0

GENERAL

In this policy, the terms We, Us, Our means Sync (“Sync”) a trading name of GBM Digital Technologies Ltd of 16-18 Midland Street, Ardwick, Manchester, M12 6LB.

COMPANY STRUCTURE

GBM Digital Technologies Limited is a subsidiary of GBM Digital Technologies Holdings Limited, which is a subsidiary of GBM Digital Technologies Group Limited.

We are an ICT hardware and services provider, providing technology-oriented products and services to consumers, businesses, educational establishments, charities, and public sector bodies.

POLICY BRIEF AND PURPOSE

Our Privacy policy details how we manage our customer’s Personal Data including the way Personal Data is collected, used, disclosed, and stored.

PERSONAL DATA

The Information Commissioners Office (ICO) defines Personal Data as “any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier”.

We may request Personal Data from you in order to provide you with a product, service, or information (including quotations, or support). You do not have to provide us with your Personal Data. Where you have chosen not to provide us with your Personal Data, we may be unable to provide you with your required product, service, or information.

HOW PERSONAL DATA IS COLLECTED

Personal Data is predominantly collected by phone, email, our website (www.wearesync.co.uk), fax, face to face meetings and post. Sending Personal Data to us is done at your own risk. Our internal processes have been designed to keep your Personal Data safe once it has been received.

WHERE PERSONAL DATA IS STORED AND HOW IT IS PROTECTED

We may store your Personal Data in both electronic and paper-based formats, utilising the following security mechanisms to ensure that your Personal Data is secure:

• Cyber security systems are in place to protect our network, servers, and computers.

• All company-owned computers are managed and encrypted.

• Company email is provided through Microsoft 365, hosted and secured by Microsoft.

• Our website is hosted and secured by Amazon Web Services (AWS). We also utilise some of CloudFlare’s web services.

• Automated website emails may be sent using SMTP2GO. This may include transactional emails when purchasing products from our website.

• Where Personal Data is processed using a tool, service or database provided by a third party, such as Fixably, MailChimp or others, additional security is enabled where possible. Security examples include: Two-Factor / Multi-Factor Authentication, and / or IP address locking.

• Our phone system is hosted by Microsoft and secured by 3CX. 

• Physical security systems have been adopted to prevent unauthorised access to the premises – this includes the use of CCTV.

• Alongside the CCTV system provided by us, we also utilise an external security provider, Taurus, who have their own security systems in place to protect our head office (16-18 Midland Street, Ardwick, Manchester M12 6LB). Taurus have their own external CCTV system on our building.

• Where we utilise third parties for hosted web portals and / or services (like Fixably), they may have their own terms of use, privacy policy, and other technologies, such as cookies, in place. Third party web pages, portals or services may differ from our privacy policy and terms.

We do not store Sensitive Personal Data, such as Debit or Credit card details, other than as required for fraud prevention or legal purposes.

DATA RETENTION

Whilst some data can be immediately deleted, other data must be retained by us for a defined period. We retain multiple types of data, including Personal Data in order to:

• Provide our personnel and customers with a consistent and high quality experience.

• Meet our legal requirements.

• Assist with accident, incident, or fraud investigations and prevention.

All data is categorised, based on what it relates to, and then each category is retained for a defined period:

• We retain our customer’s Personal Data for the term of the relationship + 6 years.

• Operational Data (such as non-personal data) is retained as long as it is deemed necessary, and may be deleted at any time. This data is retained for a maximum of 5+1 years.

For more information, see our Data Retention Policy (ISM115).

WHAT PERSONAL DATA IS COLLECTED

• When requesting a quotation, booking a product in to our Service Centre/s, applying for a Credit Account, registering for an event or training session, using our web services and / or those provided by a third party (such as our online store or service portal’) or completing an online survey, we may collect the following Personal Data: full name, title, address, email address, occupation, place of work, phone number, mobile phone number, contact preferences, website address, and/or IP address.

• When you purchase products or services, we may collect the following information: full name, title, address, email address, occupation, place of work, phone number, mobile phone number, contact preferences, website address, payment information, and/or IP address. 

