Synchronous Ltd

Privacy Policy

How Synchronous Ltd collects, uses and protects personal data

This Privacy Policy explains how Synchronous Ltd (“Synchronous”, “we”, “us” or “our”) collects, uses, stores, shares and protects personal data, and sets out your rights under UK data protection law. It should be read alongside our internal Data Protection and UK GDPR Policy, which governs how our people handle personal data day to day.

1. Who we are and how to contact us

Synchronous Ltd is the data controller responsible for the personal data described in this policy.

Company name	Synchronous Ltd
Company number	17243873 (England and Wales)
Registered office	20 Wenlock Road, London, N1 7GU
Data protection contact	legal@synchronous.net
ICO registration	Registration Pending

We have appointed a Data Protection Lead with responsibility for this policy and for handling requests and queries. Contact them at legal@synchronous.net.

We are not currently required to appoint a statutory Data Protection Officer, and we keep that assessment under review as the business grows.

2. Scope

This policy covers all personal data we process about individuals: website visitors; prospective, current and former clients and their staff; suppliers, subcontractors and their staff; job applicants; employees, workers and contractors; and other professional contacts.

“Personal data” means information relating to an identifiable living individual. “Processing” means anything we do with it, from collection through to deletion.

3. The personal data we collect

Depending on your relationship with us, we may process the following categories of personal data.

3.1 Identity and contact data

• Name, job title, employer and professional role.
• Business and, where provided, personal contact details.

3.2 Client, project and commercial data

• Information needed to scope, deliver and administer our engineering, automation, consultancy and project-delivery services.
• Correspondence, instructions, meeting notes and project records.
• Contractual and billing information. We do not store full payment card details; these are handled by our payment providers.

3.3 Recruitment and HR data

• For applicants: CVs, references, right-to-work documentation and interview records.
• For staff and contractors: employment records, competence and training records (for example CSCS, IOSH and IPAF), and emergency contacts.

3.4 Health, safety and site data

• Limited data needed for site access, induction, competence verification and health and safety compliance, including under the Construction (Design and Management) Regulations 2015.
• Accident, incident and near-miss records, which may include information about a person’s health. Health data is a special category of personal data; see section 5.

3.5 Technical and website data

• IP address, browser and device information, and pages visited, collected through cookies and similar technologies. See section 9.

4. How we collect personal data

• Directly from you, when you contact us, contract with us, attend a site, apply for a role or correspond with us.
• From third parties, such as clients or principal contractors who share contact and competence details so we can deliver a project, and recruitment agencies or referees.
• Automatically, through cookies and analytics when you use our website.
• From public sources, such as Companies House, for due diligence and business development.

5. Our lawful bases for processing

We process personal data only where we have a lawful basis under Article 6 of the UK GDPR. The basis depends on the purpose.

Purpose	Lawful basis
Providing and administering services to clients	Contract; legitimate interests
Managing supplier and subcontractor relationships	Contract; legitimate interests
Business development and marketing to organisations	Legitimate interests, and consent where required for electronic marketing
Recruitment and staff administration	Contract; legal obligation; legitimate interests
Health and safety and CDM compliance on site	Legal obligation; legitimate interests; vital interests in an emergency
Meeting legal, tax and regulatory obligations	Legal obligation
Website analytics and non-essential cookies	Consent

Where we rely on legitimate interests, we have satisfied ourselves that those interests are not overridden by your rights. You can ask us about that assessment at any time.

Special category and criminal offence data

Some health and safety data is special category data. Where we process it, we also rely on a condition under Article 9 of the UK GDPR, typically that processing is necessary for employment or health and safety purposes, or to protect vital interests, in line with Schedule 1 of the Data Protection Act 2018, and we apply the additional safeguards set out in our Appropriate Policy Document.

6. Who we share personal data with

We do not sell personal data. We share it only where necessary, with appropriate safeguards, including with:

• Clients and principal contractors, to deliver projects and meet site and compliance requirements.
• Suppliers and subcontractors, where needed to deliver an engagement.
• Professional advisers, including accountants, lawyers, insurers and IT providers.
• Service providers who process data on our instructions under a written contract, such as cloud hosting, email and software providers.
• Authorities and regulators, including HMRC, the HSE and the ICO, where we are legally required to do so.

Where another organisation processes personal data on our behalf, we put in place a written contract meeting Article 28 of the UK GDPR.

7. International transfers

We keep personal data in the UK or European Economic Area wherever possible. Where a provider processes data elsewhere, we ensure an appropriate safeguard is in place, such as an adequacy decision, the UK International Data Transfer Agreement, or the UK Addendum to the EU Standard Contractual Clauses.

8. How long we keep personal data

We keep personal data only for as long as necessary for the purposes we collected it, and to meet legal, accounting, regulatory and contractual requirements. Indicative periods are set out below.

Record type	Indicative retention period
Client and project records	Duration of engagement, then up to 6 years
Health and safety and CDM records	As required by law; some records are kept considerably longer
Financial and tax records	At least 6 years
Recruitment (unsuccessful applicants)	6 to 12 months, unless consent is given to keep them longer
Website analytics	As set out in our Cookie Notice

When personal data is no longer needed, we securely delete or anonymise it.

9. Cookies and our website

Our website uses cookies and similar technologies. Strictly necessary cookies make the site work. Non-essential cookies, such as analytics, are set only with your consent, which you can give or withdraw through our cookie banner or browser settings. Our separate Cookie Notice provides further detail.

10. Your rights

Under UK data protection law you have the following rights, which are free to exercise in most cases:

• To be informed about how we use your data, through this policy.
• To access a copy of the personal data we hold about you.
• To have inaccurate data corrected.
• To have data erased in certain circumstances.
• To restrict how we use your data.
• To receive certain data in a portable format.
• To object, including to direct marketing at any time, and to processing based on legitimate interests.
• Rights relating to automated decision-making. We do not make solely automated decisions with legal or similarly significant effects.

To exercise a right, contact us at legal@synchronous.net. We will respond within one month, as the law requires, and may first need to verify your identity.

11. How to complain

Please contact us first so we can try to resolve any concern. You also have the right to complain to the Information Commissioner’s Office, the UK supervisory authority, at any time (ico.org.uk, helpline 0303 123 1113).

12. Changes to this policy

We may update this policy from time to time. The current version and effective date appear at the top, and we will communicate material changes as appropriate.