud or data security vulnerabilities. And we may transfer your personal data to a third party in the event of a sale, merger, reorganization of our entity or other restructuring.
4. Retention period
We store personal data for as long as necessary to fulfil the purposes described above. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of the personal data, the purposes for which we process the personal data and whether we can achieve those purposes through other means. We also consider the applicable legal requirements and the extent to which it is necessary to process the personal data. In exceptional cases (e.g., in pending litigation matters or where the law requires us to) your personal data may need to be kept for longer periods of time.
5. You data privacy rights
You have the following rights with regard to personal data which we process about you, which may be subject to limitations and/or restrictions:
- You have the right to request access to the personal data we process about you.
- You have the right to request us to rectify any personal data that might be incorrect, as well as the right to request us to restrict the processing of your personal data.
- You may request to receive a copy of your personal data that you provided to us, in a structured, commonly used and machine-readable format.
- You have the right to request that we erase your personal data.
- You have the right to withdraw consent to the processing of your personal data at any time.
You also have the right to lodge a complaint with the competent data protection supervisory authority.
6. International Transfers
We will, for the purposes identified above, transfer personal data to recipients as referred to above, that are located in countries outside the European Economic Area (“EEA”)/ UK, including the US, and which are not considered to provide an adequate level of data protection. Personal data will only be transferred from the EEA/UK to a recipient in a country which is not considered to provide an adequate level of data protection when the transfer is made in compliance with applicable data protection and privacy laws (e.g., by entering into standard contractual clauses (“SCCs”) with the recipient, relying on the recipients Binding Corporate Rules, or by relying on a derogation such as, where the transfer is necessary for performance or a contract or the establishment or defence of legal claims).
You can request further information in relation to international transfers and/or a copy of the SCCs by contacting us as described in Section 9 below.
7. Other Websites
If our Site provides links to other websites, these websites may operate independently from us and may have their own privacy notices or policies, which we advise you to review. To the extent any linked websites or apps are not owned or controlled by us, we are not responsible for their content.
9. Contact Us
Please do not hesitate to contact us if you have any questions in regard to the protection of your personal data or if you wish to exercise your data protection rights (as described in Section 5 above).
4-7 Manchester Street
London W1U 3AE
Email: [email protected]