• When you purchase a product which includes a discount based on your employment or status, such as ‘Teacher’, ‘Student’, or ‘Registered Carer’ discount, we may collect the following information: full name, title, address, email address, occupation or status, place of work or study, phone number, mobile phone number, contact preferences, website address, payment information, IP address and / or proof of status (such as a Teacher / Student / Registered Carer ID card).

• CCTV is used to help us secure our business locations, and may include the capture of both image and sound.

• We may utilise call recording, this may capture your voice, and any Personal Data shared by during the call.

WHY PERSONAL DATA IS COLLECTED AND HOW IT IS USED

• The Personal Information we collect from you allows us to provide you with a positive experience when working with us, and also allows us to provide you with products, services, and general advice.

• We may use your Personal Information to perform internal data analysis, in order to improve products, services, and marketing.

• Where you provide us with consent to market to you, such as via a newsletter sign up form or other, we may send you promotional materials from time to time.

• We may use your Personal Data to ask about the quality of the experience you received from us (commonly referred to as Customer Satisfaction or CSAT).

• We may use your Personal Data to share relevant updates and information through Legitimate Interest.

• We may also collect your Personal Information for fraud-prevention purposes.

• On occasion, we may send you important information relating to a product or service purchased by you from us – this includes changes to terms of service, or other policies. Due to the important nature of these communications, you cannot opt out of them.

• Through our phone system (3CX), we may utilise call recording, with calls processed for internal review, to support with internal training, and / or to help us enhance the quality of our service. Inbound callers will be notified that calls are being recorded prior to commencing the call. Outbound callers will notify customers about where their call is being recorded – prior to proceeding with the call. Not all calls are recorded, and operators are able to disable call recording as required.

• We may use Cookies on our website, which may capture Personal Data, including your IP address. Further details are provided in the Cookies section of this policy.

DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES

• When you purchase, or enquire in to purchasing products and / or services from us, we may share your Personal Data with third parties for the purpose of providing you with information, products or services. This may include manufacturers, distributors, couriers, finance houses/lease companies, insurers, and in the case of services, external service providers. We may also add your Personal Data in to our accounts system and / or Customer Relationship Management (CRM) system. These details may include: name, address, email address, occupation, place of work, and phone number.

• Where you request a quotation for a large quantity of products, or for specific product lines, we may register a deal with a manufacturer or distributor / reseller with a view to providing you with enhanced benefits relating to your purchase. This could include additional discount, services, warranty or other such benefits. We may also add your Personal Data in to our accounts system and / or Customer Relationship Management (CRM) system. These details may include: name, address, email address, occupation, place of work, and phone number.

• In order to process your repair we will share your Personal Data with Apple, via their ‘Global Service Exchange’ online repair database, and Fixably. Fixably provide us with a web-based service database, that facilitates Apple device repair management. Fixably provides automated transactional emails to update Customers on the status of their repair. We may also add your Personal Data in to our accounts system and / or Customer Relationship Management (CRM) system. These details include: name, address, email address, occupation, place of work, and phone number. We may also share your details with a courier to return your device after service.

• Where you have consented to receive marketing communications from us, or where we act through legitimate interest, we may share your Personal Data with external agencies (such as MailChimp, SurveyMonkey, or others), who may manage our marketing and / or communications on our behalf. These details include: name, address, email address, occupation, place of work, and phone number.

• Where a customer has a support contract with a us, we may also collect Personal Data about the people within that organisation. We may also add your Personal Data in to our accounts system and / or Customer Relationship Management (CRM) system. This may include: name, email address, occupation, place of work, phone number, IP address.

• We may use Cookies to share information with third parties, this may also include using ‘Cookie matching’, wherein we utilise Cookies provided by a third party. These will then synchronise and share data with the third party, allowing us to obtain an enhanced analytical view of our web traffic, and other such benefits. Further details are provided in the Cookies section of this policy.

• We may pass on your Personal Data to other external parties where required by law to do so. This includes providing access to HMRC, and for fraud prevention purposes.

• We will not share your Personal Data with any third parties for commercial purposes.

• We will not share your Personal Data with third parties for the sole purpose of allowing them to market to you directly.

NON PERSONAL DATA

• We may also collect non-Personal Information. Non-Personal Information may be used to: Provide you with a product or service, enhance our products or services, or perform internal data analysis.

