Privacy Policy.

1. Introduction

Synotech respects the privacy of clients, website visitors, project stakeholders, suppliers, job applicants, and other people who interact with us. This Privacy Policy explains how we collect, use, store, share, protect, and retain personal information when you use our website, contact us, request a proposal, subscribe to communications, engage us for software development or technology services, or otherwise interact with Synotech.

In this Privacy Policy, “Synotech”, “we”, “us”, and “our” refer to Synotech in relation to our website, services, communications, and business operations. “You” and “your” refer to the individual whose personal information is processed, or the organisation acting through its authorised representatives.

Synotech provides software development, product engineering, cloud, DevOps, cybersecurity consulting, AI consulting and development, digital transformation, UI/UX, support, and related technology services. Our website and services may be used by people in Zimbabwe, Botswana, South Africa, and other jurisdictions.

This Privacy Policy is intended to support compliance with applicable privacy and data protection laws, including, where applicable, South Africa’s Protection of Personal Information Act, 2013, Botswana’s Data Protection Act, 2024, Zimbabwe’s Cyber and Data Protection Act [Chapter 12:07], and other privacy, cybersecurity, electronic communications, and consumer protection rules that apply to our activities.

2. Personal Information We Collect

We collect personal information only where it is reasonably required for our business, website, services, legal obligations, security, or legitimate operational purposes.

The personal information we may collect includes:

• Identity details, such as name, surname, job title, company name, and department.
• Contact details, such as email address, telephone number, business address, billing address, and delivery address where relevant.
• Business details, such as company registration information, tax information, procurement details, authorised signatory details, and project stakeholder information.
• Website and device information, such as IP address, browser type, device type, operating system, referring pages, pages visited, session duration, approximate location derived from technical data, and cookie identifiers.
• Communication records, such as enquiry forms, email correspondence, proposal requests, meeting notes, call records, support tickets, and feedback.
• Project information, such as business requirements, technical requirements, user stories, system access information, architecture notes, integration details, workflow documentation, data migration information, testing notes, and acceptance records.
• Payment and transaction information, such as invoice details, payment status, purchase order details, billing records, and payment confirmations.
• Recruitment information, such as CVs, qualifications, work history, references, interview notes, portfolio links, and related applicant information.
• Security information, such as authentication logs, access logs, audit trails, vulnerability reports, incident reports, system event data, and abuse-prevention records.
• Marketing preference information, such as newsletter consent, communication preferences, and unsubscribe records.
• Information you voluntarily provide when you contact us, complete a form, attend a meeting, participate in a project, or request support.

We do not intentionally collect more personal information than we need for the purpose for which it is collected.

3. Information We Collect from Third Parties

We may receive personal information from third parties where it is lawful and relevant to our business relationship. These third parties may include:

• Your employer or organisation.
• Authorised representatives, procurement teams, project managers, or technical teams.
• Payment processors, banks, and accounting service providers.
• Cloud hosting providers, cybersecurity tools, analytics providers, support platforms, and collaboration tools.
• Publicly available sources, such as company websites, professional networking platforms, company registries, and industry directories.
• Recruitment platforms, referees, and background verification providers where permitted by law.
• Existing clients or business partners who refer you to us.

We expect third parties who provide personal information to us to have a lawful basis to share it with us.

4. How We Use Personal Information

We use personal information for the following purposes:

• To operate, maintain, secure, and improve our website.
• To respond to enquiries, requests for proposals, and service questions.
• To prepare quotes, proposals, statements of work, service agreements, invoices, and project documentation.
• To provide software development, consulting, engineering, cloud, DevOps, cybersecurity, AI, UI/UX, support, and related services.
• To manage client accounts, supplier accounts, procurement records, and business relationships.
• To perform discovery, requirements analysis, solution architecture, development, testing, deployment, maintenance, and support activities.
• To manage project communications, approvals, milestones, service delivery, and support requests.
• To process payments, issue invoices, collect outstanding amounts, and maintain financial records.
• To provide security monitoring, access control, fraud prevention, abuse prevention, vulnerability management, and incident response.
• To comply with legal, regulatory, tax, accounting, audit, and contractual obligations.
• To protect our rights, enforce agreements, resolve disputes, and prevent misuse of our website or services.
• To send service messages, legal notices, operational updates, and support communications.
• To send marketing communications where permitted by law or where you have consented to receive them.
• To recruit staff, contractors, and consultants.
• To improve our services, internal processes, quality assurance, and client experience.
• To anonymise or aggregate data for analytics, reporting, security, and business planning.

