Privacy Policy

Privacy Notice

Who are we

Syngro Limited (also trading as Maru/Syngro) are a registered company (Number: SC266066) based in Scotland in the United Kingdom. We develop (and host) web based software for use by commercial organisations. The software and associated technical and professional services are delivered to our clients and their employees who may be located worldwide. Syngro is part of the Maru Group of companies with whom it partners to combine and deliver its services.

We respect privacy or personal data and all personal data we collect and process will be handled with the greatest care. We will not give away, sell or transfer your personal information to third parties that are not directly engaged in the provision of our products and services. We will not transfer your personal details outside of the country in which the service is declared to be operated unless this forms part of the terms of service agreed.

How to contact us about data protection and privacy

You can contact us at Syngro concerning privacy and the data we collect and process by emailing us at:

  • Your rights under the European Union GDPR and the UK Data Protection BillWithin the European Union, data subjects have rights defined by the General Data Protection Regulation (GDPR), and these are enforced in the UK by the lead authority at the Information Commissioners Office (ICO). SynGro complies with the GDPR and this notice sets out to inform you of how we collect and process your personal data in accordance with that regulation. The UK Data Protection Bill will comply with the EU GDPR and will apply to companies registered and trading in the UK.If we collect and begin to process personal data about you from a source other than from you directly or other than from the organisation where you are employed, then we will contact you within one month to inform you.

    You may request that we provide you details of the data we hold about you and we will provide that data to you as quickly as possible. If you believe that the information we hold is incorrect then we will amend it accordingly. We may not be able to fully comply with a request to delete data or cease processing that data if

    1. You are an existing customer at an organisation with whom we have an active agreement or service contract
    2. We need to retain some data in order to comply with a request to not contact you in respect of direct marketing
    3. We are required to keep business records relating to contracts and services supplied to your organisation which we are required to retain by Law in the UK

    Whilst we process data in some cases on the legal basis of Legitimate Interests, you may request that we cease direct marketing communications and we will ensure this happens. We use a marketing automation platform which allows the recipients of direct marketing emails to request that such direct marketing ceases.

    Back to top

    The legal basis for collecting and processing personal data under GDPR

    As a services provider to commercial organisations, our legal basis for collecting and processing client and prospective client data is either the Performance of a Contract (in delivering the services to our clients) or in our general Legitimate Interests (in promoting and marketing our products and services to existing or prospective clients). We are registered as a data controller with the Information Commissioners Office in the UK. Reference Z9429602

    Back to top


    What personal information we collect

    We aim to collect and process the minimum personal information needed to operate our business and to deliver our products and services. This personal is restricted to the business contact information of the data subject. We do not collect or process sensitive personal data of clients or prospective clients. We typically collect and process the following personal contact information of clients, prospective clients, and partners who may resell our products and services. This data can include:

    • Name
    • Business contact email address
    • Business contact phone number
    • Organisation name / Company Name
    • Role within the organisation

    Back to top


    How we collect personal data

    We collect personal data in the following circumstances:

    • When a subject (any person) enters their details on our company website to receive information from us or generally enquires about our products and services.
    • When a subject (any person) connects to us via social media channels, including our own public social media channel pages, which are operated by third parties.
    • When a customer requests an account on our customer service desk, which is operated by a third party
    • When a customer or company business contact requests an account on our customer engagement and social platforms developed and operated by us, such as our community website and training platforms
    • When a customer or company business contact places an order for SaaS products and services. In such cases the customer may add content to our SaaS service, which they control and we process on their behalf. Reference should be made to the SaaS license agreement and the End User License Agreement.
    • When we meet clients and prospective clients, partners and suppliers at trade shows, events and seminars etc and business contact details are exchanged.
    • When we purchase business contact information from data brokers to build direct marketing campaigns to promote our products and services.


    Back to top


    How we use and process your personal data

    We will only use your personal information to market or deliver our products and services to you, (including Group Company products and services) or as is required by law. We process the data in the following ways:

    1. To communicate with you and enhance our relationship with you, and to provide customer support, using software systems and services used by Syngro but hosted by third party suppliers, where Syngro is the data controller
      1. We input and process all client, prospective client, suppliers and partner contact information in our integrated company Customer Relationship Management System, Marketing automation and financial management systems. This is necessary for marketing, service delivery and order fulfilment.
      2. For nominated client contacts we create accounts in our customer service desk. This is necessary to provide support services to our clients, for example when they require assistance, wish to report a service incident or have suggestions about improving the service.
    2. To deliver product self-help and training services, including software systems operated and hosted by Syngro or Maru group where Syngro is the data controller
      1. For nominated client representatives we create accounts on our customer engagement and social platforms, such as our community website and training platforms. These platforms allow users to collaborate with Syngro and other users
    3. To deliver our SaaS product where Syngro is the data processor
      1. For nominated business client representatives who purchase a license to use our services, we create administrator accounts within the product. This is necessary for fulfilment of the commercial service, after which the client becomes the data controller for all data subsequently entered into the service and Syngro is the processor.
      2. You may add personal data to our SaaS product for data subjects who are your clients and who are not directly party to the Syngro SaaS license agreement. You may further request us to process that data and perform analysis on it or engage those data subject in communications on your behalf, via email or telephone.
    4. To analyse how visitors and users consume our services in order to improve our services
      1. We may use the information to determine how many visitors we have to different pages on our web sites, to detect and correct systems problems, and to improve the usability of our web site.
      2. We use the information to offer more personalised communications, including information and research knowledge resources which you may be interested in.
      3. From time to time, we may also use your information to contact you for our own market research purposes.
      4. We may use the information to customise the websites and applications according to your interests
      5. To help keep the product and your data secure by monitoring usage and login
      6. To help improve performance and user experience for different segments of users
      7. To help manage license subscriptions

    Note: Where we use third party software, including cloud services, on which our business contacts have a registered account, the privacy policy of that service provider applies and their policy should be reviewed.

