Syffinity Privacy Policy - How we manage and look after your personal data
The quick summary
Syffinity Limited (we) take the protection of your Personal Data very seriously; trust in doing so is core to our business.
Syffinity manages personal data in a lawful, clear and transparent manner. We will only use the minimum personal data necessary, and only where there is a lawful basis for doing so.
We operate policies, processes and technical security measures with the objective of respecting and maintaining the confidentiality and security of your personal data, protecting against unauthorised or unplanned access, loss or use.
We do not sell personal data.
We comply with the requirements of the UK GDPR, The Data Protection Act 2018 (DPA 2018), the General Data Protection Regulation (Regulation EU 2016/679, GDPR), and other applicable law.
We are registered with the Information Commissioner's Office (ICO) with Registration number ZA414295.
This privacy policy details how Syffinity ensures that your rights are clearly met when Personal Data is communicated, used, or held (when personal data is processed).
Who are we?
We are Syffinity Limited, The Old Chapel, 16 Oakfield Road, Clifton, Bristol, BS8 2AP, UK. Registered in England & Wales, registration number: 9389497.
Where data is received by us from you or your company and we are the Controller of Personal data we will manage this data in accordance with this Privacy Policy.
In instances where we are a data Processor we act under the authority and direction of the data Controller (for instance your company) and we will only process data as directed by that Controller and for the defined purpose.
Where we do share data in line with this privacy policy, other parties may also be a data controller or processor.
What information do we collect?
We may collect personal data during the course of your relationship with us, or through your company’s relationship with us.
We will only use the minimum personal data necessary, and only where there is a lawful basis for doing so.
Personal data that we collect and use may include:
- Identity data, including:
- Your name
- Information that is generated during our activities, for instance in meeting attendance, notes, audits, reports etc.
- Information that may be passed to us for processing in accordance with the contract and the agreement between your company and Syffinity Limited
- Recordings of meetings or other interactions
- Photographs, video or audio taken in relation to the delivery of a contract where they are in accordance with the policies of the company with which we have a contract, or required for the delivery of services
- Photographs, video or audio taken for use in marketing and promotion; in these cases we will seek consent from you or from your company
- Contact information, including
- Business contact information, including e.g., your business phone number, business email, business address, job title, etc.
- Other contact information where you provide it
- Professional information, including
- Information obtained or provided during the course of delivering contractually necessary work with you; or that you provide
- Information that may be passed to us for processing in accordance with the contracts and agreements between your company and Syffinity Limited
- Technical information, including
- Information related to your device or browser that is needed for the correct operation of our website, or other IT tools; This may include e.g., your IP address, other identifiers, etc.
- We may request that you accept cookies when using our website. These enable configuration of the website to meet your needs. We do not analyse cookies other than for configuring our website to suit your device and browser. Other third-party cookies may be used by the website and these are subject to the privacy policy of the relevant organisation. You may decline cookies by configuring your web-browser. If you decline cookies parts of the website may not function correctly or you may not be able to access the website.
- Our website links to a selection of external websites outside of our scope and their cookie and privacy policies apply.
- Other information that you provide during interactions with us
- including e.g., feedback & survey responses etc.
How do we use this information and what is the legal basis for this use?
We use your personal data only when necessary, and for the following purposes:
- Meeting our contractual necessities, for instance:
- to establish a contract with you or your company
- completing work related to a contract between Syffinity Limited and you or your company, including in the course of providing deliverables and updates under the contract
- in the course of resolving a complaint or other issue
- to enable invoicing and payment
- in other ways that are agreed between Syffinity Limited and your company where this is required for completion of the contract
- and/or, to meet legal obligations, for instance:
- to comply with applicable law and regulation
- during the preparation of accounts, & meeting our legal reporting needs
- we may need to verify your identity to comply with legal requirements
- your personal data may also be processed including but not limited to use in obtaining legal advice, during legal claims, to ensure compliance, and to enable investigations. This may include the disclosure of information in connection with legal process, litigation, or where we are required to by a competent legal authority
- and/or, for the legitimate business interests of Syffinity Limited where your interests and fundamental rights to not override these, for instance:
- developing the Syffinity offering and methods
- we may need to verify your identity, and may potentially monitor our interactions with the objective of investigating and/or reporting fraud, misrepresentation, or other crime
- arranging insurance &/or during insurance claims
- where you have provided us with contact information as a current customer we may contact you using your business contact details to establish opportunities for new or further activities
- to develop and improve our services
- where you provide us with material for use in marketing or as endorsements or recommendations we may use this in publicly accessible locations, including e.g., websites, social media, etc.
- Generally we do not rely on consent as a legal basis for processing your personal data. Exceptions include:
- we will seek your consent to use your name, role, image and/or words where these are intended to be used within marketing materials
- electronic direct marketing will only be undertaken where you have given your consent to receive it, or (where this is permitted) where you have been given an option to opt-out
To opt-out of direct marketing, email Contact@syffinity.co.uk with this request. When requested we will stop sending marketing as soon as possible and in less than 30 days in any case.