5. Legal Grounds for Processing

Depending on the jurisdiction and context, we process personal information on one or more of the following grounds:

• You have given consent.
• Processing is necessary to perform a contract with you or to take steps before entering a contract.
• Processing is necessary for our legitimate interests or the legitimate interests of a client, supplier, partner, or third party, provided those interests do not unfairly override your rights.
• Processing is necessary to comply with a legal obligation.
• Processing is necessary to protect a person’s rights, safety, or vital interests.
• Processing is necessary for the establishment, exercise, or defence of legal claims.
• Processing is necessary for a lawful business purpose that is compatible with the reason for which the information was collected.

Where we rely on consent, you may withdraw consent at any time by contacting us at [email protected]. Withdrawal of consent does not affect processing that was lawful before withdrawal.

6. Special or Sensitive Personal Information

We do not intentionally collect special or sensitive personal information unless it is necessary for a lawful purpose and appropriate safeguards are in place.

Sensitive information may include information relating to health, biometrics, financial security, criminal allegations, children, precise location, or other legally protected categories. We may process such information only where:

• You have provided explicit consent.
• The processing is required by law.
• The processing is necessary for security, fraud prevention, access control, or incident response.
• The processing is necessary for a project and the client has confirmed that it has a lawful basis for providing the information.
• The processing is necessary for the establishment, exercise, or defence of legal claims.

Where a client provides us with sensitive information as part of a software project, system migration, cybersecurity assessment, support request, or testing activity, the client remains responsible for ensuring that the information is lawfully collected and provided to us.

7. Children’s Personal Information

Our website and services are intended for business users and are not directed at children. We do not knowingly collect personal information from children for marketing purposes.

If we process children’s personal information as part of a client project, education platform, healthcare system, identity workflow, or similar solution, we do so only under a written agreement, client instructions, and applicable legal safeguards.

If you believe that a child has provided personal information to us without proper authority, contact us at [email protected] so that we can assess and address the matter.

8. Website Forms and Communications

When you submit a website form, send an email, call us, or message us through a business communication channel, we use the information you provide to respond to you and manage the related business purpose.

You are responsible for ensuring that information you submit is accurate and that you have authority to provide information on behalf of your organisation or another person.

9. Cookies and Similar Technologies

We use cookies and similar technologies to operate our website, protect it from misuse, understand website usage, remember preferences, and improve our content and services.

Our use of cookies is described in our Cookie Policy. You can manage cookies through your browser settings and, where available, through our website cookie controls.

10. Marketing Communications

We may send you marketing communications about our services, insights, events, or updates where permitted by law or where you have consented.

You may opt out of marketing emails at any time by using the unsubscribe method in the email or by contacting [email protected]. We may still send non-marketing messages, such as invoices, security notices, service updates, legal notices, and project communications.

We do not sell personal information to advertisers.

11. Sharing Personal Information

We may share personal information where necessary for lawful business, service delivery, security, or compliance purposes. Recipients may include:

• Employees, consultants, contractors, and authorised team members who need the information to perform their duties.
• Cloud hosting providers, infrastructure providers, email providers, analytics providers, support platforms, collaboration tools, security tools, and other technology service providers.
• Professional advisers, including auditors, accountants, legal advisers, insurers, and compliance consultants.
• Payment processors, banks, and financial service providers.
• Project clients, where information is processed within the scope of a client project or support request.
• Suppliers and subcontractors assisting with development, testing, design, security, cloud, infrastructure, or support.
• Regulators, courts, law enforcement bodies, tax authorities, and other public authorities where required by law or lawful process.
• Potential business partners or acquirers in connection with a merger, restructuring, investment, due diligence process, asset sale, or business transfer, subject to appropriate confidentiality safeguards.

