Legal
Privacy Statement (UK)
How we collect, use, and protect your personal data.
This privacy statement was last updated on 3 June 2026 and applies to citizens and legal permanent residents of the United Kingdom.
In this privacy statement, we explain what we do with the data we obtain about you via https://www.synapx.com. We recommend you carefully read this statement. In our processing we comply with the requirements of privacy legislation. That means, among other things, that:
- we clearly state the purposes for which we process personal data. We do this by means of this privacy statement;
- we aim to limit our collection of personal data to only the personal data required for legitimate purposes;
- we first request your explicit consent to process your personal data in cases requiring your consent;
- we take appropriate security measures to protect your personal data and also require this from parties that process personal data on our behalf;
- we respect your right to access your personal data or have it corrected or deleted, at your request.
If you have any questions, or want to know exactly what data we keep of you, please contact us.
1. Purpose, Data and Retention Period
We may collect or receive personal information for a number of purposes connected with our business operations which may include the following:
1.1 Contact – Through phone, mail, email and/or webforms
For this purpose we use the following data:
- A first and last name
- An email address
- A telephone number
Basis: Legitimate interests (Article 6(1)(f) UK GDPR) — responding to and managing enquiries from prospective and existing clients. It is in both parties' legitimate interests for us to handle contact requests you have initiated.
Retention period: 3 years from the date of last interaction or enquiry, after which data is securely deleted or anonymised. Where an enquiry results in a contract, client data is retained for 6 years from the end of the engagement (HMRC and Companies Act requirements).
1.2 Compiling and analysing statistics for website improvement
For this purpose we use the following data:
- Internet activity information, including browsing history, search history, and information regarding a consumer's interaction with the website
- Geolocation data
Basis: Consent (Article 6(1)(a) UK GDPR) — analytics cookies are only placed after you have explicitly accepted analytics cookies via our cookie consent banner. You may withdraw consent at any time via our cookie preferences.
Retention period: GA4 retains aggregated analytics data for up to 14 months. Microsoft Clarity session replays are retained for 30 days. Consent data is retained for 365 days then re-prompted (ICO guidance).
1.3 To support services or products that a customer wants to buy or has purchased
For this purpose we use the following data:
- A first and last name
- An email address
- A telephone number
Basis: Legitimate interests (Article 6(1)(f) UK GDPR) or, where a contract is in place, performance of a contract (Article 6(1)(b)).
Retention period: 6 years from the end of the relevant engagement or contract (UK Companies Act and HMRC retention guidance), after which data is securely deleted.
2. Cookies
Our website uses cookies. For more information about cookies, please refer to our Cookie Policy.
3. Disclosure Practices
We disclose personal information if we are required by law or by a court order, in response to a law enforcement agency, to the extent permitted under other provisions of law, to provide information, or for an investigation on a matter related to public safety.
If our website or organisation is taken over, sold, or involved in a merger or acquisition, your details may be disclosed to our advisers and any prospective purchasers and will be passed on to the new owners.
4. International Data Transfers
Some of our third-party service providers are based outside the United Kingdom. Whenever we transfer your personal data to a country not covered by a UK adequacy decision, we ensure appropriate safeguards are in place in accordance with Article 44 of the UK GDPR:
- Google LLC (USA) — Google Analytics 4 and Google Ads are provided by Google LLC, based in the United States. Transfers are protected by Google's Standard Contractual Clauses (SCCs) approved under the UK International Data Transfer Agreement (IDTA) framework.
- Microsoft Corporation (USA/EU) — This website is hosted on Microsoft Azure Static Web Apps and uses Microsoft Clarity. Microsoft participates in the EU-US Data Privacy Framework and uses SCCs for UK transfers.
You may request a copy of the safeguards we have put in place by contacting us using the details below.
5. Security
We are committed to the security of personal data. We take appropriate security measures to limit abuse of and unauthorised access to personal data. This ensures that only the necessary persons have access to your data, that access to the data is protected, and that our security measures are regularly reviewed.
6. Third-Party Websites
This privacy statement does not apply to third-party websites connected by links on our website. We cannot guarantee that these third parties handle your personal data in a reliable or secure manner. We recommend you read the privacy statements of these websites prior to making use of these websites.
7. Amendments to This Privacy Statement
We reserve the right to make amendments to this privacy statement. It is recommended that you consult this privacy statement regularly in order to be aware of any changes. In addition, we will actively inform you wherever possible.
8. Accessing and Modifying Your Data
If you have any questions or want to know which personal data we have about you, please contact us. You have the following rights:
- You have the right to know why your personal data is needed, what will happen to it, and how long it will be retained for.
- Right of access: You have the right to access your personal data that is known to us.
- Right to rectification: You have the right to supplement, correct, have deleted or blocked your personal data whenever you wish.
- If you give us your consent to process your data, you have the right to revoke that consent and to have your personal data deleted.
- Right to transfer your data: You have the right to request all your personal data from the controller and transfer it in its entirety to another controller.
- Right to object: You may object to the processing of your data. We comply with this, unless there are justified grounds for processing.
Please make sure to always clearly state who you are, so that we can be certain that we do not modify or delete any data of the wrong person.
9. Submitting a Complaint
If you are not satisfied with the way in which we handle (a complaint about) the processing of your personal data, you have the right to submit a complaint to the Information Commissioner's Office:
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
10. Data Protection Officer
Our Data Protection Officer has been registered with the Information Commissioner's Office. If you have any questions or requests with respect to this privacy statement or for the Data Protection Officer, you may contact Synapx Data Protection Officer, or via info@synapx.com.
11. Children
Our website is not designed to attract children and it is not our intent to collect personal data from children under the age of consent in their country of residence. We therefore request that children under the age of consent do not submit any personal data to us.
12. California Residents — CCPA / CPRA Rights
If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) gives you specific rights regarding your personal information:
- Right to Know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, and the purposes for collection.
- Right to Delete: You have the right to request deletion of personal information we have collected from you, subject to certain exceptions.
- Right to Correct: You have the right to request correction of inaccurate personal information we maintain about you.
- Right to Opt Out of Sale or Sharing: We do not sell or share your personal information with third parties for cross-context behavioural advertising. Analytics and marketing cookies (when consented to) may share pseudonymous identifiers with Google and Microsoft for conversion measurement purposes. You may opt out via our .
- Right to Limit Use of Sensitive Personal Information: We do not collect sensitive personal information as defined by CPRA.
- Right of Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.
To exercise any of these rights, please contact us or email info@synapx.com. We will respond within 45 days of receipt of your request.
13. Contact Details
Synapx Ltd
2 Leman Street, London, E1 8FA
United Kingdom
Website: https://www.synapx.com
Email: info@synapx.com
14. Data Requests
For the most frequently submitted requests, we also offer you the possibility to use our data request form. Please contact us to make a request relating to access, rectification, erasure, restriction, portability, or to object to the processing of your personal data.
Annex
Cookie consent
This website uses a lightweight, first-party cookie consent banner to collect and record your preference. Your choice is stored locally in your browser (via localStorage) under the key synapx_cookie_consent_v2. No personally identifiable information is collected or shared with any third party as part of this functionality. You can reset your preference at any time by clearing your browser's site data for this domain.
Hosting & content delivery
This website is a statically generated site hosted on Microsoft Azure Static Web Apps and served via Microsoft's global content delivery network. Standard server logs (including your IP address, browser user-agent and the requested URL) may be retained by Microsoft for security and operational purposes. For more information, see the Microsoft Privacy Statement.