Who do we share your information with?
We do not sell your personal data.
As a principle your personal data will only be shared with other parties where:
- It is required for the delivery of products or services
- In accordance with the section ‘How do we use this information...’ above, or
- To undertake administration and operation of Syffinity Limited
Personal data may be shared with suppliers or service providers to Syffinity Limited in cases where this is necessary, and in some other cases, for instance:
- With professional advisors and suppliers including:
- During the preparation of financial records, and preparation of accounts
- To receive legal advice, during legal claims, litigation, or investigations
- With auditors
- For the purposes of peer review and staff development
- With insurers, for instance for the purposes of making or defending a claim
- With government authorities, HMRC, Health & Safety Executive, law enforcement officials, or regulators
- With subcontractors or suppliers where this is required for the completion of contractual necessities, for instance where other parties undertake work on behalf of Syffinity Limited
- With IT service providers e.g., during the provision of email or other electronic communication services, data storage services, etc.
- Where you communicate with us via the Meta WhatsApp platform we may include your basic contact details within our business WhatsApp contacts list. Use of your data by Meta is in this case governed by the Meta Privacy Policy.
We ensure that sub-processors are engaged through clear agreements and we verify that the required protections & safeguards are in place, including those detailed through the UK GDPR and guidance from the ICO.
We require all third parties to respect the confidentiality and security of your data and treat it in accordance with the law. We do not permit third parties to use your personal data for their own purposes. Where information is shared we ensure that the third party has a legal basis for processing this information, and that a compliant privacy policy is in place.
If Syffinity Limited is sold, transferred or integrated with another business, we will disclose your personal data to our advisers and those of a prospective buyer where it is required, and will pass your personal data to the new owners of the business. The new owners may use your personal data in accordance with this privacy policy.
How long do we keep personal data?
We will not keep personal data for longer than is necessary. We will not retain personal data that is not necessary in relation to the purposes; we may retain information where it is required to comply with the law.
Personal data that is required within the records of a contract will normally be held for 7 years after the end of the contract; or in some cases 12 years after the end of a contract. Data may then be anonymised to enable records of contracts and for analytics.
Where personal data is no longer required it will be removed from our systems in a secure manner.
Where business contact information is held and you have been a customer, or are a prospective customer, this will typically be removed 7 years after our last contact, or immediately where you have requested this.
Where is the data stored?
Personal data is stored at rest primarily within the UK. Data may be held within the European Economic Area (EEA). Data is not stored or transferred outside the EEA without Syffinity Limited undertaking verification that the required protections & safeguards are in place, including those detailed through the UK GDPR and guidance from the ICO.
Keeping data secure
We have put in place appropriate procedural and technical security measures to protect personal data with the aim that it is not subject to unauthorised or un-planned loss, use, or access. If we know of, or suspect, a security breach or loss of personal data we will contact you and the applicable regulator when required.
If you suspect that any part of our management of personal data is not secure, please contact us immediately at DataProtection@Syffinity.co.uk
Policy updates
We may update this policy and communicate it on our website. Significant changes will be communicated where we hold contact details.
Your rights concerning your personal data
You can contact us at DataProtection@Syffinity.co.uk to exercise any of the following rights.
We may need to verify your identity as a security measure to prevent disclosure of personal data to a person that does not have the right to receive it. We may have to contact you for further information related to your request. We try to respond to legitimate requests within 30 days and will keep you updated.
You have the right to:
- Be informed about how we use personal data (including via this privacy policy)
- Request access to your personal data and receive a copy of the personal data we hold about you where we are the controller. In most cases this will be free of charge.
- note that we will need to verify your identity before providing information
- where we are a processor and not controller please make your request direct to the data controller
- Request correction or update of the personal data we hold, or supplement your personal data
- we may need to verify the accuracy of the new data you provide
- Request erasure of your personal data where there is no compelling reason for us to continue processing it
- Where your data is processed by an automated system; you have the right to data portability in a machine-readable format
- Request restriction on processing of your personal data in certain circumstances; for instance whilst a complaint is resolved, or whilst you establish accuracy of the personal data
- The right to object to processing of your personal data, when we are relying on a legitimate business interest and you want to object as you feel it impacts on your fundamental rights and freedoms
- Where we process information on the basis of your consent, you have the right to withdraw this consent at any time
- please email DataProtection@syffinity.co.uk
- we may no longer be able to provide services in this case
- withdrawing consent will not affect the lawfulness of processing prior to your withdrawing consent
- The right to complain regarding the holding or processing of your personal data
- Complaints made to us are taken very seriously, they will be addressed by a Director of Syffinity Limited and will be responded to within a reasonable period & without undue delay. Complaints can be made to DataProtection@syffinity.co.uk or to any Director of the company. We would appreciate the opportunity to resolve your concern or complaint before you take any other action.
- You have the right to complain to the Information Commissioner’s Office (ICO) at www.ico.org.uk
- Syffinity Ltd. is registered with the ICO, registration number ZA414295
Updated 9th February 2026