(v1.8 last updated March 2026)

1. Who are we?

Synalogik Innovative Solutions Ltd (“Synalogik”, “we”, “our” or “us”) is a UK-based technology company that develops and provides an investigative software platform called Scout®.

Scout® is a secure, cloud-based, Software-as-a-Service (SaaS) platform used by organisations to bring together and analyse information from multiple sources in a single environment. The platform supports a range of activities including investigative and intelligence analysis, case and customer management, monitoring, and reporting.

Scout® provides tools that allow authorised users within client organisations (Clients) to record notes, create and link profiles, assess and manage risk, and monitor activities relevant to their operational and regulatory requirements.

Synalogik provides Scout® to organisations in both the public and private sectors. Through the provision of this platform, we may process personal data on behalf of our Clients or in connection with the operation of our services, but only under authorisation and following strict protocols.

In many cases, Synalogik acts as a processor, processing personal data on behalf of our Clients, who act as the controllers responsible for determining the purposes and means of processing personal data.

2.  Our approach to privacy management

Synalogik has established governance arrangements, including designated roles at senior management level, responsible for overseeing privacy, data protection, cybersecurity and information security. These roles ensure that appropriate measures are implemented, monitored, and regularly reviewed to maintain the effectiveness of our privacy and security controls.

We implement appropriate technical and organisational measures to safeguard personal data that is accessed or processed through the Scout® platform. These measures are designed to protect personal data against unauthorised or unlawful processing, as well as against accidental loss, destruction, or damage.

Security and privacy considerations are embedded within both our software and organisational processes. We maintain a range of controls to support the ongoing confidentiality, integrity, availability and resilience of our IT systems, services, and the data processed through them.

We are committed to respecting privacy and complying with applicable data protection legislation and maintaining our externally verified information security certifications, including ISO27001, and NCSC-approved Cyber Essentials and Cyber Essentials Plus certification.

This Privacy Notice explains, in a clear and transparent manner, how Synalogik processes personal data in the course of providing our services, including when individuals access or use our website.

Synalogik has appointed a Data Protection Officer responsible for overseeing our data protection framework and compliance with applicable data protection laws.

3.  Legal information and data protection roles

Synalogik Innovative Solutions Ltd is a private limited company registered in England under company number 11601168.

Our registered office is: 4^th Floor, St James House, St James Square, Cheltenham GL50 3PR.

Our trading (operating) address is: Midlands Centre for Cyber Security, Hursey Road, Rotherwas, Hereford Hr2,6FP.

If you wish to contact Synalogik regarding privacy or data protection matters, please email compliance@synalogik.com

Synalogik is registered with the Information Commissioner’s Office (ICO) under registration number ZA464486.

Our website and software platform, Scout®, are designed for use by organisations and authorised users within those organisations. They are not intended for use by private individuals or by persons under the age of 18.

Our role in processing personal data

For the purposes of data protection legislation, Synalogik may act as either a controller or a processor, depending on the nature of the processing activity.

 Controller

A controller determines the purposes and means of processing personal data (in other words, the ‘why’ and ‘how’ personal data is processed).

Synalogik acts as a controller where we process personal data in connection with our own business activities. This may include processing relating to:

• Employment and recruitment
• Sales, marketing and website activities
• Financial and administrative management
• Compliance with legal, regulatory, and fiduciary duties

Synalogik may also act as a controller in relation to certain publicly available datasets that we collect, maintain, structure, and make available to clients through the Scout® platform. In these cases, we determine the purposes and means of processing that data.

Clients using Scout® remain the controllers for the personal data that they upload to or process within the platform, as they determine the purposes for which their data is collected and used.

 Processor

A processor processes personal data on behalf of a controller and acts only on the controller’s instructions.

Synalogik acts as a processor when providing Scout® to our clients. In these cases, we process personal data solely in accordance with the written instructions of our clients and under the terms of our contractual agreements with them.

Synalogik may also act as a processor in relation to certain third-party data feeds available through Scout®, where the purposes and permitted uses of the data are governed by contractual terms set by the relevant data provider.

