Privacy Policy

1.  WHO WE ARE

This is the privacy statement of SYNETIQ (“SYNETIQ”, “we” or “us”.)

SYNETIQ is a company incorporated in England and Wales (Company No. 11771655) having its registered office at Bentley Moor Lane, Adwick-le-Street, Doncaster, DN6 7BD.

In this privacy statement references to our website refers to www.synetiq.co.uk

2.  ROLES AND RESPONSIBILITIES

If you are a customer of SYNETIQ, or just visiting our website, this policy applies to you.

2.1  OUR RESPONSIBILITIES

If you are a registered SYNEITQ customer or a visitor to our website, we act as the ‘data controller’ of personal data. This means we determine how and why your data is processed. We are registered as a data controller at the UK Information Commissioner’s Office.

ICO Registration Number: ZA498154

SYNETIQ will review this Privacy Policy at least annually.

Last policy review: November 2019

2.2    YOUR RESPONSIBILITIES

  • Read this Privacy Policy
  • Regularly check this policy for any updates, we will review this at least annually.
  • If you are our customer, please also check the contracts between us: they may contain further details on how we collect and process your data.
  • If you provide us with personal information about other people, or if others give us your information, we will only use that information for the specific reason for which it was provided to us. By submitting the information, you confirm that you have the right to authorise us to process it on your behalf in accordance with this Privacy Policy.

3. WHEN AND HOW WE COLLECT YOUR DATA

From the first moment you interact with SYNEITQ, we are collecting data. Sometimes you provide us with data, sometimes data about you is collected automatically.

Here’s when and how we do this:

Data you ProvideData We CollectWhen
XYou browse any page of our website
XWe contact you
XXYou use our Auction or Service
XXYou contact us for support or information
XYou opt-in to marketing messages

4. TYPES OF DATA WE COLLECT

Types of Personal InformationDescription
Identity DataID Information, including your name and title
Contact DetailsAddress, Telephone Number, Email Address
Financial Data Your Bank Account Number, sort code, Credit/Debit Card Details, Credit Score
Transactional Data Details about payments to and from you.
Contractual Data Details about the services we provide to you.
Technical Data Your IP address Login information, Browser Type and version, Time zone, Geolocation information about where you might be, operating system and version
Usage Data Your URL Clickstreams (The path you take through our site), Products/services viewed, page response times, download errors, how long you stayed on our pages, what you do on those pages, how often and other actions
Communications Data What we learn about you from letters, emails and conversations between us, including social media account profiles
Publicly Available Data Details about you which are publicly available, such as on social media platforms or elsewhere on the internet
Marketing DataDetails about your preferences in receiving marketing communications from us and our third parties

5. WHERE WE COLLECT YOUR PERSONAL DATA FROM

We may collect personal information about you (or your business) from the following sources:

SourceData Type Collected
Directly from you, including when you talk to us over the phone and email us
·  Identity Data
·  Contact Details
·  Financial Data
·  Transactional Data
·  Communications Data
·  Marketing Data
·  Consents Data
  Sensitive/Special Category Data
Indirectly from you, including through your use of our products and services
·  Financial
·  Transactional
·  Technical Data
· Usage Data
Social networking sites, such as Facebook and Twitter, when you interact with us ·  Publicly Available Data
Publicly available resources, such as Companies House, the media or online resources ·  Publicly Available Data
Analytics providers, such as Google Analytics ·  Technical Data
·   Usage Data
Recruitment agencies, background check providers and credit reference agencies ·  IdentityData
·  Contact Details
·  Financial Data
Former employers or other references ·  Identity Data
· · Sensitive/Special Category Data
CCTV footage ·  Identity Data
Intermediaries ·  Identity Data
·  Contact Details
·  Sensitive/Special Category Data

6. HOW AND WHY WE USE YOUR DATA

Data protection law means that we can only use your data for certain reasons and where we have a legal basis to do so. Here are the reasons for which we process your data:

