Privacy Policy

About Synez Technologies

Synez Technologies Ltd is a specialist IT and business transformation company dedicated to helping small and medium-sized enterprises (SMEs) establish, operate, and scale Global Capability Centres (GCCs). We provide end-to-end GCC consulting, technology infrastructure, talent strategy, regulatory compliance advisory, and operational support across the United Kingdom, the European Union, and the United States of America.

As a data controller, Synez Technologies determines the purposes and means by which personal data is processed. Our registered details are:

• Company NameSynez Technologies Ltd
• Websitewww.syneztech.com
• Contact Emailinfo@syneztech.com
• Data Protection OfficerGaurav.t@syneztech.com

Scope of This Policy

This Privacy Policy applies to:

• Visitors to our website and any related digital platforms or portals operated by Synez Technologies.
• Prospective and existing clients, including business owners, executives, and representatives of SMEs exploring or procuring GCC-related services.
• Job applicants, contractors, consultants, and individuals who engage with our recruitment or talent acquisition processes.
• Partners, vendors, and third-party service providers who interact with our systems or personnel.

This policy does not apply to third-party websites linked from our website. We encourage you to review the privacy policies of those third parties independently.

Personal Data We Collect

Depending on your interaction with us, we may collect and process the following categories of personal data:

3.1 Information You Provide Directly

• Identity DataFull name, job title, company name, and professional role.
• Contact DataEmail address, telephone number, and business or postal address.
• Enquiry & Communication DataMessages, requirements, or documents submitted through our website contact form, email, or live chat.
• Account DataLogin credentials if you access any client portal or project management tools we provide.
• Financial DataBilling details, invoicing information, and payment references (payment card data is processed by third-party payment processors and not stored by us).

3.2 Information We Collect Automatically

• Technical DataIP address, browser type and version, operating system, device identifiers, time zone, and page interaction data.
• Usage DataPages visited, time spent on site, referral URL, click paths, and other behavioural analytics.
• Cookie DataData collected via cookies and similar tracking technologies (see Section 10).

3.3 Information from Third Parties

• Publicly available professional profile information (e.g., LinkedIn) when relevant to a business engagement.
• Information from referral partners, professional networks, and industry databases used in connection with GCC advisory services.
• Background verification data, where applicable and lawfully permitted, for contractual or compliance purposes.

How We Use Your Personal Data

Synez Technologies processes personal data only for specific, legitimate purposes. The table below outlines our primary processing activities and the corresponding lawful basis under applicable data protection law:

Disclosure of Your Personal Data

Synez Technologies does not sell, rent, or trade your personal data. We may disclose your data to the following categories of recipients, strictly on a need-to-know basis and under appropriate data protection agreements:

5.1 Service Providers and Technology Partners

We engage carefully vetted third-party suppliers to support our operations, including cloud hosting providers, CRM platforms, email communication tools, cybersecurity services, and analytics platforms. All such providers are bound by Data Processing Agreements (DPAs) that restrict their use of your data to the specific services they are contracted to deliver.

5.2 Professional Advisors

We may share data with our legal counsel, accountants, auditors, and insurers where necessary to obtain professional advice or to establish, exercise, or defend legal claims.

5.3 GCC Partner Entities and Offshore Delivery Centres

In the course of providing GCC establishment and management services, we may engage with delivery partners, offshore talent firms, and co-sourcing providers. Any transfer of client or third-party personal data in this context is governed by contractual data protection obligations and conducted only with your knowledge.

5.4 Regulatory and Law Enforcement Authorities

We may disclose personal data where required by law, court order, or legitimate government authority in the UK, EU, or USA. We will notify affected individuals where permitted by law.

5.5 Business Transfers

In the event of a merger, acquisition, sale of assets, or restructuring of Synez Technologies, personal data may be transferred to the relevant successor entity. You will be informed of any such change and your rights will be protected.

International Transfers of Personal Data

Synez Technologies operates across jurisdictions. As a result, your personal data may be transferred to and processed in countries outside your country of residence, including outside the UK and EEA. We take the following measures to ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs)Where data is transferred from the UK or EEA to countries without an adequacy decision, we rely on UK International Data Transfer Agreements (IDTAs) or EU Standard Contractual Clauses.
• Adequacy DecisionsTransfers to countries recognised by the UK or EU as providing adequate data protection are conducted without additional safeguards.
• US Data TransfersFor data transferred to or processed within the United States, we comply with applicable US privacy laws and maintain GDPR-compatible contractual protections with all US-based processors.
• Data MinimisationWe transfer only the minimum data necessary for the specific purpose of the transfer.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Our standard retention periods are:

• Client and contract data7 years from the end of the contractual relationship (for tax and audit compliance).
• Marketing and prospect data3 years from last meaningful engagement, or until consent is withdrawn.
• Website analytics and technical logsUp to 26 months, in line with regulatory guidance.
• Job applicant data12 months from the date of application, unless a longer period is required by law or the applicant consents to being retained on a talent pool.
• Legal claim dataRetained for the duration of any legal proceedings plus applicable limitation periods.