As a processor, Synalogik does not collect personal data directly from individuals and does not have a direct relationship with the individuals whose personal data may be processed within the Scout® platform.

 Personal data

Under data protection legislation, personal data means any information relating to an identified or identifiable living individual.

Personal data processed through Scout® is typically provided and controlled by our clients. Synalogik does not determine the investigative or analytical purposes for which clients use the platform.

4. What is Scout®

Scout® is a secure cloud-based Software-as-a-Service (SaaS) platform provided by Synalogik. It enables Clients to bring together information from multiple data sources within a single environment to support investigative, compliance, monitoring, and case management activities.

Scout® allows authorised users within client organisations to analyse information, manage cases and customer records, link related profiles, generate reports, and assess potential risk indicators. These tools support Clients in fulfilling their legal, regulatory, investigative, and compliance obligations.

Each Client operates within its own dedicated instance of Scout®. Client environments are logically separated, meaning one Client cannot access another Client’s account, information, or processing activities.

Scout® is designed and developed using secure software practices and is supported by a range of technical, organisational, and procedural security measures. The platform can be configured by Clients to support their specific investigative, monitoring, and reporting requirements. Clients remain responsible for determining what data is processed within their environment and how it is used.

 Data sources available through Scout®

Clients may upload their own datasets into Scout® and may also access datasets that are provided by third party data suppliers. These suppliers impose contractual restrictions on how their data may be used (use cases).

As part of our due diligence and onboarding processes, Clients must specify the purposes for which they intend to use these datasets. Access to particular data sources is then enabled only where the intended use aligns with the permitted use cases defined by the relevant data supplier.

Synalogik enforces these contractual restrictions through technical and organisational controls within the Scout® platform.

Contractual obligations imposed by the respective data supplier, where applicable, flow down to our Clients through our own contractual arrangements and are made readily accessible to Clients as part of the contracting process.

These datasets may support activities (use cases) such as: data validation, anti-money laundering, fraud investigation, prevention and detection; law enforcement and national security measures, debt collection and tracing; prevention and detection of crime; asset reunification; PEPs and sanctions checks; financial vulnerability assessments; or to complying with regulatory obligations such as the licence rules imposed by the Gambling Commission in support of safer and responsible gambling.

Some Clients may access data provided by Credit Reference Agencies (CRAs) such as TransUnion, Experian, or Equifax. These organisations process and share personal data in accordance with their own privacy notices. Further information can be found in the Credit Reference Agency Information Notices (CRAIN) available at:

• https://www.transunion.co.uk/legal/privacy-centre/pc-credit-reference
• https://www.experian.co.uk/legal/crain/?utm_medium=internalRef&utm_source=Consumer%20Services
• https://www.equifax.co.uk/privacy-hub/crain
• https://ico.org.uk/for-the-public/credit/ (for additional information on credit reference agencies via the Information Commissioner’s Office (ICO)).

Clients may also access public record information that is publicly available from sources such as Companies House, the Financial Conduct Authority (FCA), Land Registry, DVLA or DVSA. These organisations are responsible for explaining how they collect and use the personal data through their own privacy notices.

Publicly available datasets is a general term used to refer to datasets that can be easily found and accessed by using a standard search engine on the internet, or by directly visiting publicly accessible websites. Public record information is information that is made public, subject to legal/regulatory provisions, imposed on the public record holder.

 Synalogik’s role in relation to Scout®

In most cases, Synalogik operates as a processor, for the data processed by the Scout® platform. This means we process personal data on behalf of our Clients and only in accordance with their written instructions and our contractual arrangements with them.

Clients act as the controllers for the personal data they process within Scout® and they determine:

• What data is uploaded or accessed
• The purposes for which data is processed
• The scope and proportionality of searches performed
• How results are analysed, used and how long they are retained for.

Scout® presents information and analytical outputs to authorised Client users. No automated decision-making is carried out by Synalogik. Any investigative or operational decisions based on information obtained through Scout® are made by the Client.

