Privacy Policy
syncro-group.co.uk
Last updated: 14 April 2026
1. Owner and Data Controller
Syncro Office Technology Ltd 7 Adams House, Northampton Science Park, Moulton Park Industrial Estate, Northampton NN3 6LG
Company Registration: 09472249
ICO Registration: ZA823174
Contact email: hello@syncro-group.co.uk
2. About This Policy
This privacy policy explains how Syncro Office Technology Ltd (“we”, “us”, “our”) collects, uses, stores and shares your personal data when you use our website syncro-group.co.uk (“this Application”) and our related services.
This policy is issued under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Where we refer to “GDPR” in this policy, we mean the UK GDPR unless otherwise stated.
This document can be printed for reference by using the print command in the settings of any browser.
3. Types of Data Collected
We collect the following categories of personal data, either directly from you or automatically through third-party services:
• Data you provide to us: email address, first name, last name, company name, telephone number, and any information submitted via enquiry or contact forms.
• Usage Data: information collected automatically when you use this Application, including IP addresses, browser type and version, pages visited, time and date of visits, time spent on pages, device identifiers, and other diagnostic data.
• Tracking Data: cookies and similar technologies as described in our Cookie Policy.
Unless specified otherwise, all data requested by this Application is mandatory and failure to provide it may make it impossible for us to provide our services. Where data is optional, this will be clearly indicated. Users who are uncertain about which data is mandatory are welcome to contact us.
Users are responsible for any third-party personal data obtained, published or shared through this Application.
4. Purposes and Legal Bases for Processing
We process your personal data for the following purposes, relying on the lawful bases indicated:
Service delivery (contractual necessity)
To provide, maintain and improve our services, manage your account, and respond to your enquiries.
Marketing communications (consent or legitimate interest)
To send you information about our products, services and offers. For new contacts, we rely on your explicit consent. For existing customers, we may rely on the soft opt-in under Regulation 22 of the Privacy and Electronic Communications Regulations (PECR), meaning we may contact you about similar products and services to those you have previously purchased or enquired about. You can opt out at any time.
Analytics (legitimate interest)
To understand how visitors use our website so we can improve the user experience. We use Google Analytics for this purpose.
Legal compliance (legal obligation)
To comply with applicable laws, regulations and legal processes, and to respond to lawful requests from public authorities.
Protection of rights (legitimate interest)
To protect our rights and interests (or those of our users or third parties) and to detect malicious or fraudulent activity.
5. Third-Party Data Processors
We use the following third-party service providers who process personal data on our behalf. Each operates under a data processing agreement with us:
Provider
Purpose
Location & Safeguards
Squarespace
Website hosting and content management
United States (UK adequacy regulations / SCCs)
HubSpot
CRM, marketing automation, and contact management
United States (UK adequacy regulations / SCCs)
Google Analytics
Website usage analytics
United States (UK adequacy regulations / SCCs)
In addition, data may be accessible to persons involved in the operation of this Application (administration, sales, marketing, legal, system administration) or to other external parties such as mail carriers, IT companies and communications agencies appointed as data processors. An updated list of processors may be requested from us at any time.
6. International Data Transfers
Some of the third-party processors listed above are based outside the United Kingdom. Where personal data is transferred outside the UK, we ensure that appropriate safeguards are in place as required by the UK GDPR, including:
• Transfers to countries covered by a UK adequacy decision (where the UK government has determined that the country provides an adequate level of data protection).
• Standard Contractual Clauses (SCCs) approved by the ICO, incorporated into our agreements with processors.
• Any additional supplementary measures where required following a transfer impact assessment.
For further information about the specific safeguards applied to any transfer, please contact us using the details in Section 1.
7. Methods of Processing and Security
We take appropriate technical and organisational security measures to prevent unauthorised access, disclosure, modification or destruction of your data. Processing is carried out using computers and IT-enabled tools, following organisational procedures strictly related to the purposes indicated in this policy.
8. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, unless a longer retention period is required by law or you have given consent to extended retention. Specifically:
• Data collected for the performance of a contract is retained until that contract has been fully performed, plus any statutory limitation period.
• Data processed on the basis of legitimate interest is retained for as long as needed to fulfil the relevant purpose.
• Data processed on the basis of consent is retained until consent is withdrawn.
• Where we are required to retain data to comply with a legal obligation or court order, we will do so for the period required.
Once the retention period expires, personal data is securely deleted. Rights of access, erasure, rectification and portability cannot be enforced after the retention period has expired and deletion has taken place.
9. Cookie Policy
This Application uses cookies and similar tracking technologies. For full details, please consult our Cookie Policy, accessible from our website.
10. Your Rights Under the UK GDPR
Under the UK GDPR, you have the following rights in relation to your personal data. You may exercise these rights at any time by contacting us using the details in Section 1:
• Right to withdraw consent. Where processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
• Right to access. You have the right to obtain confirmation of whether we process your personal data, and to receive a copy of it.
• Right to rectification. You may request that inaccurate personal data be corrected or incomplete data be completed.
• Right to erasure. You may request that we delete your personal data, subject to certain legal exceptions.
• Right to restrict processing. You may request that we limit how we use your data in certain circumstances.
• Right to data portability. You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
• Right to object. You may object to processing based on legitimate interest or for direct marketing purposes. Where you object to direct marketing, we will stop processing your data for that purpose immediately.
• Right to lodge a complaint. You have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection. See Section 11 below.
Requests are free of charge. We will respond within one month of receipt. Any rectification, erasure or restriction of processing will be communicated to each recipient to whom the data has been disclosed, unless this proves impossible or involves disproportionate effort.
11. Complaints
If you are unhappy with how we have handled your personal data, we encourage you to contact us first so we can try to resolve your concern. If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk
12. Additional Information
Legal action
Your personal data may be used for legal purposes by us in court or in the stages leading to possible legal action arising from improper use of this Application or the related services. You should be aware that we may be required to reveal personal data upon request of public authorities.
System logs and maintenance
For operation and maintenance purposes, this Application and any third-party services may collect system logs or use other personal data (such as IP addresses) for this purpose.
Information not contained in this policy
More details concerning the collection or processing of personal data may be requested from us at any time. Please see the contact information in Section 1.
13. Changes to This Privacy Policy
We reserve the right to update this privacy policy at any time. We will notify you of any material changes by posting the updated policy on this page and updating the “Last updated” date at the top of this document. Where changes affect processing based on your consent, we will obtain fresh consent where required.
We recommend checking this page periodically for any updates.
14. Definitions and Legal References
Personal Data: Any information that directly, indirectly, or in connection with other information allows for the identification or identifiability of a natural person.
Usage Data: Information collected automatically through this Application (or third-party services employed in this Application), which can include IP addresses, browser type, pages visited, time of visit, and other diagnostic data.
User / Data Subject: The individual using this Application; the natural person to whom the personal data refers.
Data Processor: The natural or legal person, public authority, agency or other body which processes personal data on behalf of the Data Controller, as described in this policy.
Data Controller: The natural or legal person which determines the purposes and means of the processing of personal data. Unless otherwise specified, the Data Controller is Syncro Office Technology Ltd.
This Application: The website syncro-group.co.uk and related services, being the means by which personal data is collected and processed.
Tracker: Any technology (e.g. cookies, unique identifiers, web beacons, embedded scripts, e-tags and fingerprinting) that enables the tracking of users, for example by accessing or storing information on the user’s device.
UK GDPR: The retained EU law version of the General Data Protection Regulation as it forms part of UK domestic law by virtue of the European Union (Withdrawal) Act 2018, read together with the Data Protection Act 2018.
PECR: The Privacy and Electronic Communications (EC Directive) Regulations 2003 (as amended).