SYNETIQ Privacy Notice

Last policy update: May 10, 2022

This privacy policy describes how SYNETIQ and its affiliates (“SYNETIQ”, “we” or “us”) collects, uses, shares, and safeguards personal information.  This privacy policy also tells you about your rights and choices with respect to your personal information, and how you can reach us to get answers to your questions.  You can jump to particular topics by going to the headings below:

1           Who we are

2          Roles and responsibilities

2.1        Our responsibilities

2.2       Your responsibilities

3          When and how we collect data

4          Types of data we collect

5          Where we collect your personal data from

6          How and why we use your data

7          What does each of the “legal bases” mean

8          Your Privacy Choices and Rights

8.1        Your choices

8.2       Your Rights

9          How Secure is the data we collect?

9.1        Our infrastructure

10         Where is the data processed?

11          How long do we store your data?

12         Third parties who process your data

13         Who we share your information with

14         If you choose not to give your personal information

15         How we use your information to make automated decisions?

16         Using our website

17         Contact information and further advice

18         Complaints

 

1         Who we are

SYNETIQ is a company incorporated in England and Wales (Company No. 11771655) having its registered office at Bentley Moor Lane, Adwick-le-Street, Doncaster, DN6 7BD.

In this privacy statement references to our website refers to www.synetiq.co.uk

2     Roles and responsibilities

If you are a customer of SYNETIQ, or just visiting our website, this policy applies to you.

2.1          Our Responsibilities

If you are a registered SYNETIQ customer or a visitor to our website, we act as the ‘data controller’ of personal data. This means we determine how and why your data is processed. We are registered as a data controller at the UK Information Commissioner’s Office.

ICO Registration Number: ZA498154

2.2        Your Responsibilities
  • Read this Privacy Policy
  • Regularly check this policy for any updates, we will review this at least annually.
  • If you are our customer, please also check the contracts between us: they may contain further details on how we collect and process your data.
  • If you provide us with personal information about other people, or if others give us your information, we will only use that information for the specific reason for which it was provided to us. By submitting the information, you confirm that you have the right to authorise us to process it on your behalf in accordance with this Privacy Policy.

3        When and how we collect data

From the first moment you interact with SYNETIQ, we are collecting data. Sometimes you provide us with data, sometimes data about you is collected automatically.

Here are examples of when and how we do this:

Data you Provide Data We Collect When
X You browse any page of our website
X We contact you
X X You use our Auction or Service
X X You contact us for support or information
X You opt-in to marketing messages

4       Types of Data we Collect

The following provides examples of the type of information that we collect from you and how we use that information.

Types of Personal Information Description
Identity Data ID Information, including your name and title
Contact Details Address, Telephone Number, Email Address
Financial Data Your Bank Account Number, sort code, Credit/Debit Card Details, Credit Score
Transactional Data Details about payments to and from you.
Contractual Data Details about the services we provide to you.
Technical Data Your IP address Login information, Browser Type and version, Time zone, Geolocation information about where you might be, operating system and version
Usage Data Your URL Clickstreams (The path you take through our site), Products/services viewed, page response times, download errors, how long you stayed on our pages, what you do on those pages, how often and other actions
Communications Data What we learn about you from letters, emails and conversations between us, including social media account profiles
Publicly Available Data Details about you which are publicly available, such as on social media platforms or elsewhere on the internet
Marketing Data Details about your preferences in receiving marketing communications from us and our third parties
Consents Data Any permissions, consents or preferences that you give us
What about sensitive/special category data? We don’t collect any “sensitive data” about you (like racial or ethnic origin, political opinions, religious/philosophical beliefs, trade union membership, genetic data, biometric data, health data, data about your sexual life or orientation, and offences or alleged offences) except when we have your specific consent, or when we have to comply with the law
Cookies and first party tracking We use cookies and clear GIFs. “Cookies” are small pieces of information that a website sends to a computer’s hard drive while a web site is viewed. See our Cookie Policy for more information.
Cookies and Third Party Tracking We participate in behavior-based advertising, this means that a third party uses technology (e.g., a cookie) to collect information about your use of our website so that they can provide advertising about products and services tailored to your interests on our website, or on other websites. See our Cookie Policy for more information.