 Access to client data

Synalogik does not routinely access Client data stored within Scout®. Access is strictly controlled and only permitted where necessary for authorised operational purposes, such as technical support, system maintenance, or resolving service issues. Any such access is subject to strict internal controls, appropriate Client authorisation, technical safeguards and only granted to approved employees.

Service monitoring and security

Scout® includes monitoring capabilities that support the operation, security, and reliability of the service. This may include monitoring system performance, usage volumes, and network activity to detect potential technical issues or security risks.

Service monitoring does not involve reviewing the personal data uploaded or processed by Clients within Scout®.

As part of our security infrastructure, we also monitor system and network activity to detect potential  unauthorised access or misuse of our systems. This monitoring helps ensure the confidentiality, integrity, and availability of the Scout® platform.

 Data retention

Client data stored within Scout® is retained in accordance with the retention policies determined by the Client acting as the data controller. Any Client data stored for Disaster Recovery or Business Continuity (DR/BC) purposes is securely and irretrievably deleted in line with our contractual agreement with the Client.

5.  How personal data may appear in Scout®

Personal data processed within Scout® typically originates from one or more of the following sources:

• Data Provided by our Clients, including information they upload or enter into the platform as part of their investigative, compliance or customer management activities.
• Data obtained from third-party data suppliers, where our Clients are permitted to access those datasets for specific purposes in accordance with contractual and regulatory requirements.
• Information from publicly available sources, such as public records and other official registers, regulatory databases, or publicly accessible records easily obtained from an internet search engine.

Our clients determine which data sources are used and the purposes for which the information is processed. Synalogik provides the platform through which this information can be accessed, aggregated, and analysed.

6.  Client data processed using Scout®

When a Client accesses Scout®, they are presented with an acceptable use policy which must be acknowledged before accessing the system. Clients may use Scout® to investigate and analyse their own datasets, or to supplement those datasets with information retrieved through authorised searches of external data sources available through the platform.

Access to external data sources is governed by contractual restrictions imposed by the relevant data suppliers. These restrictions are supported by technical controls within Scout® which ensure that data sources can only be accessed where the relevant permissions and permitted use cases apply.

When a Client performs a search, Scout® queries authorised external data sources and returns results through the Scout® interface. To perform searches or support analysis, Clients may input information into the platform. This information may include personal data such as names, addresses, dates of birth, contact details, email addresses, vehicle information, property ownership data, company directorship information, or other identifiers. In some circumstances this may also include information relating to third parties or geographical locations, including IP addresses.

Clients operating in areas such as crime prevention, fraud detection, regulatory compliance, or national security may process additional categories of information in order to fulfil their legal or regulatory obligations.

Depending on the datasets accessed, a wide range of information may be returned from external sources. These sources may include industry data suppliers, credit reference agencies, publicly available registers, government websites (including sanctions lists), or publicly accessible information relating to matters such as adverse media, insolvency events, court judgments, or other financial indicators.

Data suppliers are responsible for ensuring that personal data provided through their services has been lawfully obtained and may be used for the permitted purposes defined in their contractual terms.

Where information originates from governmental or official public records, the lawful basis for publication and disclosure will typically relate to the exercise of a public function, compliance with legal obligations, or matters of substantial public interest.

Some datasets may contain special category data or criminal offence data, such as information relating to health, ethnicity, religion, political opinions, or alleged or actual criminal activity. The processing of such data is determined by the Client acting as data controller and must be supported by an appropriate lawful basis under applicable data protection legislation.

Client information processed within Scout® is processed only in accordance with the Client’s written instructions. The Client remains responsible, as data controller, for ensuring that their processing activities are lawful and supported by an appropriate lawful basis.

Where Synalogik act as a controller, we do not collect, store, or process data originating from Client searches for our own internal purposes. We are contractually restricted from accessing certain external data sources for our own use and have implemented appropriate technical and organisational measures to prevent such access.

7.  What information do we, as controller, collect or process about you?

7.1 Website visitors and general enquiries

We may collect personal information when you interact with us, including when you visit our website or contact us through website forms or enquiries.

When you visit our website, we may collect certain technical information such as your IP address, approximate geographical location, and information about the pages you access. This information is typically collected through standard website analytics tools.

Your identity will remain anonymous unless you choose to provide personal information to us, for example when submitting an enquiry or requesting further information about our services.

7.2 Business information

To promote and develop our services, we may process business contact information relating to individuals working within organisations in the public or private sector. This may include your name, business contact details, job title, and the organisation you work for.

This information is used only where necessary to establish or maintain a professional or business relationship.

In some circumstances we may engage third-party service providers to assist with maintaining accurate business contact information. For example, they may help update contact details or identify appropriate points of contact within organisations.

Sales and marketing calls conducted by our team may be recorded for training, quality assurance, and monitoring purposes.

In the course of normal business operations we may also process limited personal information through commonly used business communication tools and collaboration platforms such as email systems, messaging platforms, video conferencing tools, or document management systems. This may include communications, meeting recordings, training sessions, demonstrations, feedback, or collaborative working activities.

We process this information as necessary for the effective management and operation of our business and to fulfil our contractual, legal, and regulatory obligations.

Synalogik does not sell, trade, or otherwise commercially exploit personal data obtained from website visitors, business contacts, Clients, or authorised users of our services.

 7.3 Lawful basis for processing

Where Synalogik processes personal data as a data controller, we rely on appropriate lawful bases under data protection legislation.

For website cookies, we rely on consent for non-essential cookies. This is managed through the cookie banner presented when you first visit our website. Essential cookies required for the operation of the website are processed on the basis of legitimate interests.

For enquiries, business communications, and general business administration, we typically rely on legitimate interests or contractual necessity, depending on the nature of the interaction.

Where we rely on legitimate interests, we ensure that such interests do not override your fundamental rights and freedoms. We may also rely on the recognised legitimate interests for disclosures to public bodies for safeguarding, crime prevention, National security or emergency purposes.

We will only use personal data for the purposes for which it was collected unless we reasonably consider that another use is compatible with the original purpose, or where the processing can be treated as compatible with the original purpose subject to the UK’s Data Protection Legislation. (e.g. public security, emergencies, crime prevention, vital interests, safeguarding, taxation, legal obligation).

Where Synalogik acts as a controller in relation to certain publicly available datasets, we rely on legitimate interests and/or public interest grounds where the information is already lawfully published through official public registers or similar sources.

Where Synalogik acts as a data processor, personal data is processed only on the documented instructions of our Clients.

8. Who personal data is disclosed or shared with?

8.1 Personal data processed using Scout®

Personal data processed within Scout® is disclosed only to the external data suppliers selected by the Client when conducting authorised searches. Information submitted during a search may be transmitted to the relevant data provider for the purpose of identifying matching records and returning results to the Client through the Scout® platform.

Search results may be stored within the Client’s instance of Scout®, subject to the retention policies determined by the Client as data controller.

In limited circumstances we may be legally required to disclose information to law enforcement authorities or regulatory bodies. This would only occur where required by law, such as in response to a court order, warrant, or other lawful request and subject to our Data Protection Officer’s guidance.

8.2 Website visitors and general enquiries

Information collected through our website may be processed by our website hosting provider, who operates the infrastructure supporting the website on our behalf.

These providers act as data processors and are subject to contractual obligations requiring confidentiality and appropriate data protection safeguards.

8.3 Business information

We rely on trusted third-party service providers to support our business operations. These may include providers of CRM systems, cloud services, accounting software, human resources platforms, and other corporate business tools.

These providers process personal data only under our instructions and are subject to contractual safeguards and confidentiality obligations.

In some circumstances we may share information with professional advisers such as accountants, auditors, or legal advisers where necessary for the operation of the business.

External IT support providers may occasionally require access to systems during maintenance or troubleshooting activities. Any such access is carefully controlled and subject to appropriate contractual and security safeguards.

9. Data security

Synalogik uses secure cloud-based infrastructure to store and process data. Personal data is stored and processed within a secure environment using appropriate encryption and security controls.

