Syntek Solutions
Get a quote

Privacy policy

Last updated: April 2026. This policy is provided in good faith as a working draft — please confirm with your solicitor before publishing publicly.

1. Who we are

This website is operated by Syntek IT Solutions Ltd (trading as Syntek Solutions), a company registered in England & Wales. Our registered office is in Horsham, West Sussex. For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, Syntek IT Solutions Ltd is the data controller for personal data collected through this website and through our enquiry, onboarding and support processes.

Queries about this policy should be addressed to our privacy contact at privacy@synteksolutions.co.uk or by post to Syntek IT Solutions Ltd, Horsham, West Sussex, United Kingdom.

2. What personal data we collect

We collect the minimum personal data needed to respond to enquiries, deliver our services and run our business:

  • Enquiry form data — your name, company, email address, telephone number, the number of users in your business, and the free-text message you send us.
  • Website analytics — if you consent to analytics cookies, Google Analytics 4 collects pseudonymised identifiers (cookie IDs), pages viewed, approximate location (country / region, not street address), device type and referrer. IP addresses are truncated before storage.
  • Telephony data — when you call us, our VoIP system records the calling number, time, duration and (where you are a contracted client and have been notified) the call recording itself for quality and dispute purposes.
  • Email correspondence — the content of emails you send us and our replies.
  • Client records — for contracted clients, billing contact, asset inventory, tenant identifiers and ticket history required to deliver the service.
  • Recruitment data — if you apply for a job, your CV and correspondence.

We do not knowingly collect special category data (health, biometric, political, etc.) and do not collect data from under-16s.

3. Legal bases for processing

We rely on the following lawful bases under Article 6 UK GDPR:

  • Legitimate interest — responding to your business enquiry, managing our client relationships, safeguarding our systems, and producing aggregate analytics. We have carried out a legitimate-interests assessment and can share it on request.
  • Contract — where we are delivering a service to you, processing is necessary to perform our contract.
  • Consent — for non-essential cookies and for any marketing email (you can withdraw consent at any time).
  • Legal obligation — to comply with HMRC, employment and other statutory record-keeping duties.

4. How long we keep your data

  • Enquiry data from non-clients — deleted after 12 months of inactivity.
  • Customer records and contracts — retained for 6 years after the end of the business relationship to meet HMRC and contract-limitation requirements.
  • Call recordings — 90 days unless the call relates to an active ticket or dispute.
  • Employment records — retained in line with statutory guidance (currently 6 years after employment ends).
  • Website analytics — retained for 14 months in Google Analytics 4, then automatically deleted.
  • Marketing email subscribers — retained until you unsubscribe, then anonymised after 30 days.

5. Your rights

Under UK GDPR you have the following rights in respect of your personal data:

  • The right to be informed about processing (this policy).
  • The right of access — a subject access request (SAR).
  • The right to rectification of inaccurate data.
  • The right to erasure ("the right to be forgotten").
  • The right to restrict processing.
  • The right to data portability.
  • The right to object to processing, including direct marketing.
  • Rights in relation to automated decision-making and profiling — we do not carry out automated decision-making that produces legal or similarly significant effects.

To exercise any of these rights, email privacy@synteksolutions.co.uk. We will respond within one calendar month. If you are unhappy with how we handle your data, you can complain to the Information Commissioner's Office (ICO) at ico.org.uk or on 0303 123 1113.

6. Who we share data with (data processors)

We use the following categories of processor to run our business. Each is bound by a written data-processing agreement:

  • Microsoft 365 / Azure — email, file storage, identity and hosting of internal systems. Data held within the UK/EU region where available.
  • Google Analytics 4 — anonymised website usage measurement (consent-based only).
  • Email marketing platform (Mailchimp or equivalent) — newsletter delivery if you have subscribed.
  • VoIP / telephony provider — call routing and recording.
  • Payment processor and accounting platform — invoice delivery, payment collection and statutory accounting records.
  • Helpdesk / PSA tool — ticket management and time tracking for contracted clients.

We will never sell your personal data.

7. International transfers

Data is primarily stored in the United Kingdom and European Union. Where a processor (for example, a US-parented analytics or email vendor) requires transfer outside the UK/EEA, we rely on the UK's adequacy regulations (where applicable, such as UK–EU transfers under the EU Commission's adequacy decision for the UK) and the UK International Data Transfer Agreement or Standard Contractual Clauses together with the UK Addendum. We carry out a transfer-risk assessment before onboarding any new non-UK processor.

8. Cookies

This site uses a small number of cookies. Non-essential cookies (analytics) are loaded only after you give consent through the cookie banner. See the full cookies policy for the current list.

9. Security

We apply the technical and organisational controls described in our information-security policy, aligned with Cyber Essentials v3.3: multi-factor authentication, encryption in transit and at rest, least-privilege access, regular patching, endpoint detection and response, and logged administrator access. No system is perfectly secure; if a personal-data breach occurs and meets the threshold, we will notify the ICO within 72 hours and inform affected data subjects without undue delay.

10. Changes to this policy

We review this policy at least annually and when our processing changes materially. The "last updated" date at the top of the page reflects the most recent review.

11. Contact

Privacy queries: privacy@synteksolutions.co.uk
General: hello@synteksolutions.co.uk ·
Post: Syntek IT Solutions Ltd, Horsham, West Sussex, United Kingdom.