DATA POLICY

Overview

This is Synthesis Pte Ltd (Synthesis) uses publicly available data to identify insights and trends in consumer behaviour and language. We deliver these insights to brands and companies who in turn use them to improve their products and services.

Data protection and respecting individuals’ right to privacy is a high priority for us. The purpose of this document is to disclose the measures we have put in place with regards how we use individuals’ data; comply with relevant local and international legislation; protect the rights of our staff, clients and partners; and protect against the risks of a data breach.

Everyone who works for or with Synthesis has responsibility for ensuring data is collected, stored and handled appropriately as laid out in this document.

Any questions should be directed to our Data Protection Officer, Harriet Robertson (harriet@synthesis.partners) or the board of directors. These parties have responsibility for:

  • Keeping updated about data protection responsibility, risks and issues
  • Reviewing data protection procedures and policies annually or as appropriate
  • Arranging data protection induction and continuous training for staff
  • Approving unusual collection, storage or processing of personal data
  • Ensuring data storage meets acceptable security standards and performing checks
  • Dealing with requests from individuals (data subjects) to see any personal data held about them, and requests from third parties about our data protection policy
  • Informing relevant parties in the event of a data breach
  • Keeping updated about the terms of service for each platform we work with




General Principles

1. Data minimisation We only collect the data we need for the task in hand and for historical benchmarking. We do not collect, process or store data excessively, e.g. without a specific purpose or ‘in case it becomes useful at a later date’. We do not collect sensitive data (see below).

2. Anonymisation As far as possible, we work with fully anonymised data. This means it is impossible to trace back from one of our data points to an individual person. We do this by removing altogether or scrambling personal identifiers such as name/usernames and generalising or aggregating other identifiers such as geo-tagging so that they cannot be used to trace or track back to an individual.

N.B. Anonymised data is not considered personal and therefore does not fall under the scope of the GDPR (see GDPR Recital 26).

3. Pseudonymisation Where we cannot fully anonymise data, we collect, process and store data in a way that can no longer be attributed to a specific individual (GDPR Art. 4(5)). This means if a data leak occurred it would be possible, but very hard for a 3rd party to attribute our data points back to an individual. We do this by encryption of personal identifiers and/or storing separately any other information which could allow an individual to be personally identified.

4. Being forgotten Our data collection, processing and storage respect an individual’s right to be forgotten. This means if we collect content from a public platform that is later made private or deleted it will automatically be removed from our data set. We do this by storing only the link to content, not the content itself, following Data Minimisation procedures.

5. Confidentiality Data is never be shared with unauthorised third parties outside Synthesis, even informally.

6. Security Our data is stored on Google Cloud Platform (GCP) and is password protected, restricted to authorised team members and all access history is logged. We operate a clean desk policy to minimise the risk of data breach from physical documents.





Data Collection

We collect data from Public Sources and Anonymised Data Sources such as (but not restricted to) those listed below.

  • Google trends and search data
  • Facebook Audience Insights
  • IMDb
  • YouTube
  • Kickstarter and other crowdfunding platforms
  • Tripadvisor and other review sites
  • App store data and reviews

The data we collect is always already in the public sphere. The mechanisms of each platform/source mean that individuals have consented to placing their data in the public realm according to local laws. We collect data in such a way that if individuals remove their data from the public sphere this is reflected in our data set. We do this by storing only the link to content, not the content itself.

We do NOT use data collection methods to access content from closed or private spaces within social platforms.

We do NOT collect sensitive data about individual, e.g. relating to the following categories:

  • race;
  • ethnic origin;
  • politics;
  • religion;
  • trade union membership;
  • genetics;
  • biometrics (where used for ID purposes);
  • health;
  • sex life; or
  • sexual orientation.




Data Processing

We operate non-personalised data processing methods. This means our processing tools are designed to aggregate and generalise data to look for macro patterns. We do not, and cannot, use the data we collect to build detailed pictures of individuals.

We do work with broad typologies, but take careful steps to ensure this is contextual and aggregated information. We never look at the specifics of personal data that could identify an individual. For example we might process data by geography to look for patterns at a country/ city level, but we would never collect or process data that specifically tracked an individual across specific locations; or we might process data to identify differences across genders, but we would never collect or process data based on sexual preference or link to genetic identifiers.

We anonymise and/or psuedynomise data during processing to protect the privacy of individuals behind the data points we collect. This means we obscure or allocate a code name to each piece of content and remove personal data identifiers such as a full name, an identification number, location data or other factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (GDPR Art 4).





Data Storage

Our data is stored on Google Cloud Platform (GCP). We take the following steps to ensure this is a secure space, protected from unauthorised access, accidental deletion and malicious hacking attempts.

  • Data is protected by strong passwords that are changed regularly and never shared outside Synthesis.
  • Data is only stored on designated servers and cloud computing services.
  • It is never copied onto portable storage devices or directly onto personal laptops, tablets or mobile phones.
  • Data is retained for a maximum of 3 years for reasons of historical benchmarking, after which it is deleted.




Sharing Data

We never share raw data with our clients or 3rd parties. Only aggregated and/ or fully anonymised data maybe be shared.





Cookie Policy

Cookies are text files which are stored on the browser or hard drive of your computer or mobile device when you visit a webpage or application. Cookies work to make your experience browsing our site as smooth as possible and they remember your preferences, so you don’t have to insert your details again and again. Cookies help us understand how our Site is being used and improve your user experience.

How to manage cookies.

For further information visit allaboutcookies.org.

You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function if you remove or disable cookies.

How to contact us.

If you have any questions about our privacy policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us: hello@synthesis.partners.





Get in touch

WE DO
HUMAN CENTRED
DATA SCIENCE


2020

Home
Data Policy
About

This website stores cookies on your computer. These collect information about how you interact with our website and allow us to remember you so we can improve and customise your browsing experience. To find out more about the cookies we use, see our Privacy Policy.