We implement a range of technical and organisational security measures designed to protect personal data against unauthorised or unlawful processing, as well as accidental loss, destruction, or damage.

Our security measures include regular staff training in information security and data protection, internal governance controls, and technical safeguards designed to ensure the confidentiality, integrity, availability, and resilience of our systems.

Our systems are regularly subject to independent security testing, including penetration testing conducted by qualified external security specialists.

Synalogik maintains recognised information security certifications, including ISO27001 and NCSC-approved Cyber Essentials and Cyber Essentials Plus certification, providing assurance that appropriate governance, risk management, and security practices are maintained.

We also maintain incident management procedures to ensure that any suspected or confirmed data breaches are identified, managed, and reported in accordance with applicable legal requirements.

10.  Retention of your information

Where personal data is processed within Scout®, retention periods are determined by the Client acting as data controller. Scout® provides configurable retention controls to allow Clients to apply their own retention policies.

Where a Client’s retention period expires, or where the Client requests deletion of data, Synalogik will take appropriate steps to securely remove the relevant information in accordance with our contractual arrangements with the Client.

For business, contractual, or employment relationships, we generally retain relevant information for up to seven years after the relationship ends, unless a longer retention period is required by law.

For information relating to cookies, please refer to our Cookie Policy.

11.  Cookies

Cookies are small text files placed on your device to collect standard internet log information and information about visitor behaviour.

We use cookies to monitor and manage the use of our website and to improve website functionality.

Scout® uses session cookies to support secure user access and maintain user interface settings during active sessions. These cookies expire automatically when the browser session ends and do not contain personal information.

When visiting our website you will be presented with a cookie banner allowing you to accept or decline non-essential cookies.

Further information about cookies can be found at:

• aboutcookies.org
• allaboutcookies.org

12.  Your rights

Under the UK GDPR and the Data Protection Act 2018, individuals have certain rights in relation to their personal data.

Before responding to a rights request, we may need to verify your identity.

The way we handle your request will depend on whether Synalogik acts as a data controller or data processor in relation to the relevant data.

Where we act as a processor, requests will generally be referred to the appropriate data controller.

Your rights include:

Right of access

You have the right to request a copy of the personal data we hold about you.

Right to rectification

You have the right to request correction of inaccurate or incomplete personal data

Right to erasure

You may request the deletion of personal data where there is no lawful reason for us to continue processing it.

Right to restrict processing

You may request that we limit how your personal data is processed in certain circumstances.

Right to data portability

You may request that certain personal data be provided in a structured, commonly used format so that it can be transferred to another service provider.

Right to object

You may object to processing carried out on the basis of legitimate interests or for direct marketing purposes.

Rights relating to automated decision-making

Scout® may generate analytical outputs such as risk indicators or dataset matches. However, Synalogik does not carry out automated decision-making that produces legal or similarly significant effects on individuals.

Right to stop direct marketing

You may request that we stop sending you marketing communications at any time. Some rights may be limited where legal or contractual obligations require continued processing.

Right to complain

You have the right to complain to Synalogik (as controller) if you consider that we have infringed data protection legislation when processing your personal data. The right to complain requires you to first raise your complaint with Synalogik before escalating to the Information Commissioner’s Office (ICO).

If you wish to raise a complaint you can do so by emailing the Data Protection Officer (DPO) at compliance@synalogik.com setting out the nature and details of your complaint. If you are unhappy with our response, you can contact the ICO on the details provided below.

13. Contact details

If you have any questions, queries or are unhappy with how we have, or may have, processed your personal information, please do not hesitate to contact us using the details provided below:

The Data Protection Officer (DPO)

Email: compliance@synalogik.com

If you are unhappy with how we have processed your information you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), their contact details are below.

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire, SK9 5AF
Helpline: 0303 123 1113 (local rate) or +44 1625 545 745
https://ico.org.uk/concerns/

We encourage you to contact us first so that we can attempt to resolve any concerns.

Changes to our Privacy Notice

We keep this Privacy Notice under regular review. Any updates will be published on this page and the date of the latest revision will be indicated at the top of the notice.