• Where you are acting as a Consumer or Sole Trader, non-Personal Information may consist of: Postcode, location, occupation / job title, place of work, and details of your enquiry; for example, if you have logged a repair with us, we may collect the serial number and fault details of the machine in question.

• Where you are acting on behalf of an organisation, in addition to collecting your postcode, location, job title, place of work, and details of your enquiry, we may also collect the name and type of the organisation you are acting on the behalf of (where the employer is not a Sole Trader). We may also collect details about the organisation, including organisation phone number, organisation fax number, VAT number, company registration number, website address, generic email addresses, and number of employees.

KLARNA

In order to be able to offer you Klarna’s payment options, we will pass certain aspects of your personal information to Klarna, such as contact and order details, in order for Klarna to assess whether you qualify for their payment options and to tailor the payment options for you.

General information on Klarna can be found here. Your personal data is handled in accordance with applicable data protection law and in accordance with the information in Klarna’s privacy policy.

USE OF COOKIES

We endeavour to make our website as useful and reliable as possible. In order to make our website a better experience and to provide some of the services we provide we use small files, called cookies, to store small amounts of information on your device (e.g. PC, tablet or smart phone). They cannot be used to identify you personally. 

This information is used to improve services for you through, for example:

• Recognising that you may have set preferences on a previous visit so we can display content appropriate to you.

• Measuring how people are using the website so we can improve how we present our content to you.

If you do not wish these cookies to be tracked you can disable them in your browser, or by using the pop up Cookie windows on our website (provided by Cookiebot) – but this may negatively affect your experience on the site. There are two types of cookie you may encounter when using our website:

• First party cookies: These are our own cookies, controlled by us and used to provide information about usage of our site.

• Third party cookies: These are cookies found in other companies’ internet tools which we are using to enhance our site, for example Facebook or Twitter have their own cookies, which are controlled by them.

First Party Cookies utilised may include:

Name Purpose
exp_last_visit Sets the datetime that the user last visited the site, and is set for both guests and logged in users. If not set, is automatically set to 10 years ago. Affects guests and logged in users.
exp_tracker Tracks the last 5 pages viewed by the user, and is used primarily for redirection after logging in etc. Affects guests and logged in users.
exp_last_activity Every time the state is updated (the page reloaded) the last activity is set to the current datetime. Used to determine expiry. This is essential for logged in users, but not for guests – it is set for both.
exp_sessionid A uniquely generated ID that corresponds to the session_id column in the exp_session table. Used when cookie and session are set as the session type. Used only for logged in members.
exp_uniqueid Matches the unique_id field in the exp_members table. Randomly generated by the functions class at registration. Used only for logged in members.
exp_userhash The encrypted password of the currently logged in user. Set if you choose the cookies and session ID method for sessions (cs in your config.) Used only for logged in members.
exp_anon A flag set by the user to determine if they are listed in the online users.
exp_remember A flag set by the user to determine if they stay logged in when leaving the site.
exp_expiration Determines the length of the session for a logged in user. There are two options for this cookie: if the user has selected remember me then it is set to 1 year, and if not then it’s set to the datetime that the user logged in. Used only for logged in members.
exp_store_cart Tracks items in your basket for our ecommerce system.
cookies.js Determines whether the visitor has accepted the cookie consent box. This ensures that the cookie consent box will not be presented again upon re-entry.
PHPSESSID Preserves user session state across page requests.
wc_cart_created Necessary for the shopping cart functionality on the website.
wc_cart_hash_# Necessary for the shopping cart functionality on the website.
wc_fragments_# Necessary for the shopping cart functionality on the website.
woocommerce_cart_hash Necessary for the shopping cart functionality on the website to remember the chosen products – This also allows the website to promote related products to the visitor, based on the content of the shopping cart.
woocommerce_items_in_cart Necessary for the shopping cart functionality on the website to remember the chosen products – This also allows the website to promote related products to the visitor, based on the content of the shopping cart.
wp_woocommerce_session_# Necessary for the shopping cart functionality on the website.
CookieConsent This cookie is used for Cookiebot. This stores the user’s cookie consent state for the current domain.
currentPrice Necessary for the shopping cart functionality on the website.
gws_unid Necessary for the AJAX product search functionality on the website.
myUnloadEventFlag
OfferPopState Necessary for the offer popup functionality on the website.
price Necessary for the shopping cart functionality on the website.
unid