Where we collect your personal data from

We may collect personal information about you (or your business) from the following sources:

Source Data Type Collected
Directly from you, including when you talk to us over the phone and email us ·  Identity Data
·  Contact Details
·  Financial Data
·  Transactional Data
·  Communications Data
·  Marketing Data
·  Consents Data
·  Sensitive/Special Category Data
·  Other categories that you may share with us
Indirectly from you, including through your use of our products and services ·  Financial
·  Transactional
·  Technical Data
· Usage Data
Social networking sites, such as Facebook and Twitter, when you interact with us ·  Publicly Available Data
·  Other categories that you may share with us
Publicly available resources, such as Companies House, the media or online resources ·  Publicly Available Data
Analytics providers, such as Google Analytics ·  Technical Data
·   Usage Data
Recruitment agencies, background check providers and credit reference agencies ·  IdentityData
·  Contact Details
·  Financial Data
Former employers or other references ·  Identity Data
· Sensitive/Special Category Data
CCTV footage ·  Identity Data
Intermediaries ·  Identity Data
·  Contact Details
·  Sensitive/Special Category Data

6       How and why we use your data

Here are the reasons for which we process your data:

GENERAL
Purpose Type of Data Lawful Basis for processing
To register you as a new client/customer · Identity
· Contact
· Performance of a contract with you
To process and deliver our service to you including:
·  Managing Payments
·  Collecting and recover money owed to us
·  Identity
·  Contact
·  Financial
·  Transaction
· Marketing and Communications
· Performance of a contract with you
· Necessary for our legitimate interests (To recover debts due to us)
To manage our relationship with you which will include:
·  Notifying you about changes to our terms
· Notifying you about changes to our privacy policy
·  Identity
· Contact
· Marketing and Communications
·  Performance of a contract with you
· Necessary to comply with a legal obligation
To enable you to provide feedback ·  Identity
·  Contact
·  Technical Data
·  Usage Data
·  Performance of a contract with you
·  Necessary for our legitimate interests (To develop our products/services and grow our business)
To provide data to regulators or authorities in compliance with our legal and regulatory obligations ·  Identity
·  Contact
· Necessary to comply with a legal obligation
To provide data to other organisations for the purposes of fraud prevention or credit risk reduction ·  Identity
·  Contact
· Necessary to comply with a legal obligation
·  Necessary for our legitimate interests (To protect our business)
To register you as a visitor when you visit our premises and ensure your health and safety when you are on our premises ·  Identity
·  Contact
· Legal obligations
· Vital interests
· Legitimate interests (For the prevention of crime and public safety including the safety of our own employees)
Prevention of crime and public safety, including through the use of CCTV ·  Identity
·  Contact
· Legitimate interests (Prevention of crime and to ensure public safety)
· Legal obligation
To establish, enforce and defend legal claims ·  Identity
·  Contact
· Legitimate interests (To protect our business)
To establish and defend fines and penalty notices such as Parking Charge Notices ·  Identity
·  Contact
· Legitimate interests (To protect our business or our customers)
To exercise our rights set out in contracts and agreements ·  Identity
·  Contact
·  Performance of a contract with you
MARKETING
Marketing and business development activities, to include sending marketing communications and materials to you and promoting our business and its products ·  Identity ·  Contact ·  Consent
To manage the systems that contain our marketing database Managing marketing preferences and keeping our records up to date ·  Identity
·  Contact
·  Consent
Press and media relations ·  Identity
·  Contact
·  Consent
To advise you of upcoming changes to the products we provide to you ·  Identity ·  Contact ·  Consent
· Legitimate Interests (To let you know of changes which may impact your service or operations)
WHEN YOU VISIT OUR WEBSITE
To provide you with information you may ask for, including information about our products ·  Identity
·  Contact
·  Consent
To manage our relationship with you which will include notifying you about changes to our website terms and conditions ·  Identity
·  Contact
·  Performance of a contract with you
Press and media relations ·  Identity
·  Contact
·  Consent
To advertise or allow third parties to advertise to you ·  Identity
·  Technical Data
·  Usage Data
·  Consent
To help our website function and to learn about how you interact with it ·  Identity
·  Technical Data
·  Usage Data
·  Legitimate Interests (To let our website function correctly)
RECRUITMENT
To process a job application, including carrying out background and reference checks and to communicate with you about the recruitment process ·  Identity
·  Contact
·  Financial
·  Marketing and Communications
·  Legal obligation
·  Consent
To keep records related to our hiring processes ·  Identity
·  Contact
·  Legal Obligation
·  Consent
We will use information about your disability status to determine whether we need to provide appropriate adjustments during the recruitment process ·  Identity
·  Contact
·  Legitimate interests
·  Legal obligation
  • Consent

You have given clear consent for us to process your personal data for a specific purpose.

