Privacy policy

GENERAL

In this policy, the terms We, Us, Our means Sync (“Sync”) a trading name of GBM Digital Technologies Ltd of Unit 2.3, Arbeta, 11 Northampton Rd, Manchester, M40 5BP.

COMPANY STRUCTURE

GBM Digital Technologies Limited is a subsidiary of GBM Digital Technologies Holdings Limited, which is a subsidiary of GBM Digital Technologies Group Limited.

We are an ICT hardware and services provider, providing technology-oriented products and services to consumers, businesses, educational establishments, charities, and public sector bodies.

POLICY BRIEF AND PURPOSE

Our Privacy policy details how we manage our customer’s Personal Data including the way Personal Data is collected, used, disclosed, and stored.

PERSONAL DATA

The Information Commissioners Office (ICO) defines Personal Data as “any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier”.

We may request Personal Data from you in order to provide you with a product, service, or information (including quotations, or support). You do not have to provide us with your Personal Data. Where you have chosen not to provide us with your Personal Data, we may be unable to provide you with your required product, service, or information.

DATA ROLES AND RESPONSIBILITIES

Depending on the nature of the products and services being provided, Sync may act as either a Data Controller or a Data Processor under UK data protection legislation.

Sync acts as a Data Controller where we determine the purposes and means of processing Personal Data, including in relation to:

• quotations and sales activities;
• customer account management;
• finance and leasing referrals;
• marketing communications;
• repair services;
• support services;
• fraud prevention;
• supplier and partner management; and
• compliance with legal and regulatory obligations.

In certain circumstances, Sync may act as a Data Processor on behalf of a customer, including where we process Personal Data solely on the documented instructions of that customer, such as:

• fulfilment and logistics services;
• drop shipment activities;
• device deployment and configuration services;
• managed IT services; or
• other contracted business services.

Where Sync acts as a Data Processor, we process Personal Data only in accordance with the applicable customer agreement or data processing arrangements.

We may also share Personal Data with third parties who act as independent Data Controllers, including manufacturers, distributors, finance providers, leasing companies, repair platforms, software providers, logistics partners, and technology providers. Those organisations determine their own purposes and means of processing Personal Data in accordance with their own privacy policies and legal obligations.

Customers and data subjects should review the privacy notices of relevant third parties before proceeding with products or services involving those organisations.

HOW PERSONAL DATA IS COLLECTED

Personal Data is predominantly collected by phone, email, our websites (www.wearesync.co.uk or shop.wearesync.co.uk), fax, face to face meetings, face to face at events, via social media (e.g. LinkedIN), and post. Sending Personal Data to us is done at your own risk. Our internal processes have been designed to keep your Personal Data safe once it has been received.

WHERE PERSONAL DATA IS STORED AND HOW IT IS PROTECTED

We may store your Personal Data in both electronic and paper-based formats, utilising the following security mechanisms to ensure that your Personal Data is secure:

• Cyber security systems are in place to protect our network, servers, and computers.
• All company-owned computers are managed and encrypted.
• Company email is provided through Microsoft 365, hosted and secured by Microsoft.
• Our website is hosted and secured by Amazon Web Services (AWS). We also utilise some of CloudFlare’s web services.
• Automated website emails may be sent using SMTP2GO. This may include transactional emails when purchasing products from our website.
• Where Personal Data is processed using a tool, service or database provided by a third party, such as Fixably, MailChimp or others, additional security is enabled where possible. Security examples include: Two-Factor / Multi-Factor Authentication, and / or IP address locking.
• Our phone system is hosted by Microsoft and secured by 3CX.
• Physical security systems have been adopted to prevent unauthorised access to the premises – this includes the use of CCTV.
• Alongside the CCTV system provided by us, we also utilise an external security provider, Taurus, who have their own security systems in place to protect our head office (Unit 2.3, Arbeta, 11 Northampton Rd, Manchester, M40 5BP). Taurus have their own external CCTV system on our building.
• Where we utilise third parties for hosted web portals and / or services (like Fixably), they may have their own terms of use, privacy policy, and other technologies, such as cookies, in place. Third party web pages, portals or services may differ from our privacy policy and terms.

We do not intentionally collect or process Special Category Data as defined under UK GDPR in connection with our core services, finance referrals, quotations, sales activities, fulfilment services, or general customer services, except where required by law or where voluntarily provided to us and necessary for a specific service request.

Where Special Category Data is incidentally encountered during the provision of repair, support, migration, or technical services, such data will only be processed where strictly necessary for the provision of those services or as otherwise required by law.

Special Category Data may include information relating to health, racial or ethnic origin, religious beliefs, political opinions, trade union membership, genetic data, biometric data, or sexual orientation.

We do not request Special Category Data for finance referral activities.

INTERNATIONAL DATA TRANSFERS

Some third-party providers used by Sync, including cloud, software, communication, analytics, marketing, finance, fulfilment, and support providers, may process Personal Data outside the United Kingdom.