Third Party Cookies utilised may include:

Name Purpose
Cookies with names prefixed by ‘__utm’ Stores information used by Google Analytics to track user activity on the site.
_ga Registers a unique ID that is used to generate statistical data on how the visitor uses the website..
_gat Used by Google Analytics to throttle request rate
_gid Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
ads/ga-audiences Used by Google AdWords to re-engage visitors that are likely to convert to customers based on the visitor’s online behaviour across websites.
collect Used to send data to Google Analytics about the visitor’s device and behaviour. Tracks the visitor across devices and marketing channels.
fr Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers.
tr Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers.
_fbp Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers.
I/jot Sets a unique ID for the visitor, that allows third party advertisers to target the visitor with relevant advertisement. This pairing service is provided by third party advertisement hubs, which facilitates real-time bidding for advertisers.
local_storage_support_test The cookie is used in context with the local-storage function in the browser. This function allows the website to load faster by pre-loading certain procedures.
__widgetsettings This cookie is set by Twitter – The cookie allows the visitor to share content from the website onto their Twitter profile.
pid Used by twitter for their share widget.
GCLB Cookie provided by addressy.com. This cookie is used in context with load balancing – This optimises the response rate between the visitor and the site, by distributing the traffic load on multiple network links or servers.
tt_sessionId

Whilst we have detailed some of the Cookies that we may be active on our website, the Cookies used on our website may vary from time to time. Full detail of all Cookies used on our website is available using the pop up Cookie tool (provided by Cookiebot), which is presented to you when you arrive on any page of our website. This includes full detail about any and all Cookies live on our website, and also categorises Cookies as: Necessary, Preferences, Statistics, Marketing or other.

THIRD PARTY LINKS

On occasion we include links to third parties on our website. Where we provide a link it does not mean that we endorse or approve that site’s policy towards visitor privacy. You should review their privacy policy before sending them any personal data.

KEEPING YOUR DATA UP TO DATE

If you believe that any data we hold on you is incorrect, or your would like us to update any of the information we currently hold on you, please contact us by phone: 0161 605 3838, email: [email protected] or in writing to us: Sync powered by GBM, 16-18 Midland Street, Ardwick, Manchester M12 6LB.

YOUR RIGHT TO OPT OF MARKETING

If you have provided us with your consent to send you marketing communications, you can opt out at any time by phone: 0161 605 3838, email: [email protected] or in writing: Sync powered by GBM, 16-18 Midland Street, Ardwick, Manchester M12 6LB. All communications will also include the option to ‘opt out’ of such future communications, or ‘update your details’ as required.

YOUR RIGHT OF ACCESS

In accordance with the Data Protection Act 2018 you have the right to access any information that we hold relating to you. You can request a copy of your data by phone: 0161 605 3838, email: [email protected] or in writing to us: Sync powered by GBM, 16-18 Midland Street, Ardwick, Manchester M12 6LB.

YOUR RIGHT TO ERASURE

In accordance with the Data Protection Act 2018 you have the right to request that all of your Personal Data is erased from our systems. This may exclude some data types, for example, where we are required to retain your data by law, for HMRC, or anti-fraud measures. To exercise your right to erasure, please contact us by phone: 0161 605 3838, email: [email protected] or in writing to us: Sync powered by GBM, 16-18 Midland Street, Ardwick, Manchester M12 6LB.

YOUR RIGHT TO DATA PORTABILITY

In accordance with the Data Protection Act 2018 you have the right to request that we provide you with a data portability service, to allow you to obtain and reuse your Personal Data. We may be required to retain some data types, for example, where we are required to retain your data by law, for HMRC, or anti-fraud measures. To exercise your right to data portability, please contact us by phone: 0161 605 3838, email: [email protected] or in writing to us: Sync powered by Sync powered by GBM, 16-18 Midland Street, Ardwick, Manchester M12 6LB.

QUESTIONS ABOUT PRIVACY

Please do not hesitate to contact us regarding any matter relating to this Privacy Policy by phone: 0161 605 3838, email: [email protected] or in writing to us: Sync powered by GBM, 16-18 Midland Street, Ardwick, Manchester M12 6LB.