If you have previously given consent to us to process your data, you can freely withdraw such consent at any time. You can do this by emailing us at DPO@synetiq.co.uk

If you do withdraw your consent, if we do have another legal basis for processing your information, then we may continue to do so subject to your legal rights.

  • Contract

Processing your data is necessary for a contract you have with us, or because we have asked you to take specific steps before entering into that contract.

  • Legal obligation

The processing is necessary for us to comply with the law (not including contractual obligations).

  • Vital interests

Processing is necessary to protect life and death of an individual. Processing is necessary to protect the vital interests of the data subject or another natural person. Vital interests are those relating to life and death issues.

  • Legitimate interests

Processing your data is necessary for our legitimate interests or the legitimate interests of a third party, provided those interests are not outweighed by your rights and interests.

In each case, these legitimate interests are only valid if they are not outweighed by your rights and interests.

8       Your Privacy Choices and Rights

8.1         Your choices
  • You can choose not to provide us with personal data

If you choose to do this, you can continue to use the website and browse its pages, but we will not be able to process transactions without personal data.

  • You can turn off cookies in your browser by changing its settings or by declining our cookie policy

You can block cookies by activating a setting on your browser allowing you to refuse cookies. You can also delete cookies through your browser settings. If you turn off cookies, you can continue to use the website and browse its pages, but certain services might not work effectively. You may also decline our cookie policy.

  • You can ask us not to use your data for marketing

We will inform you and ask for your consent if we intend to use your data for marketing and if third parties are involved. You can opt out from marketing by emailing us at DPO@synetiq.co.uk or using the opt out links within any marketing correspondence.

 

8.2        Your Rights

You can exercise your rights by sending us an email at DPO@synetiq.co.uk

  • You have the right to access the information we hold about you

This includes the right to ask us supplementary information about

    • The categories of data we’re processing
    • The purposes of data processing
    • The categories of third parties to whom the data may be disclosed
    • How long the data will be stored and how the period is determined
    • Your other rights regarding our use of your data

If required by law, we will provide you with the information within one month of your request, unless doing so would adversely affect the rights and freedoms of others (e.g another person’s confidentiality or intellectual property rights). We’ll tell you if we can’t meet your request for that reason.

  • You have the right to ask us to correct any inaccurate personal data about you
  • You can object to us using your data for profiling you or making automated decisions about you

We may use your data to determine whether we should let you know information that might be relevant to you.

  • You have the right to transfer your data to another service

We will give you a copy of your data in CSV so that you can provide it to another service. If you ask us and it is technically possible, we will directly transfer the data to the other service for you. We will not do so to the extent that this involves disclosing data about any other individual.

  • You have the right to be forgotten by us

You can do this by asking us to erase any personal data we hold about you, if it is no longer necessary for us to hold the data for the purposes we initially collected it for. Please be aware that we may not delete certain information that we need to maintain for legal or other allowable purposes.

  • You have the right to lodge a complaint regarding our use of your data

Please tell us first so we have a change to address your concerns. If we fail in this, you can address any complaint to the Information Commissioner’s Office, either by calling their helpline (0303 123 1113) or as directed on their website at www.ico.org.uk

The Information Commissioner’s office’s normal opening hours are Monday to Friday between 9am and 5pm in the United Kingdom (excluding Bank Holidays).

Note that, as required by law, we will require you to prove your identity.  We may verify your identity by phone call or email. Depending on your request, we will ask for information such as your name, the last transaction you had with us, or the date of your last transaction with us. We may also ask you to provide a signed declaration confirming your identity. If you are having a third party exercise these rights on your behalf, we will require that they prove their identity and that they are authorized to act on your behalf.

9        How Secure is the data we collect?

We have reasonable procedural, technical and physical controls in place to safeguard and secure the information we collect in order to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. But please note:

  • You provide personal data at your own risk: unfortunately, no data transmission is guaranteed to be 100% secure
  • You are responsible for your username and password
  • If you believe your privacy has been breached, please contact us immediately at DPO@synetiq.co.uk

9.1         Our infrastructure

SYNETIQ holds and maintains the following standards

  • ISO 45001
  • ISO 27001
  • ISO 14001
  • ISO 9001
  • VRAC Certified Vehicle Recycler

Data is stored with our cloud providers and is continuously backed up. Our data centres are protected by physical access controls, intrusion and fire detection systems and 24/7 professional security staff. Authorised staff must pass two-factor authentication before access to the data halls. All visitors are continually escorted on the premises.