    On request to Syngro, we will delete any user account a user has on any of the above to access our systems, providing that does not prevent our ability to fulfil a contractual obligation to you.

    Back to top


    Recipients of the data

    We define recipients as either

    • the people and organisations whom we grant access to the details of your personal contact information OR
    • the users of our SaaS product that you have granted access to or shared data with OR
    • the users of customer support and our other customer engagement platforms that you have granted access to or shared data with

    We provide access to our employees, partner / group employees and third party professional service providers where this is necessary to deliver the services to you. This includes supporting services such as customer support, legal and billing related services.

    Where we use 3rd party systems and services to deliver services to you, which are owned and operated by third parties, we do not disclose the details of the personal data which we process to the third parties, but entrust your data privacy and general data protection to their own privacy, data protection and security policies. We carefully select established suppliers who have appropriate privacy and security policies, and who publish compliance with GDPR and other relevant standards. The main 3rd party hosted systems which we use to process personal data in this manner include

    • Customer Relationship Management
    • Marketing Automation
    • Customer service desk
    • Cloud data centre storage


    Back to top


    How long we retain your personal data

    We will not retain your data longer than is necessary. For SaaS product customers, we delete all data held within the SaaS product within 1 month of cessation of the contract.

    We periodically review our CRM records and we will delete the data after 3 years if there is no legitimate reason to retain it.  For data subjects who have asked that we cease any direct marketing communication, we must retain minimal information to effect the cessation of communication.


    Within the UK there are statutory requirements to retain and process records related to commercial business operations. Where we have entered into a contract or other agreement with a party, or completed financial transactions then we will retain data pertaining to the parties for the period required by law and the terms of the contract, whichever is the longer.

    Back to top


    Transfer of personal data across territories

    Our CRM and Marketing automation systems are hosted by third parties and the geographical location for data storage may reside outside of the EEA. Being internet based, the data collection and processing can occur from any worldwide location. Maru Group is a UK business but has operations worldwide and the CRM and direct marketing database is shared internally within Maru Group member companies.

    We will not otherwise transfer data across differing geographical territories.

    Back to top


    How we will communicate with you

    We will communicate with data subjects in the following circumstances:

    1. Syngro Sales and Direct marketing
      1. We will communicate with clients and partners by phone and email and through our SaaS products and customer support related platforms.
    2. Syngro Service provision
      1. We will communicate with prospective clients through email and phone for the purposes of direct marketing. In the case of direct marketing, the recipient will be given the option to request not to receive further marketing communications and we will ensure that such direct marketing communications cease.
    3. 3rd party social media channels
      1. We will continue to use and communicate through public and subscription based social media channels not operated by us, where links are established between us and the subject. The privacy policies and controls of those channels will apply.

    Back to top


    Tracking, automated decision making and profiling

    We use links within emails sent to CRM contacts, to track if those users access or open those links and to capture requests not to receive further direct marketing email.

    We do not automatically collect any personal data about our general public web site visitors. We may record the Internet protocol (IP) address of the computer you are using, the browser software used, the operating systems used, and the websites from which our visitors link directly to our site.

    We use “Google Analytics” to collect information about use of our public websites. Google Analytics collects information such as how often users visit this site, what pages they visit when they do so, and what other sites they used prior to coming to this site. Google Analytics collects only the IP address assigned to you on the date you visit this site, rather than your name or other identifying information.

    We do not combine the information collected through the use of Google Analytics with personally identifiable information. Although Google Analytics saves a permanent cookie on your web browser to identify you as a unique user the next time you visit this site, the cookie cannot be used by anyone but Google. Google’s ability to use and share information collected by Google Analytics about your visits to this site is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. You can prevent Google Analytics from recognizing you on return visits to this site by disabling cookies on your browser.

    Back to top


    How we use cookies

    A cookie is a small file which asks permission to be placed on your computer’s hard drive. The cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

    Cookies are used by SynGro to store the authentication details for our websites and web applications that registered users access. They can be used to store login and hashed password for keeping the session for the user open.  We also use cookies to be able to store details of users who access and contribute to our online support forums and service desks.

    We also use traffic log cookies to identify which pages are being used by public visitors. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system. These cookies help us provide you with a better website experience, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

    You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of our websites and may also prevent our software products and services functioning correctly.

    Links to Other Sites –

    Our websites may contain links to other websites of interest, which are not owned and operated by SynGro. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question. SynGro is not responsible for the security or privacy practices of these sites, nor the content, products and services offered by these sites. SynGro does not endorse any of the content, products or services marketed at other sites.


    Back to top