Where Personal Data is transferred internationally, we take reasonable steps to ensure that appropriate safeguards are in place in accordance with UK data protection legislation. These safeguards may include:

• adequacy regulations issued by the UK Government;
• International Data Transfer Agreements (IDTAs);
• the UK Addendum to the EU Standard Contractual Clauses; or
• other lawful transfer mechanisms recognised under UK GDPR.

We take reasonable steps to ensure that third-party providers maintain appropriate security and data protection standards.

DATA RETENTION

Whilst some data can be immediately deleted, other data must be retained by us for a defined period. We retain multiple types of data, including Personal Data in order to:

• Provide our personnel and customers with a consistent and high quality experience.
• Meet our legal requirements.
• Assist with accident, incident, or fraud investigations and prevention.

All data is categorised, based on what it relates to, and then each category is retained for a defined period:

• We retain our customer’s Personal Data for the term of the relationship + 6 years.
• Operational Data (such as non-personal data) is retained as long as it is deemed necessary, and may be deleted at any time. This data is retained for a maximum of 5+1 years.

WHAT PERSONAL DATA IS COLLECTED

• When requesting a quotation, booking a product in to our Service Centre/s, applying for a Credit Account, registering for an event or training session, using our web services and / or those provided by a third party (such as our online store or service portal’) or completing an online survey, we may collect the following Personal Data: full name, title, address, email address, occupation, place of work, phone number, mobile phone number, contact preferences, website address, and/or IP address.
• When you purchase products or services, we may collect the following information: full name, title, address, email address, occupation, place of work, phone number, mobile phone number, contact preferences, website address, payment information, and/or IP address.
• When you purchase a product which includes a discount based on your employment or status, such as ‘Teacher’, ‘Student’, or ‘Registered Carer’ discount, we may collect the following information: full name, title, address, email address, occupation or status, place of work or study, phone number, mobile phone number, contact preferences, website address, payment information, IP address and / or proof of status (such as a Teacher / Student / Registered Carer ID card).
• CCTV is used to help us secure our business locations, and may include the capture of both image and sound.
• We may utilise call recording, this may capture your voice, and any Personal Data shared by during the call.

WHY PERSONAL DATA IS COLLECTED AND HOW IT IS USED

• The Personal Information we collect from you allows us to provide you with a positive experience when working with us, and also allows us to provide you with products, services, and general advice.
• We may use your Personal Information to perform internal data analysis, in order to improve products, services, and marketing.
• Where permitted by applicable law, we may send marketing communications either:
  • where you have provided consent; or
  • where we rely upon legitimate interests in relation to existing customers or business contacts.
• We may use your Personal Data to ask about the quality of the experience you received from us (commonly referred to as Customer Satisfaction or CSAT).
• We may process Personal Data under legitimate interests where this is necessary for the operation, improvement, fulfilment, security, support, administration, fraud prevention, or promotion of our business and services, provided that such interests are not overridden by your rights and freedoms.
• We may also collect your Personal Information for fraud-prevention purposes.
• On occasion, we may send you important information relating to a product or service purchased by you from us – this includes changes to terms of service, or other policies. Due to the important nature of these communications, you cannot opt out of them.
• Through our phone system (3CX), we may utilise call recording, with calls processed for internal review, to support with internal training, and / or to help us enhance the quality of our service. Inbound callers will be notified that calls are being recorded prior to commencing the call. Outbound callers will notify customers about where their call is being recorded – prior to proceeding with the call. Not all calls are recorded, and operators are able to disable call recording as required.
• We may use Cookies on our website, which may capture Personal Data, including your IP address. Further details are provided in the Cookies section of this policy (full details available online).

DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES

• When you purchase, or enquire in to purchasing products and / or services from us, we may share your Personal Data with third parties for the purpose of providing you with information, products or services. This may include manufacturers, distributors, couriers, finance houses/lease companies, insurers, and in the case of services, external service providers. We may also add your Personal Data in to our accounts system and / or Customer Relationship Management (CRM) system. These details may include: name, address, email address, occupation, place of work, and phone number.
• We may periodically run promotional and / or advertorial activities with third parties, including Sky AdSmart, and others. In order to understand the impact of this activity, we may utilise analytical services, using technologies like Cookies to facilitate reporting. Data collected through these analytical services may be shared with third parties in relation to these campaigns, with a view to matching up, analysing, and comparing data with other data sets. Where this is the case, we will use best-practice data management practices, such as data pseudonymisation, to ensure that personal data is kept secure.
• Where you request a quotation for a large quantity of products, or for specific product lines, we may register a deal with a manufacturer or distributor / reseller with a view to providing you with enhanced benefits relating to your purchase. This could include additional discount, services, warranty or other such benefits. We may also add your Personal Data in to our accounts system and / or Customer Relationship Management (CRM) system. These details may include: name, address, email address, occupation, place of work, and phone number.
• In order to process your repair we will share your Personal Data with Apple, via their ‘Global Service Exchange’ online repair database, and Fixably. Fixably provide us with a web-based service database, that facilitates Apple device repair management. Fixably provides automated transactional emails to update Customers on the status of their repair. We may also add your Personal Data in to our accounts system and / or Customer Relationship Management (CRM) system. These details include: name, address, email address, occupation, place of work, and phone number. We may also share your details with a courier to return your device after service.
• Where you have consented to receive marketing communications from us, or where we act through legitimate interest, we may share your Personal Data with external agencies (such as MailChimp, SurveyMonkey, or others), who may manage our marketing and / or communications on our behalf. These details include: name, address, email address, occupation, place of work, and phone number.
• Where a customer has a support contract with a us, we may also collect Personal Data about the people within that organisation. We may also add your Personal Data in to our accounts system and / or Customer Relationship Management (CRM) system. This may include: name, email address, occupation, place of work, phone number, IP address.
• We may use Cookies to share information with third parties, this may also include using ‘Cookie matching’, wherein we utilise Cookies provided by a third party. These will then synchronise and share data with the third party, allowing us to obtain an enhanced analytical view of our web traffic, and other such benefits. Further details are provided in the Cookies section of this policy.
• We may pass on your Personal Data to other external parties where required by law to do so. This includes providing access to HMRC, and for fraud prevention purposes.
• We do not sell your Personal Data to third parties.
• We may share Personal Data with third parties where necessary to provide products, services, fulfilment, finance facilities, leasing arrangements, support, repairs, delivery services, fraud prevention measures, legal compliance activities, or other legitimate business functions connected with the services we provide.
• Where Personal Data is shared with third parties acting as independent Data Controllers, those organisations will process Personal Data in accordance with their own privacy policies, contractual terms, and legal obligations.
• We will not share your Personal Data with third parties for the sole purpose of allowing them to market to you directly.

Where you request finance, leasing, or payment facilities through us, including services provided by finance houses, leasing providers, intermediaries, or partners such as Propel and associated finance providers, we may share relevant Personal Data with those organisations for the purpose of:

• assessing eligibility for finance or leasing;
• obtaining quotations or approvals;
• arranging finance or leasing agreements;
• fraud prevention and identity verification; and
• administering ongoing finance or leasing arrangements.

The lawful basis relied upon for this processing may include:

• taking steps prior to entering into a contract;
• performance of a contract;
• compliance with legal obligations; and/or
• legitimate interests relating to the provision of finance, fraud prevention, credit assessment, or business administration.

Finance providers, leasing companies, intermediaries, and associated partners generally act as independent Data Controllers in relation to the Personal Data they receive and will process that data in accordance with their own privacy policies and regulatory obligations.

Customers should review the applicable privacy policies of those organisations before proceeding with any finance or leasing application or agreement.

APPLE SERVICES AND REPAIRS

Where Sync provides Apple-related services, including device repairs, diagnostics, deployment, configuration, mobile device management, Apple School Manager support, Managed Apple IDs, or related Apple services, Apple Inc. and its affiliated companies may act as independent Data Controllers in relation to Personal Data processed through their systems, platforms, and services.

Apple processes Personal Data in accordance with its own privacy notices, contractual terms, and legal obligations, independently of Sync.

Sync’s role in relation to Apple services is generally limited to facilitating, administering, configuring, repairing, or supporting those services on behalf of customers and does not include determining the purposes or means of processing undertaken independently by Apple.

Customers and users should review Apple’s privacy information to understand how Apple processes Personal Data in connection with its products and services.

NON PERSONAL DATA

• We may also collect non-Personal Information. Non-Personal Information may be used to: Provide you with a product or service, enhance our products or services, or perform internal data analysis.
• Where you are acting as a Consumer or Sole Trader, non-Personal Information may consist of: Postcode, location, occupation / job title, place of work, and details of your enquiry; for example, if you have logged a repair with us, we may collect the serial number and fault details of the machine in question.
• Where you are acting on behalf of an organisation, in addition to collecting your postcode, location, job title, place of work, and details of your enquiry, we may also collect the name and type of the organisation you are acting on the behalf of (where the employer is not a Sole Trader). We may also collect details about the organisation, including organisation phone number, organisation fax number, VAT number, company registration number, website address, generic email addresses, and number of employees.

KLARNA

In order to be able to offer you Klarna’s payment options, we will pass certain aspects of your personal information to Klarna, such as contact and order details, in order for Klarna to assess whether you qualify for their payment options and to tailor the payment options for you.

General information on Klarna can be found here. Your personal data is handled in accordance with applicable data protection law and in accordance with the information in Klarna’s privacy policy.

Whilst we have detailed some of the Cookies that we may be active on our website, the Cookies used on our website may vary from time to time. Full detail of all Cookies used on our website is available using the pop up Cookie tool (provided by Cookiebot), which is presented to you when you arrive on any page of our website. This includes full detail about any and all Cookies live on our website, and also categorises Cookies as: Necessary, Preferences, Statistics, Marketing or other.