GENERAL
Purpose Type of Data Lawful Basis for processing
To register you as a new client/customer · Identity
· Contact
· Performance of a contract with you
To process and deliver our service to you including:
·  Managing Payments
·  Collecting and recover money owed to us
·  Identity
·  Contact
·  Financial
·  Transaction
· Marketing and Communications
· Performance of a contract with you
· Necessary for our legitimate interests (To recover debts due to us)
To manage our relationship with you which will include:
·  Notifying you about changes to our terms
· Notifying you about changes to our privacy policy
·  Identity
· Contact
· Marketing and Communications
·  Performance of a contract with you
· Necessary to comply with a legal obligation
To enable you to provide feedback ·  Identity
·  Contact
·  Technical Data
·  Usage Data
·  Performance of a contract with you
·  Necessary for our legitimate interests (To develop our products/services and grow our business)
To provide data to regulators or authorities in compliance with our legal and regulatory obligations ·  Identity
·  Contact
· Necessary to comply with a legal obligation
To provide data to other organisations for the purposes of fraud prevention or credit risk reduction ·  Identity
·  Contact
· Necessary to comply with a legal obligation
·  Necessary for our legitimate interests (To protect our business)
To register you as a visitor when you visit our premises and ensure your health and safety when you are on our premises ·  Identity
·  Contact
· Legal obligations
· Vital interests
· Legitimate interests (For the prevention of crime and public safety including the safety of our own employees)
Prevention of crime and public safety, including through the use of CCTV ·  Identity
·  Contact
· Legitimate interests (For the prevention of crime and public safety including the safety of our own employees)
· Legal obligations
To establish, enforce and defend legal claims ·  Identity
·  Contact
· Legitimate interests (To protect our business)
To exercise our rights set out in contracts and agreements ·  Identity
·  Contact
·  Performance of a contract with you
MARKETING
Marketing and business development activities, to include sending marketing communications and materials to you and promoting our business and its products ·  Identity ·  Contact ·  Consent
To manage the systems that contain our marketing database Managing marketing preferences and keeping our records up to date ·  Identity
·  Contact
·  Consent
Press and media relations·  Identity
·  Contact
·  Consent
To advise you of upcoming changes to the products we provide to you·  Identity ·  Contact ·  Consent
· Legitimate Interests (To let you know of changes which may impact your service or operations)
WHEN YOU VISIT OUR WEBSITE
To provide you with information you may ask for, including information about our products·  Identity
·  Contact
·  Consent
To manage our relationship with you which will include notifying you about changes to our website terms and conditions ·  Identity
·  Contact
·  Performance of a contract with you
Press and media relations·  Identity
·  Contact
·  Consent
RECRUITMENT
To process a job application, including carrying out background and reference checks and to communicate with you about the recruitment process ·  Identity
·  Contact
·  Legal obligation
·  Consent
To keep records related to our hiring processes ·  Identity
·  Contact
·  Legal Obligation
·  Consent
We will use information about your disability status to determine whether we need to provide appropriate adjustments during the recruitment process ·  Identity
·  Contact
·  Legitimate interests
·  Legal obligation

7. WHAT DOES EACH OF THE “LEGAL BASES” MEAN:

  • Consent

You have given clear consent for us to process your personal data for a specific purpose.

If you have previously given consent to us to process your data, you can freely withdraw such consent at any time. You can do this by emailing us at DPO@synetiq.co.uk

If you do withdraw your consent, and if we do not have another legal basis for processing your information, then we will stop processing your personal data. If we do have another legal basis for processing your information, then we may continue to do so subject to your legal rights.

  • Contract

Processing your data is necessary for a contract you have with us, or because we have asked you to take specific steps before entering into that contract.

  • Legal obligation

The processing is necessary for us to comply with the law (not including contractual obligations).

  • Vital interests

Processing is necessary to protect the life and death of an individual. Processing is necessary to protect the vital interests of the data subject or another natural person. Vital interests are those relating to life and death issues.

  • Legitimate interests

Processing your data is necessary for our legitimate interests or the legitimate interests of a third party, provided those interests are not outweighed by your rights and interests.

8.  YOUR PRIVACY CHOICES AND RIGHTS

8.1 YOUR CHOICES

  • You can choose not to provide us with personal data

If you choose to do this, you can continue to use the website and browse its pages, but we will not be able to process transactions without personal data.

  • You can turn off cookies in your browser by changing its settings or by declining our cookie policy

You can block cookies by activating a setting on your browser allowing you to refuse cookies. You can also delete cookies through your browser settings. If you turn off cookies, you can continue to use the website and browse its pages, but certain services might not work effectively. You may also decline our cookie policy.

