PHL Synaptik is committed to safeguarding your personal information. Whenever you provide such information, we are legally obliged to use your information in
line with all laws concerning the protection of personal information, including General Data Protection Regulation 2016 (GDPR) and the Data Protection Act 2018.
This policy applies to all personal data handled by PHL Synaptik.
PHL Synaptik shall adhere to the data protection principles set out in GDPR
(Article 5). The six principles state that personal data shall be:
a) processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes (‘purpose limitation’);
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and
organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals (‘storage limitation’);
f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful
processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and
Under the GDPR, individuals have the right to obtain confirmation that their data is being processed and, where that is the case, access to the personal data. As such, PHL Synaptik have implemented a process through which any individuals can make a request to access their personal data and details of the purposes of processing. This type of request allows the individual to verify the lawfulness of the processing and exercise rights of rectification and objection.
To make a request, an email should be sent to email@example.com. In accordance with GDPR, PHL Synaptik will respond to the query as quickly as
possible and will provide the individual with the requested information within one month. This shall be provided free of charge unless reason is found that the request is manifestly unfounded or excessive.
The response will be provided in a standardised electronic format and include a copy of all personal data requested, the purposes for processing, details of any recipient to whom personal data may have been disclosed and the envisaged period for which the personal data will be stored.
GDPR provides the following rights for individuals:
Any requests to exercise these rights should be directed to firstname.lastname@example.org.
PHL Synaptik may store the following personal information:
Information above will only be stored when required with reference to the
personal data uses listed below.
Personal Data Uses
Personal information may be used in a number of ways including:
In the event of previously collected data being required for a use not currently listed above, Synaptik will contact the individual to confirm this change.
Any information mentioned above will either be fully anonymised or deleted from all Synaptik systems (digital or physical) after a reasonable period of
time without usage. This shall take into consideration the period for which Synaptik is legally obliged to store certain information. This does not effect the individual data rights listed above.
Personal data will only be shared in the following situations:
Shared information will never include bank details. Copies of certificates listed above will not be shared without seeking further consent, though confirmation that certificate is held on file may be.
If at any time you are unhappy with the way in which Synaptik uses personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO). Further details are available via their website at https://ico.org.uk/make-a-complaint/ or alternatively by phoning them on 0303 123 1113