Privacy Policy
1. Introduction
Syncrasy Ltd ("Syncrasy", "we", "us" or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, share and protect your personal data when you visit our website at https://www.syncrasy.co.uk (the "Site"), use our products or services, or otherwise interact with us.
It also explains your rights under data protection law and how you can exercise them.
Please read this policy carefully. By using our Site or services, you acknowledge that you have read and understood this policy.
2. Who we are (the data controller)
Syncrasy Ltd is the "controller" responsible for your personal data, meaning we determine the purposes and means of processing it.
Company name: Syncrasy Ltd
Registered company number: 16886844
Registered office address: 35 Berkeley Sq, Mayfair, London, W1J 5BF
ICO registration number: ZC135105
General contact email: contact@syncrasy.co.uk
We have appointed an Data Protection Officer (DPO). You can contact our DPO using the details in Section 16 below.
3. Scope of this policy
This policy applies to personal data we process about visitors to and users of our Site; customers and prospective customers; suppliers and business contacts; people who contact us by email, phone, post or social media; and recipients of our marketing communications. This policy does not cover third-party websites that may be linked from our Site. We are not responsible for the privacy practices of those sites, and we encourage you to read their own privacy policies.
4. The personal data we collect
We may collect and process the following categories of personal data:
• Identity data: name, title, username or similar identifier, job title and company name.
• Contact data: email address, postal address, telephone number.
• Account data: login credentials, account settings and preferences.
• Transaction data: details of products or services you have purchased from us, and records of payments. Card payments are handled by a third-party payment processor and we do not store full card details.
• Technical data: IP address, browser type and version, time zone setting, operating system, device information and other technology on the devices you use to access the Site.
• Usage data: information about how you use our Site and services, including pages viewed and interaction data.
• Marketing and communications data: your preferences for receiving marketing from us, and your communication preferences.
• Correspondence data: the content of messages you send us and records of your communications with us.
We do not ordinarily collect special category data (such as data about health, race, religion, sexual orientation or political opinions). If we ever need to, we will only do so with a valid lawful basis and an applicable condition under Article 9 of the UK GDPR, and we will tell you separately.
If you provide us with personal data about other individuals (for example, colleagues or references), you confirm that you have their authority to do so and that they have been made aware of this policy.
5. How we collect your personal data
We collect personal data in the following ways:
• Directly from you, when you fill in forms on our Site, create an account, make a purchase or enquiry, subscribe to communications, or contact us.
• Automatically, as you interact with our Site, through cookies and similar technologies (see Section 9).
• From third parties and public sources, for example analytics providers, payment processors, Companies House and publicly available business directories.
6. How and why we use your personal data
Under the UK GDPR we must have a lawful basis for processing your personal data. We rely on the following bases:
• To provide our products and services to you and manage your account (Identity, Contact, Account and Transaction data): performance of a contract.
• To process and deliver orders and take payment (Identity, Contact and Transaction data): performance of a contract.
• To respond to your enquiries and provide customer support (Identity, Contact and Correspondence data): legitimate interests, to assist and respond to customers.
• To operate, maintain and improve our Site and services (Technical and Usage data): legitimate interests, to keep our Site secure and improve it.
• To send you marketing communications about our products and services (Identity, Contact and Marketing data): consent, or legitimate interests where permitted (see Section 7).
• To comply with legal and regulatory obligations such as tax, accounting and fraud prevention (Identity, Contact and Transaction data): legal obligation.
• To establish, exercise or defend legal claims (any relevant data): legitimate interests, to protect our rights.
• To ensure network and information security (Technical and Usage data): legitimate interests and legal obligation.
Where we rely on legitimate interests, we have carried out a balancing assessment to ensure our interests are not overridden by your rights and freedoms. You can ask us for more information about this assessment using the contact details below.
Where we rely on consent, you may withdraw it at any time (see Section 11). Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.
7. Marketing
We may send you marketing communications where you have consented, or where we have another lawful basis to do so (for example, where you are an existing customer and we are telling you about similar products or services, in line with the soft opt-in rules).
You can opt out of marketing at any time by:
• clicking the unsubscribe link in any marketing email;
• updating your preferences in your account settings; or
• contacting us using the details in Section 16.
We will always obtain your consent before sharing your personal data with any third party for their own marketing purposes.
8. Whom we share your personal data with
We may share your personal data with the following categories of recipients:
• Service providers and processors who provide IT, hosting, infrastructure, email, payment processing, analytics and customer support services on our behalf.
• Professional advisers including lawyers, accountants, auditors and insurers.
• Regulators, law enforcement and government bodies where we are required to do so by law.
• Prospective buyers or successors in the event of a sale, merger or reorganisation of our business.
We require all processors acting on our behalf to respect the security of your personal data, to use it only for the purposes we specify, and to act in accordance with a written contract that meets the requirements of Article 28 of the UK GDPR.
We do not sell your personal data.
9. Cookies and similar technologies
Our Site uses cookies and similar technologies to distinguish you from other users, remember your preferences, and help us improve the Site.