  • You can ask us not to use your data for marketing

We will inform you and ask for your consent (before collecting your data) if we intend to use your data for marketing and if third parties are involved. You can opt out from marketing by emailing us at DPO@synetiq.co.uk or using the opt out links within any marketing correspondence.

8.2 Your Rights

You can exercise your rights by sending us an email at DPO@synetiq.co.uk

  • You have the right to access the information we hold about you

This includes the right to ask us supplementary information about

  • The categories of data we’re processing
    • The purposes of data processing
    • The categories of third parties to whom the data may be disclosed
    • How long the data will be stored and how the period is determined
    • Your other rights regarding our use of your data

We will provide you with the information within one month of your request unless doing so would adversely affect the rights and freedoms of others (e.g another person’s confidentiality or intellectual property rights). We’ll tell you if we can’t meet your request for that reason,

  • You have the right to make us correct any inaccurate personal data about you
  • You can object to us using your data for profiling you or making automated decisions about you

We may use your data to determine whether we should let you know information that might be relevant to you

  • You have the right to transfer your data to another service

We will give you a copy of your data in CSV so that you can provide it to another service. If you ask us and it is technically possible, we will directly transfer the data to the other service for you. We will not do so to the extent that this involves disclosing data about any other individual.

  • You have the right to be forgotten by us

You can do this by asking us to erase any personal data we hold about you, if it is no longer necessary for us to hold the data for the purposes we initially collected it for

  • You have the right to lodge a complaint regarding our use of your data

Please tell us first so we have a chance to address your concerns. If we fail in this, you can address any complaint to the Information Commissioner’s Office, either by calling their helpline (0303 123 1113) or as directed on their website at www.ico.org.uk

The Information Commissioner’s office’s normal opening hours are Monday to Friday between 9am and 5pm

9. HOW SECURE IS THE DATA WE COLLECT

We have Procedural, Technical and Physical controls in place to safeguard and secure the information we collect. But please note

  • You provide personal data at your own risk: unfortunately, no data transmission is guaranteed to be 100% secure
  • You are responsible for your username and password
  • If you believe your privacy has been breached, please contact us immediately at DPO@synetiq.co.uk

9.1 Our infrastructure

SYNETIQ holds and maintains the following standards

  • ISO 27001
  • ISO 14001
  • ISO 9001

Data is stored in the EU region by default with our cloud providers and is continuously backed up. Our data centres are protected by physical access controls, intrusion and fire detection systems and 24/7 professional security staff. Authorised staff must pass two-factor authentication before access to the data halls. All visitors are continually escorted on the premises.

10. How Secure is the data we collect?

The personal data we collect is processed at our offices around the UK and in any data processing facilities operated by the third parties identified below.

By submitting your personal data, you agree to this transfer, storing or processing by us.

We do not transfer or store your information outside the EEA, however if we would seek explicit consent from you first and take steps to ensure that your privacy rights continue to be protected as outlined in this Privacy Policy.

11. How long do we store your data?

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

In general terms, we will retain personal information about you for the duration of our relationship with you and afterwards for any period required by law or regulatory requirements.

If you wish to know how long we may hold your particular personal information then please email dpo@synetiq.co.uk.

We will archive and stop actively using any personal identifiable information about you within 6 months from the last time you had a subscription with us or purchased from us.

We will delete your personal data from our archives no later than 6 years from the end of the last financial year which you purchased from us, had an active membership with us or as agreed with you in a separate contract.

Photographic ID or Statements used to verify you when signing up to our Auction will be removed 1 year from the vehicle sale date or after termination of the subscription if no purchase has been made whichever is the latter.

12. Third Parties Who process Your Data

Businesses often use third parties to help them host their application, communicate with customers, power their emails etc. We partner with third parties who we believe are the best in their field at what they do.

When we do this, sometimes it is necessary for us to share your data with them in order to get these services to work well. Your data is shared only when strictly necessary and according to the safeguards and good practices detailed in this Privacy Policy.