Once data is no longer required, it is securely deleted or anonymised in accordance with our internal data destruction policy.

Your Rights

Depending on your jurisdiction, you have the following rights with respect to your personal data:

8.2 Rights Under US Privacy Laws (CCPA/CPRA and State Laws)

If you are a California resident or resident of another US state with applicable privacy legislation, you have the right to:

• Know what personal data we collect, use, disclose, and sell (we do not sell personal data).
• Delete your personal data, subject to certain exceptions.
• Opt out of any sale or sharing of your personal data (no such activity takes place at Synez Technologies).
• Non-discrimination for exercising your privacy rights.
• Correct inaccurate personal data we hold about you.
• Limit the use and disclosure of sensitive personal information.

8.3 How to Exercise Your Rights

To exercise any of your rights, please contact us at info@syneztech.com. We will respond within 30 days (UK/EU) or 45 days (US) of receiving a valid request. We may require proof of identity before processing your request.

Data Security

Synez Technologies takes the security of your personal data seriously. We implement a comprehensive set of technical and organisational measures to protect data against unauthorised access, loss, alteration, or disclosure, including:

• End-to-end encryption for data in transit (TLS 1.2+) and encryption at rest for sensitive data stores.
• Role-based access controls (RBAC) and multi-factor authentication (MFA) across all internal systems.
• Regular penetration testing, vulnerability assessments, and security audits conducted by independent specialists.
• ISO 27001-aligned information security management practices.
• Staff training on data protection, information security awareness, and phishing prevention.
• Incident response and breach notification procedures compliant with UK GDPR Article 33, EU GDPR Article 33, and applicable US breach notification laws.

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay.

Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance user experience, analyse traffic, and support marketing activities. We classify our cookies as follows:

• Strictly Necessary CookiesEssential for the website to function. These cannot be disabled.
• Performance & Analytics CookiesHelp us understand how visitors interact with our website (e.g., Google Analytics). Enabled only with your consent.
• Functional CookiesRemember your preferences, such as language settings or previously entered form data.
• Marketing & Targeting CookiesUsed to deliver relevant advertising and measure campaign performance. Only activated with explicit consent.

You can manage your cookie preferences at any time via our Cookie Consent Manager displayed on your first visit to our website, or by adjusting your browser settings. Withdrawing consent will not affect prior lawful processing.

Marketing Communications

We may send you information about our GCC consulting services, whitepapers, webinars, and industry insights by email or other channels. We will only do so if:

• You have expressly opted in to receive such communications, or
• You are an existing client or business contact and we are communicating about services similar to those you have previously engaged with (soft opt-in, where applicable under PECR and equivalent rules).

You can unsubscribe from marketing communications at any time by clicking the unsubscribe link in any of our emails or by contacting us at info@syneztech.com. Opting out will not affect transactional or service-related communications.

Children's Privacy

Our website and services are directed exclusively at business professionals and are not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If you become aware that a child has provided us with personal data without parental consent, please contact us immediately at info@syneztech.com and we will take prompt steps to delete such data.

Third-Party Links and Integrations

Our website may contain links to third-party websites, case study partners, industry publications, or platforms that are not operated by Synez Technologies. This Privacy Policy does not apply to those external sites. We encourage you to review the privacy notices of any third-party websites you visit. We are not responsible for the privacy practices or content of third-party sites.

Changes to This Privacy Policy

Synez Technologies reserves the right to update or amend this Privacy Policy at any time to reflect changes in law, regulatory guidance, or our business practices. When we make material changes, we will:

• Update the 'Last Updated' date at the top of this document.
• Post a prominent notice on our website homepage for a period of at least 30 days.
• Where appropriate, notify you directly by email if we hold your contact details and the change materially affects how we process your data.

We encourage you to review this policy periodically to remain informed about how we protect your information.

Supervisory Authorities and Complaints

If you believe that Synez Technologies has processed your personal data in violation of applicable data protection law, please contact us at Info@syneztech.com.

Contact Us