Privacy
This notice is provided under Articles 13 and 14 of the GDPR for processing connected with this website and the contact channels indicated.
Privacy notice
01 / Privacy1. Data controller
The controller is the entity identified in the footer of each page (legal name, registered office, VAT number and operational e-mail). For any privacy-related request you may use the e-mail address published in the footer or, where indicated, the company’s certified e-mail (PEC).
Data protection officer (DPO): no DPO has been appointed because, given the processing carried out through this website, the mandatory conditions in Article 37 GDPR do not apply. You may still contact the controller for any privacy matter.
2. Categories of personal data
Depending on how you interact with us, we may process:
- Browsing and technical data: e.g. IP address, browser and device identifiers, date/time of access, pages visited, HTTP response codes, collected through standard server logs or tools strictly necessary for security and operation.
- Data you voluntarily provide: information entered in forms (e.g. quote request: company, full name, phone or e-mail) or in other direct communications.
- Data entered in the “Book” tool: see § 5 (in-page demo mode or third-party scheduling widget).
- Locally stored preferences: theme (light/dark) and cookie-banner choices via browser
localStorage, as described in our cookie notice.
3. Purposes, legal bases and retention
| Purpose | Legal basis | Retention (indicative) |
|---|---|---|
| Managing and responding to requests sent via the contact / quote form | Article 6(1)(b) GDPR (pre-contractual steps at the data subject’s request) and, where applicable, Article 6(1)(f) (legitimate interest in handling commercial correspondence) | For as long as needed to handle the request and, if a commercial relationship starts, for statutory document and accounting retention periods |
| Providing, securing and maintaining the website; preventing abuse and fraud | Article 6(1)(f) GDPR (legitimate interest in protecting the site and systems) | Security and access logs: according to the hosting provider’s rotation (typically from a few days up to 12 months, unless longer retention is required for evidence) |
| Storing non-essential preferences where you accept them (e.g. “accept all” for future optional categories or embedded features that require it) | Article 6(1)(a) GDPR (consent), where required by applicable law | Until you withdraw consent or clear site data in your browser |
| Handling appointment requests through a third-party calendar when that integration is enabled on the site | Article 6(1)(b) GDPR (pre-contractual steps / performance at your request) | As described by the provider whose service you use to book; the controller only receives notifications to the extent that flow provides |
| Legal compliance and defence in legal proceedings | Article 6(1)(c) GDPR (legal obligation) or 6(1)(f) (legitimate interests) | For the periods imposed by law or the proceedings |
4. Quote form and submission
Required fields must be completed to submit the form. Data are used to contact you about your request. If the form is configured to post to an external endpoint (e.g. a third-party service), the controller remains the controller and the provider, where it processes data on the controller’s behalf, acts as a processor under Article 28 GDPR. If no endpoint is configured, please use the e-mail contacts shown on the site.
5. “Book” section (demo and external calendar)
The booking page can work in two ways, depending on configuration:
- Demo mode (default when no embed URL is configured): name, company, e-mail and the slot you pick are processed only in your browser to simulate a confirmation and update displayed availability for the session. No data are sent to Synapse or third parties as a result of that simulation.
-
Third-party scheduling: when an external service (e.g. Cal.com or similar) is embedded via
iframe, you interact with that provider’s interface and systems. Personal data needed for the booking are processed by that provider under its privacy notice and agreements (Synapse may be an independent controller or use the provider as a processor, depending on the actual contract). Read the provider’s notice before booking.
6. Cookies and similar technologies
For cookies, similar identifiers and local storage, see our cookie notice.
7. Recipients
Data may be processed by:
- authorised personnel of the controller;
- technical service providers (e.g. hosting, maintenance) as processors, where required by contract;
- appointment scheduling providers (e.g. Cal.com Inc. or similar), when that feature is enabled, to deliver booking flows and related communications under their terms;
- public authorities when disclosure is required by law.
We do not sell personal data.
8. Transfers outside the UK / EEA
Processing described here mainly takes place in the European Economic Area (and, where the UK GDPR applies, the UK). If we use providers outside those areas, transfers will rely on an adequacy decision, appropriate safeguards under Articles 46–47 GDPR (e.g. Standard Contractual Clauses), or the exceptions in Article 49 GDPR where applicable.
9. Your rights
You may exercise the rights of:
- access (Article 15);
- rectification (Article 16);
- erasure (Article 17);
- restriction (Article 18);
- data portability, where applicable (Article 20);
- objection, where applicable (Article 21);
- withdraw consent where processing is consent-based, without affecting lawfulness before withdrawal (Article 7(3)).
Contact the controller using the details in the footer. You may lodge a complaint with your supervisory authority (in Italy: Garante per la protezione dei dati personali — www.garanteprivacy.it; in the UK: ICO — ico.org.uk) if you believe processing infringes the GDPR.
10. Automated decision-making and profiling
We do not use processing that involves solely automated decision-making, including profiling, which produces legal or similarly significant effects.
11. Children
This site is not directed at children under 14. We do not knowingly collect children’s data; if we become aware of collection without valid parental consent, we will delete it.
12. Changes
We may update this notice for legal, organisational or technical reasons. Please review this page periodically; material changes may be highlighted on the site.
Full corporate details (registered office, VAT) are those published in the footer and should be checked against official registry records before formal use.