We will only place non-essential cookies (such as analytics and marketing cookies) with your consent, which you provide through our cookie banner. You can change your preferences at any time via your browser settings.
10. International transfers
Some of our service providers are based outside the United Kingdom, so processing your personal data may involve transferring it outside the UK. Whenever we transfer personal data out of the UK, we ensure a similar degree of protection by relying on one of the following safeguards:
• transferring to a country that the UK government has deemed to provide an adequate level of protection (an adequacy decision); or
• using specific contracts approved for use in the UK, such as the International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, together with appropriate supplementary measures.
You can ask us for a copy of the relevant safeguards using the contact details in Section 16.
11. Your rights
Under the UK GDPR, you have the following rights in relation to your personal data:
• Right to be informed: to be told how we collect and use your personal data, which this policy provides.
• Right of access: to request a copy of the personal data we hold about you (a subject access request).
• Right to rectification: to have inaccurate or incomplete personal data corrected.
• Right to erasure: to ask us to delete your personal data in certain circumstances (the right to be forgotten).
• Right to restrict processing: to ask us to limit how we use your personal data in certain circumstances.
• Right to data portability: to receive certain personal data in a structured, commonly used, machine-readable format, and to have it transferred to another controller.
• Right to object: to object to processing based on our legitimate interests, and to object at any time to processing for direct marketing.
• Rights related to automated decision-making and profiling: see Section 13.
• Right to withdraw consent: where we rely on consent, you can withdraw it at any time.
These rights are not absolute and may not apply in every situation. We will explain if an exception applies when you make a request.
12. How to exercise your rights
To exercise any of your rights, please contact us using the details in Section 16.
You will not usually have to pay a fee, and we will respond to your request within one month. This period may be extended by up to two further months for complex or numerous requests, in which case we will let you know and explain why.
We may need to request specific information from you to confirm your identity before responding. This is a security measure to ensure that personal data is not disclosed to anyone who has no right to receive it.
13. Automated decision-making and profiling
We do not carry out automated decision-making (decisions made solely by automated means without human involvement) that produces legal effects concerning you or similarly significantly affects you.
14. Data retention
We will only keep your personal data for as long as necessary to fulfil the purposes for which we collected it, including to satisfy any legal, accounting or reporting requirements.
To decide the appropriate retention period, we consider the amount, nature and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process it, and whether we can achieve those purposes by other means.
By way of example:
• Customer and transaction records: retained for six to seven years after the end of our relationship, to meet tax and accounting obligations.
• Marketing data: retained until you unsubscribe or withdraw consent, and reviewed periodically.
• Enquiry and correspondence data: retained for up to two years after your last contact with us.
• Website analytics data: retained for up to 26 months.
When personal data is no longer needed, we will securely delete or anonymise it.
15. How we protect your personal data
We have implemented appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing, accidental loss, destruction or damage. These measures include encryption in transit and at rest, access controls, staff training, regular security testing, and limiting access to those who need it.
We have procedures in place to deal with any suspected personal data breach and will notify you and the Information Commissioner's Office (ICO) of a breach where we are legally required to do so.
16. Contact us
If you have any questions about this Privacy Policy, wish to exercise your rights, or want to make a complaint, please contact us:
• Email: adam@syncrasy.co.uk
• Post: 35 Berkeley Square, Mayfair, London, W1J 5BF
• Data Protection Officer: contactable using the email above.
17. Your right to complain
You have the right to lodge a complaint at any time with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection:
• Website: https://ico.org.uk
• Helpline: 0303 123 1113
We would, however, appreciate the chance to address your concerns before you approach the ICO, so please consider contacting us first.
18. Children's privacy
Our Site and services are not directed at children, and we do not knowingly collect personal data from children under 16. If you believe we have collected data from a child, please contact us and we will take steps to delete it.
19. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the Last updated date at the top of this page and, where appropriate, notify you by email or a notice on the Site. We encourage you to review this policy periodically.
.
.
Frequently Asked questions
Syncrasy turns the intelligence locked inside your people's heads into a living, organisational memory so every client feels known, every employee is prepared, and every relationship gets stronger with time.
How is this different from our CRM? We already have one.
Isn't this just another system my team won't use?
I don't trust AI to brief me before I meet an important client. What if it's wrong?
How do I know the information is still relevant and not years out of date?
Who added this, and when? Our current field can be overwritten by anyone.
Our DPO is concerned about relationship data on personal phones and in scattered documents. How does Syncrasy fix that?
When someone leaves, or is dismissed on the spot, can we revoke their access instantly?
Can we control exactly who sees which client's intelligence?
We're on Salesforce / Bullhorn / Microsoft / Google. Will it actually connect?
We've been burned by tools that took months to set up. How long does this take?
If we ever leave, can we get our data out cleanly?
We're changing CRM right now. Will we lose our relationship intelligence?
There are a lot of half-baked AI startups. Why should we trust you with our most valuable data?