Here are the details of our main third-party service providers, and what data they collect, or we share with them, where they store the data and why they need it:

INFRASTRUCTURE

Service ProviderData collected or sharedPurposePlace of processing
Amazon Web Services
AWS Privacy Policy
·  Identity Details
·  Contact Details
This is a web hosting provider. We use it to host our applications and other data you generate by using our products, services, and websites. EU
Microsoft
Microsoft privacy Policy
·  Identity Details
·  Contact Details
This is a web hosting provider. We use it to host our applications and other data you generate by using our products, services, and websites. EU
Sophos
Sophos Privacy Policy
·  Identity DetailsThis is a security service we utilise to ensure all email communications are secure and virus free EU

ANALYTICS

Service Provider Data collected or shared Purpose Place of processing
Google Analytics
Google Privacy Policy
·  Technical Data
·  Usage Data
This is used to analyse usage of our services, to determine ways to improve the delivery to you. EU
Facebook
Facebook Privacy Policy
·  Identity Data
·  Usage Data
·  Technical Data
This is used in order to provide us with a social media presence. EU

COMMUNICATIONS

Service Provider Data collected or shared Purpose Place of processing
SurveyMonkey
SurveyMonkey Pricay Policy
·  Identity Data
·  Contact Data
For keeping you up to date with our latest news and offerings (Only if you opt into Marketing) EU

PAYMENTS

Service Provider Data collected or shared PurposePlace of processing
SOTPay
SOTPay Privacy Policy
·  Identity Data
·  Contact Data
·  Financial Data
Used to process payments by youEU
SagePay
SagePay Privacy Policy
·  Identity Data
·  Contact Data
·  Financial Data
Used to process payments by you EU
CardNet
CardNet Privacy Policy
·  Identity Data
·  Contact Data
·  Financial Data
Used to process payments by you EU
PayPal
PayPal Privacy Policy
·  Identity Data
·  Contact Data
·  Financial Data
Used to process payments by you through PayPalEU
eBay
eBay Privacy Policy
·  Identity Data
·  Contact Data
·  Financial Data
Used to sell parts onlineEU

12.1 Third-Party Security Compliance

Amazon Web Services

CSA-STAR

SOC 1/ISAE 3402

SOC 2

SOC 3

FISMA

DIACAP

FedRAMP

PCI DSS Level 1

ISO 9001

ISO 27001

ISO 27017

ISO 27018

Cyber Essentials Plus

MTCS Tier 3 Certification

Microsoft

CSA-STAR

ISO 9001

ISO 20000-1:2011

ISO 22301

ISO 27001

ISO 27017

ISO 27018

ISO 27701

SOC

WCAF 2.1

SOC 1 Type 2

SOC 2 Type 2

SOC 3

Cyber Essentials Plus

13. Who we share your information with

We may share your personal information with the following third parties:

  • Other companies and service providers who we use to help us carry out our functions, such as PayPal
  • Our staff, consultants and contractors
  • Law enforcement agencies
  • Relevant regulators, including the Information Commissioner’s Office in the event of a personal data breach
  • Our insurers
  • Recruitment agencies (when providing feedback on candidates)
  • Benefits providers
  • Journalists and other members of the media
  • Potential or actual purchasers of any part of our business or assets, or other third parties in the context of a possible transfer, merger or restructuring of our business

Beyond this, we will only share your personal information with another organisation where you have given us your explicit consent to do so, unless we are obliged to do so by law.

14. If you choose not to give your personal information

Where we need to collect your personal information in order to meet our legal obligations or under the terms of a contract we have with you and you fail to provide that data when requested, it may delay or prevent us from being able to perform the contract we have entered into with you and/or comply with our own legal obligations as a business. As such, we may not be able to provide products or services to you.

15. How we use your information to make automated decisions

You will not be subject to decisions that will significantly impact on you based solely on automated decision-making.

16. Where we hold your personal information internationally

We do not transfer your personal information outside the European Economic Area (EEA).

17. Using our website

Websites administered by us including www.synetiq.co.uk use cookies. We use cookies to improve the functionality of our website. Cookies mean that a website will remember you. They make interacting with a website faster and easier (e.g. by automatically filling your name and address into text fields).

More information on how we use these and other tracking technologies – and how you can control them – can be found in the cookie policy on our website.

We keep this privacy statement under regular review and will place any updates on this website.

18. Contact information and further advice

Data Protection Officer

SYNETIQ Limited

Bentley Moor Lane

Adwick-le-Street

Doncaster

DN6 7BD

Email: DPO@synetiq.co.uk

19. Complaints

We seek to resolve directly all complaints about how we handle personal information, but you also have the right to lodge a complaint with the Information Commissioner’s Office:

Online: https://ico.org.uk/global/contact-us/email/

By post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF