v1.2 updated August 2022
Synalogik Innovative Solutions Limited is a private limited company, registered in England under number 11601168, our registered offices are Suite 1, The Courtyard, Tewkesbury Business Park, GL20 8GD. We are registered with the Information Commissioner’s Office under registration number ZA464486.
We are committed to protecting and respecting your privacy.
SYNALOGiK is a private limited company based in the UK and is the brainchild of a number of ex-police and intelligence officers, lawyers and barristers. We work with both the public and private sectors to enable them to comply with their statutory, legal and fiduciary duties. We support our customers with a wide range of data validation services including anti-money laundering, debt and fraud prevention, identity verification and prevention and detection of crime.
We do not physically collect data from data subjects but act as a data aggregator, and access data from a wide range of public and private sources. Our customers utilise our platform to per real time searches on their customers, prospects, and persons of interest.
SYNALOGiK acts as a data Processor for both our customer and the data supplier.
We use software to gather targeted data from various databases. The data located is often that which can be found by using a standard search engine upon the internet or by contacting publicly accessible websites such as Companies House. Having retrieved this personal data it is automatically interrogated for the purposes of detecting fraud, money laundering or activity contrary to Responsible Gambling policies of our clients. We carry out an automated analysis of the results and present the findings to our clients. It is our clients who determine the level of risk that is applied and it is they who ultimately make decisions based upon our findings. Any information provided to our Clients is on an “as is” basis. We cannot and do not guarantee the accuracy of the data found.
Essentially our software speeds up the process of data aggregation and analysis for our clients, but it is they who determine what personal data is accessed, to what degree it is processed and what to do with the results.
THIRD PARTY DATA
When a customer performs a search our platform interrogates a predetermined set of external records and returns search results to us, these are presented to our Customer via the platform, dashboard. The supplied information includes names, address, dates of birth, contact numbers and emails, it may also include details of third parties and geographical locations including IP Addresses.
Clients working in the crime prevention or detection arena or national security may provide additional information such as IP addresses and more sensitive information.
Depending on the data supplier being used a wide range of intelligence may be returned. This may include information from the public domain, governmental websites including sanctions lists, information concerning adverse publicity, bankruptcies as well as financial information.
Some personal data is classified as special category, or sensitive, and includes information about sexuality or orientation, religion and ethnicity, health conditions, political opinions or actual or alleged criminal activity or records. Some data sources will reveal this type of information about individuals.
WEBSITE VISITORS AND GENERAL ENQUIRIES
We collect information from you when you interact with us, such as when you use our website or make an enquiry with us.
By visiting our website we may be able to see your IP address, approximate geographical location and the pages you visit, although your information shall remain anonymous unless you share your contact details with us.
In order to promote our organisation, we research and process corporate and public sector information which will include standard category personal contact details, but this will be limited to only that information necessary to build or maintain a business relationship. We do engage external companies to assist us in cdata enhancement, for example to add a missing telephone number, and all calls in and outbound by our sales team are recorded for quality and training purposes.
OUR LAWFUL BASIS FOR PROCESSING?
Our data suppliers will ensure that any personal data shared with us has been lawfully obtained, and where this is from governmental sources the lawful basis will usually be to fulfil a public function, comply with a legal obligation or it is in the substantial public interest.
Information from the public domain and from Private sector organisations will be processed under the lawful basis of legitimate interests.
Information provided by our Customers will be processed according to their instructions and it is they who will determine that processing remains lawful at all times.
When you visit our website, we shall rely on consent to process non-essential cookies, and to manage any enquires you make of us we shall rely on legitimate interests or contractual obligations.
We can only rely on “legitimate interest” to process personal data (or those of a third party), if our interests do not override your fundamental rights and freedoms.
We will only use your personal information for the purpose(s) for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose(s), and we may process your personal information without your knowledge or consent, but only when instructed to do so by our client, or where this is required or permitted by law.
CUSTOMER SEARCHES AND THIRD PARTY DATA
Customer information is only shared with those third-party data providers whom the customer pre-approves. Information retrieved from suppliers as a result of the search is presented back to customers and a copy held within the SYNALOGiK platform; at all times our Customer remains responsible for any personal data processed.
In the course of delivering services to our Customer we may be required to provide data to third party data Controllers such as the police. This would only occur when we had a legal obligation to do so.
We utilise third party processors to support us in processing personal data, such as our cloud based CRM provider and web hosting company, and they will only process personal data under our instruction and after we have performed due diligence on them.
On occasion we will provide personal data to our professional advisors, be that our accountants, legal advisors or others, but you can be assured that this will only take place when necessary for the smooth management of the business. It is highly unlikely that we will need to share data from external parties, for example data supplied from a Customer, or retrieved from a data Supplier.
We carry out our own internal IT support, but in the rare event that external IT support were required we may need to grant them access to your personal data. Any such third-party service provider would be contractually required by us to maintain appropriate security measures so as to protect all personal data to which they have access. We would not grant access to external support workers without written confirmation that their data security requirements are of an appropriate standard to carry out the tasks which we wish them to do.
CUSTOMER SEARCHES AND THIRD PARTY DATA
SYNALOGiK will only process data on the instructions of the customer and the data supplier, we only use the information provided from both parties to facilitate a search and collate responses. Our platform uses risk scores which are determined by the customer, automated data analysis does take place to identify common points of interest between datasets, and thereby reveal hidden intelligence that may not immediately be visible from a single set of data alone, however, all computer generated results are viewed by a customer’s analyst, and no artificial intelligence is used in the processing.
We train our our clients on the most efficient way to utilise the service, and will provide all of the search and analytical tools to enable them to achieve the best out of the platform, but we process no data without their instruction. When test data is used, we use personal data of individuals who have given consent to the processing.
When your organisation enters into an agreement with Synalogik, we will collect additional information which is necessary for the performance of the contract we have with your organisation, for example, billing information and providing service updates related to the product/service Synalogik are providing to you.
We never sell, exchange or otherwise share any personal data obtained from business relationships or concerning visitors to our website, our customers or authorised users of our technology.
Our system uses cloud-based technology, meaning that rather than being stored upon servers at our offices, your information is kept and processed in an extremely secure environment “on the cloud” The strength of our environment is regularly “penetration tested” and we have made all reasonable endeavours to comply with recommendations of those testers to ensure that our data is kept in a secure way.
We have stringent procedures in place to deal with any known or suspected data breaches.
How long your information will be retained will be determined by the customer, or the supplier. They will only retain personal information for as long as necessary to fulfil the purpose for which it was obtained and processed it. There are legal and accounting reasons why this period can be increased, but in essence the retention period is based upon the amount of data, sensitivity, potential risk of harm if compromised and the nature of the personal data.
In deciding upon the period of retention the Data Controller will also review the purpose for which the information was processed and whether the purpose can be achieved in some other way, beyond simply retaining the data. In some circumstances there are legal constraints which require Controllers to retain the personal information obtained for indefinite periods.
In our commercial and employment relationships we usually retain the information for 7 years after the relationship has ended.
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of our website and to compile statistical reports on website activity.
For further information visit www.aboutcookies.org or www.allaboutcookies.org.
You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However, in a few cases some of our website features may not function as a result.
The Data Protection Act 2018 and GDPR affords individuals whose personal data is processed certain rights and these are listed below for your convenience:-
• You have the right to access a copy of the personal information we hold about you by making a Data Subject Access Request (DSAR), you can do this by using the contact details at the end of this policy.
We will just have to verify your identity before we can proceed.
• You have the right of rectification to amend or update your personal information and ensure we maintain accurate and up to date records and or data about you.
• You have the right to erasure, also known as ‘the right to be forgotten’.
The broad principle underpinning this right is to enable an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing by Griffin House.
• You have the right to ‘block’ or suppress the processing of your personal data.
• Processing of your personal information may be restricted in the event it is no longer essential to support the use of services provided to you and is no longer needed for any contractual, legal or financial reasons. In those cases, SYNALOGiK is permitted to store the personal data, but not further process it.
We may retain just enough information about you to ensure that any restriction is respected in the future.
• You have the right to data portability which allows individuals to obtain and or reuse their personal data for their own purposes across different services. It allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability. This right does not apply to SYNALOGiK, Customer or Supplier data.
• You have the right to object to the processing of your personal information based on consent, our legitimate interests, a task in the public interest or exercise of official authority including direct marketing or profiling activities, and processing for purposes of scientific and or historical research and statistics.
• You have right to be made aware of any automated decision-making, that made without any human involvement, and/or profiling of your personal information by SYNALOGiK. We use an automated process to score risks and match datasets but automated decisions are not made on you which will affect you in a legal way
• You have an absolute right to ask us to stop sending you direct mail or marketing emails.
For some processing you will have given permission to process your information, and in these cases you can withdraw your consent at any time however, any records already captured may need to be kept, in full or part, for legal reasons.
In certain situations, the above rights may not apply, for example if you entered into a minimum term contract, and we need to notify you about an alteration, even if you asked us previously not to, but in this case we would not send you any further direct marketing communications.
If you have any questions, do not hesitate to contact us.
The Data Protection Officer
Synalogik Innovative Solutions Limited
Suite 1, Unit A,
Tewkesbury Business Park,
Phone: 01684 274716
Finally, if you are unhappy with how we have processed your information, you have the right to lodge a complaint with the Office of the Information Commissioner, contact details below.
Information Commissioner’s Office
Cheshire, SK9 5AF
Helpline: 0303 123 1113 (local rate) or +44 1625 545 745