10    Where is the Data Processed?

As a multi-national company, we transmit information between and among our affiliates and other legal entities. As a result, your personal information may be processed in a country outside of the United Kingdom, including in the United States of America, and in some cases, other countries. Some of these countries may have Data Protection Laws that may be less stringent than the laws in your country.

Such transfers may be made for the following reasons:

  • to store the information.
  • to enable us to provide HR services to you.
  • where legally required.
  • to facilitate the operation of our group of businesses, when it is consistent with our legitimate business interests.

Nonetheless, where possible, we take steps to treat personal information using the same privacy principles that apply pursuant to the law of the country in which we first received your information. For example, where your information is transferred outside the UK, we will take all steps reasonably necessary to ensure that your data is subject to appropriate safeguards to protect your personal information, including through the use of Standard Contractual Clauses or other lawful transfer mechanism.

If you would like more information about the transfer of your information or about the safeguards we put in place, please contact us at by sending us an email at DPO@synetiq.co.uk. You may also request a copy of any Standard Contractual Clauses we use for the transfer of your data outside of the EEA, which includes the categories of information transferred by contacting us using the details under the “Contact Information” section below.

By submitting your personal data, you agree to this transfer, storing or processing by us.

11      How long do we store your data?

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

In general terms, we will retain personal information about you for the duration of our relationship with you and afterwards for any period required by law or regulatory requirements.

If you wish to know how long we may hold your particular personal information then please email dpo@synetiq.co.uk.

We will archive and stop actively using any personal identifiable information about you within 6 months from the last time you had a subscription with us or purchased from us, except as otherwise noted herein.

We will delete your personal data from our archives no later than 6 years from the end of the last financial year which you purchased from us, had an active membership with us or as agreed with you in a separate contract, except as otherwise noted herein.

Photographic ID or Statements used to verify you when signing up to our Auction will be removed 1 year from Vehicle sale date or after termination of the subscription if no purchase has been made whichever is the latter, except as otherwise noted herein.

12     Third Parties Who process Your Data

Businesses often use third parties to help them host their application, communicate with customers, power their emails etc. We partner with third parties who we believe are the best in their field at what they do.

When we do this, sometimes it is necessary for us to share your data with them in order to get these services to work well. Your data is shared only when strictly necessary and according to the safeguards and good practices detailed in this Privacy Policy.

13     Who we share your information with

We may share your personal information with the following third parties:

  • Other companies and service providers who we use to help us carry out our functions, such as PayPal
  • Our staff, consultants and contractors
  • Law enforcement agencies
  • Relevant regulators, including the Information Commissioner’s Office in the event of a personal data breach
  • Our insurers
  • Recruitment agencies (when providing feedback on candidates)
  • Benefits providers
  • Journalists and other members of the media
  • Potential or actual purchasers of any part of our business or assets, or other third parties in the context of a possible transfer, merger or restructuring of our business

Beyond this, we will only share your personal information with another organisation where you have given us your explicit consent to do so, unless we are obliged to do so by law.

14    If you choose not to give your personal information

Where we need to collect your personal information in order to meet our legal obligations or under the terms of a contract we have with you and you fail to provide that data when requested, it may delay or prevent us from being able to perform the contract we have entered into with you and/or comply with our own legal obligations as a business. As such, we may not be able to provide products or services to you.

15    How we use your information to make automated decisions

You will not be subject to decisions that will significantly impact on you based solely on automated decision-making.

16    Using our website

Websites administered by us including www.synetiq.co.uk use cookies. We use cookies to improve the functionality of our website. Cookies mean that a website will remember you. They make interacting with a website faster and easier (e.g. by automatically filling your name and address into text fields).

More information on how we use these and other tracking technologies – and how you can control them – can be found in the Cookie Policy on our website.

17     Contact information and further advice

Data Protection Officer
SYNETIQ Limited
Bentley Moor Lane
Adwick-le-Street
Doncaster
DN6 7BD

Email: DPO@synetiq.co.uk

18    Complaints

We seek to resolve directly all complaints about how we handle personal information, but you also have the right to lodge a complaint with the Information Commissioner’s Office:

Online: https://ico.org.uk/global/contact-us/email/

By post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF