Privacy Policy

Controller: Synthex HQ Limited

Company number: 15870101

Registered address: Profile West, Suite 2 First Floor, 950 Great West Road, Brentford, United Kingdom, TW8 9ES

Companies House: View company information

Website: https://www.synthexhq.com

Contact: support@synthexhq.com

We process personal data for the following purposes:

• Operating, maintaining and securing our platform, including user authentication, access control and audit logging
• Managing customer relationships, contracts and support
• Sales, marketing and business development activities
• Communicating with investors, partners and prospective customers
• Compliance with legal and regulatory obligations
• Operating our website and internal systems

Depending on the context, we may process:

• Identity and contact details (name, email address, role, organisation)
• Account and access information (user identifiers, authentication records, permissions)
• Communications (emails, meeting notes, support tickets)
• Technical and usage data (IP address, device information, system logs)
• Professional information relevant to enterprise relationships

We do not intentionally collect special category personal data in our role as controller.

We rely on the following lawful bases under applicable data protection laws:

• Performance of a contract
• Legitimate interests, including operating and securing our business and platform
• Compliance with legal obligations
• Consent, where required

When Synthex processes personal data on behalf of enterprise customers within the Synthex platform, we act as a data processor (or 'operator' under POPIA).

Such processing is governed exclusively by the relevant MSA, SOW and Data Processing Agreement agreed with the customer. This Privacy Policy does not apply to that processing.

We may share personal data with:

• Service providers and subprocessors supporting our operations (including cloud hosting, security, communications and CRM providers)
• Professional advisers (legal, accounting and audit)
• Regulators, authorities or courts where required by law

All service providers are subject to appropriate contractual, confidentiality and security obligations.

Personal data may be transferred outside the UK, EEA or South Africa where required for our operations. Where this occurs, we implement appropriate safeguards, including standard contractual clauses or equivalent lawful transfer mechanisms.

We retain personal data only for as long as necessary for the purposes described in this policy, taking into account legal, regulatory and contractual requirements.

We implement appropriate technical and organisational measures to protect personal data, including access controls, encryption, monitoring and internal security policies. Further details are available under contractual security documentation where applicable.

Under applicable data protection laws, individuals may have rights including:

• Access to their personal data
• Rectification of inaccurate or incomplete data
• Erasure
• Restriction of processing
• Objection to processing
• Data portability

Requests can be made by contacting support@synthexhq.com.

If you have concerns about how we process personal data, you may contact us directly.

You also have the right to lodge a complaint with the relevant supervisory authority, including:

• UK: Information Commissioner's Office (ICO)
• South Africa: Information Regulator (South Africa)

We may update this Privacy Policy from time to time. The latest version will always be published at https://www.synthexhq.com or another clearly accessible location.