We are Synectics Solutions Ltd., a fraud prevention agency which works with organisations in the fight against fraud and financial crime. Those organisations (our clients) include businesses from the finance sector, insurance sector and others who have a legitimate interest to prevent fraud against them and to verify the authenticity of an identity.
1.1. National SIRA Fraud Prevention Service
Before our clients provide services, goods or financing to you, they may undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require them and us to process personal data about you.
1.1.1. What we process and share
The personal data you have provided, has been collected from you, or has been received from third parties may include your:
- date of birth
- residential address and address history
- contact details such as email address and telephone numbers
- financial information
- employment details
- identifiers assigned to your computer or other internet connected device including your Internet Protocol (IP) address
- vehicle details
When we process your personal data, we do so on the basis that our clients have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect their business and to comply with laws that apply to them. Such processing may also be a contractual requirement of the services or financing you have requested.
We may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
1.1.2. Joint Data Controller
In respect of the National SIRA fraud prevention services we provide, we act with our clients as a Joint Data Controller.
Our responsibilities include:
- Governance and administration of the syndicate
- Automated deletion of records according to a defined retention schedule
- Responses to Data Subject Access Requests on behalf of the Syndicate
- Notifications to the Information Commissioners Office
Client responsibilities include:
- All duties in respect of individual data records and decisions
- Provision of fair processing notices and notifications to data subjects
- Obligations in respect of individual data subject rights (except Data Subject Access Requests which are handled by us on behalf of the syndicate)
1.1.3. Automated decisions
As part of the processing of your personal data, decisions may be made by automated means. This means our clients may automatically decide that you pose a fraud or money laundering risk if:
- our processing reveals your behaviour to be consistent with that of known fraudsters or money launderers; or is inconsistent with your previous submissions; or
- you appear to have deliberately hidden your true identity.
You have rights in relation to automated decision making: if you want to know more please contact us using the details below.
1.1.4. Consequences of Processing
If our client determines that you pose a fraud or money laundering risk, they may refuse to provide the services, goods or financing you have requested, or to employ you, or they may stop providing existing services to you.
A record of any fraud or money laundering risk may be passed to us and other fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details above.
1.1.5. Processing of special categories of personal data and criminal offence etc data
Our clients may include processing of special categories of personal data and criminal convictions etc data. This processing is permitted under the Data Protection Act 2018 (c.12) Schedule 1 – Special categories of personal data and criminal convictions etc data., Part 2 – Substantial Public Interest Conditions, 14(1) – Preventing Fraud. This processing is documented in an Appropriate Policy Document (APD). Further details may be obtained from our compliance team at email@example.com.
1.1.6. Data Transfers
Your personal data may be transferred outside of the UK and European Economic Area by our clients to countries which have an adequate level of protection, or where mechanisms have been put in place which comply with Data Protection Legislation.
1.2. Identity Verification Attribute Service Provider
We act as Data Controller in respect of the data processing we carry out for Identity Service Providers (ISPs) on behalf of Relying Parties (their clients). When we do this, we are operating as an Attribute Service Provider (ASP) in accordance with the UK digital identity and attributes trust framework which is a set of government rules and standards designed to establish trust in digital identity products in the UK.
1.3. CCTV Monitoring
CCTV monitoring is in use at all sites operated by Synectics Solutions Ltd for the purpose of crime prevention and public safety.
1.4. Synectics Solutions Websites and Social Media Platforms
We are Synectics Solutions Ltd. This notice explains about the information we may collect from you when you visit our website or social media platforms to request content or further details and how we use this information.
1.4.2. How we collect and use your information
When you visit our website and social media platforms, we may automatically log the standard data provided by your web browser and device as well as any personal information you provide (including through data capture forms) to enable us to identify you. The purpose of collecting this information is to enable us to assist you with any requests for information, to offer you further information in future which we believe will be of interest and to perform security management of our sites and systems.
1.4.3. The categories of information we collect
We may collect the following information
- Marketing contact information provided via social media platforms and web forms, including name and contact details.
- Security and website analytics information, including browser type, device type, operating system and device identifiers, settings and geo-location data.
1.4.4. Legal basis, storage, retention, sharing, international transfers, automated decisions and data subject rights
- The processing of personal data is necessary for the purposes of our legitimate interests (marketing, computer security and website analytics) of Synectics Solutions Ltd. (the Data Controller). If you are unable to provide this information, we may not be able to provide you with information about our products and services.
- Marketing contact information will be processed and retained by us in the UK as a record of your visit to our website. Where you have provided us with consent to use your information for marketing purposes, we will retain the information until you withdraw that consent. Your consent to this use can be withdrawn by emailing us at firstname.lastname@example.org.
- Information Security information will be processed for the purpose of ensuring network and information security. It will be retained as a record of your visit to our website or platforms. It may be accessed by our service-providers but will not be shared with anyone else other than for security incident investigation.
- Marketing contact information you provide may be processed by our service providers. Where these are located outside the UK/EEA, we ensure a similar degree of protection is afforded to your information. Further details may be obtained from our compliance team at email@example.com. The marketing information we capture may be shared with other third parties in order to promote the products and services we offer. Information Security information will not be shared with other third parties other than to the extent required by law (including in connection with any legal proceedings or to establish or defend our legal rights). We will not make automated decisions affecting you with this personal data.
- As a data subject, you have a number of rights (including access to and rectification or erasure of personal data or restriction of processing). For more information or to exercise your data protection rights please, please contact us. Our compliance team and data protection officer can be contacted at firstname.lastname@example.org in writing to PO Box 3700, Stoke-On-Trent, ST6 9ET.
- If you are unhappy about how your personal data has been used please contact us using the contact details above. You also have a right to complain to the Information Commissioner's Office, which regulates the processing of personal data.
2. Your Rights
Under data protection legislation, you may:
- object to our processing of your personal data;
- request that your personal data is erased or corrected;
- request access to your personal data.
For more information or to exercise your data protection rights please, please contact us. Our compliance team and data protection officer can be contacted at email@example.com or in writing to PO Box 3700, STOKE-ON-TRENT, ST6 9ET.
If you are unhappy about how your personal data has been used please contact us using the contact details above. You also have a right to complain to the Information Commissioner's Office https://ico.org.uk/concerns, which regulates the processing of personal data.
3. EU Representative for EU Data Subjects
We have appointed IT Governance Europe Limited to act as our EU Representative. If you wish to exercise your rights under the EU General Data Protection Regulation (GDPR), or have any queries in relation to your rights or privacy matters generally please email our Representative at firstname.lastname@example.org or post your request or query to:
EU Representative, IT Governance Europe,
Third Floor, The Boyne Tower, Bull Ring,
Co. Louth, A92 F682
When contacting our Representative please ensure you include our company name in any correspondence.