Symfos Logo

Privacy Policy

Last updated on 24 Jul 2024

General

1.1 Symfos Ltd (“we” or “us”) takes the privacy of your information very seriously. Our Privacy Notice is designed to tell you, the user of our services about our practices regarding the collection, use and disclosure of personal information which may be provided to us via our websites, SaaS platform, associated apps and other digital products we provide or collected through other means such as an online form, email, or telephone communication.

1.2 In this notice “you” refers to any individual whose personal data we hold or process (other than our staff).

1.3 In this notice references to the “Service” are references to any website, app or other means by which you provide personal data to us or access our services.

1.4 This notice is governed by applicable data or privacy legislation (including the EU General Data Protection Regulation (the “GDPR”), retained EU law version of the GDPR (“UK GDPR”) and Data Protection Act 2018). This notice may be updated from time to time and you should check this page regularly for any updates. Changes to this notice are effective when they are posted on this page.

Personal data we collect as controller

2.1 As a data controller, we may collect, hold or process the following personal data (information that can be uniquely identified with you) about you:

Personal data we hold as a data processor

3.1 There is certain information we collect that we hold as ‘data processor’. This may include the name, address, age and other personal information relating to customers or clients of our customer. We may host this data to allow our clients to run certain actuarial and analytical models.

3.2 Our customer is the data controller for this data and we are processing this data on our customer’s behalf. Our terms require that our customer processes this data in accordance with applicable data protection legislation. If you, as a data subject whose data is controlled by our customer, require us to cease processing or delete such data or if you otherwise would like to exercise your rights as a data subject please contact our customer to make the relevant request.

3.3 In our terms with our customers this is defined as ‘Hosted Data’ and in our terms with customers we set out in accordance with the GDPR our obligations to the customer in relation to the Hosted Data we hold or process.

3.4 Key information about Hosted Data we process as processor is set out below:

Who are the relevant data subjects? The data subjects are customers or, clients of our customers, whose information is hosted in our Service and processed in the Service using our customer’s actuarial models in order to analyse risk.

What is the subject matter of this personal data? Name, age, address, marital status, health status and history, employment status and other information relevant for the purposes of our customers risk model.

For how long is the relevant personal data processed and retained? (duration) The data will be retained for so long as our customer keeps this data with us. If our customer unsubscribes from the Service, we will delete all the Hosted Data we hold within 30 days or later with the consent of our customer who is the controller of this data.

How is the relevant personal data processed? (Nature and purpose) The personal data will be stored in our servers and may be applied to risk models and algorithms developed by our customer in order to ascertain the risk associated with a given product or policy and calculate an appropriate price to the relevant risk or policy.

What are the obligations and rights in relation to the relevant personal data? If we are a data processor on behalf of our customer we will process the data in accordance with our agreement with our customer. If we are the data controller we will process the data in accordance with this notice.

Cookies and IP Address

4.1 A cookie is a piece of data stored locally on your computer and contains information about your activities on the Internet. The information in a cookie does not contain any personally identifiable information you submit to our websites (“Site”).

4.2 On our Site, we use cookies to track users’ progress, allowing us to make improvements based on usage data. We also use cookies if you log in to one of our online services to enable you to remain logged in to that service and to otherwise log your usage of our Service. A cookie helps you get the best out of the Site and our Service and helps us to provide you with a more customised service.

4.3 We are required to obtain your consent to use cookies. We will obtain this consent with a toolbar which appears when you first visit the Site.

4.4 If you choose not to accept the cookies then essential functionality of our Service will not be available and you will be unable to use the Service.

4.5 An Internet Protocol (IP) address is a number assigned to your computer by your Internet Service Provider (ISP), so you can access the Internet. We may use your IP address to diagnose problems with our server, report aggregate information, and determine the fastest route for your computer to use in connecting to our Site, and to administer and improve the Site.

Data Retention

5.1 Our current data retention policy is to delete or destroy (to the extent we are able to) the personal data we hold about you in accordance with the following:

Category of personal data: Length of retention

Sharing your information

6.1 We do not disclose any personal data you provide to any third parties other than as follows:

Security

7.1 We will take all reasonable steps to ensure that appropriate technical and organisational measures are carried out in order to safeguard the information we collect from you and protect against unlawful access and accidental loss or damage. These measures may include (as necessary):

Your privacy rights

8.1 With respect to your personal data, you have the right to:

Data Breaches

9.1 If personal data we hold about you is subject to a breach or unauthorised disclosure or access, we will report this to our data protection manager or officer (if an officer has been appointed) or the Information Commissioner’s Office (ICO) (as necessary).

9.2 If a breach is likely to result in a risk to your data rights and freedoms, we will notify you as soon as possible.

Other websites

10.1 Our Service may contain links and references to other services and websites. Please be aware that this notice does not apply to those services or websites.

10.2 We cannot be responsible for the privacy policies and practices of sites and services that are not operated by us, even if you access them via the Service. We recommend that you check the policy of each site you visit and contact its owner or operator if you have any concerns or questions.

Notification of changes to the contents of this notice

We will post details of any changes to our policy to help ensure you are always aware of the information we collect, how we use it, and in what circumstances, if any, we share it with other parties.

Contact us

If at any time you would like to contact us with your views about our privacy practices, or with any enquiry or complaint relating to your personal information or how it is handled, you can do so via the following email address:

If we are unable to resolve any issues you may have or you would like to make a further complaint, you can contact the Information Commissioner’s Office by visiting http://www.ico.org.uk/ for further assistance.