We require service providers and subcontractors to process personal information only for authorised purposes and to apply appropriate security measures.

12. International Transfers

We may process and store personal information in Zimbabwe, Botswana, South Africa, and other countries where our service providers, cloud platforms, project teams, or clients operate.

Where personal information is transferred across borders, we take steps designed to ensure that the information remains protected. These steps may include contractual safeguards, security controls, access restrictions, due diligence on service providers, and transfer assessments where required by applicable law.

By using our website or services, you acknowledge that personal information may be processed in countries outside your country of residence, subject to applicable legal safeguards.

13. Security Measures

We apply administrative, technical, and organisational safeguards designed to protect personal information from unauthorised access, loss, misuse, alteration, disclosure, or destruction.

Our security measures may include:

• Access controls and role-based permissions.
• Multi-factor authentication where appropriate.
• Encryption in transit and, where appropriate, encryption at rest.
• Secure development practices and code review.
• Security testing, vulnerability management, and monitoring.
• Logging, audit trails, and incident response procedures.
• Staff confidentiality obligations and security awareness.
• Backup, recovery, and business continuity controls.
• Supplier due diligence and contractual security obligations.

No website, software system, cloud platform, or communication channel can be guaranteed to be completely secure. We encourage you to use strong passwords, protect your devices, and avoid sending highly sensitive information through unsecured channels.

14. Data Breaches and Security Incidents

If we become aware of a data breach or security incident involving personal information, we will assess the incident, take reasonable containment and remediation steps, and notify affected parties, clients, regulators, or authorities where required by law.

Where we process personal information on behalf of a client, we will follow the incident notification process set out in the relevant agreement, statement of work, data processing agreement, or support arrangement.

15. Retention of Personal Information

We retain personal information only for as long as reasonably necessary for the purpose for which it was collected, unless a longer retention period is required or permitted by law.

Retention periods depend on the type of information and the context. We generally retain:

• Website enquiry records for as long as needed to respond and manage the business relationship.
• Client, project, contract, and support records for the duration of the relationship and for a reasonable period afterwards for audit, legal, warranty, dispute, tax, and operational purposes.
• Billing, accounting, tax, and financial records for the periods required by applicable tax and accounting laws.
• Security logs for a reasonable period required for monitoring, investigation, and incident response.
• Recruitment records for the hiring process and a reasonable period afterwards, unless a longer period is consented to or required by law.
• Marketing preference records for as long as necessary to honour subscriptions, consent, and opt-out requests.

When personal information is no longer required, we will delete, anonymise, archive, or securely restrict it in accordance with our internal retention practices and applicable law.

16. Your Privacy Rights

Depending on the law that applies to you, you may have rights to:

• Request access to personal information we hold about you.
• Request correction of inaccurate, incomplete, or outdated personal information.
• Request deletion or destruction of personal information where permitted by law.
• Object to certain processing.
• Withdraw consent where processing is based on consent.
• Request restriction of processing in appropriate circumstances.
• Request portability of personal information where applicable.
• Object to direct marketing.
• Lodge a complaint with a relevant data protection or information regulator.

To exercise privacy rights, contact us at [email protected]. We may need to verify your identity before responding. We will respond within a reasonable time and in accordance with applicable law.

17. Client Data and Processor Activities

In many software development, cloud, DevOps, cybersecurity, support, or data migration projects, Synotech may process personal information on behalf of a client. In those cases:

• The client is generally responsible for determining the purpose and means of processing.
• Synotech processes the information according to the client’s documented instructions and the applicable agreement.
• The client is responsible for ensuring that it has a lawful basis to provide the personal information to Synotech.
• Synotech applies appropriate confidentiality, security, access control, and subcontractor safeguards.
• Synotech assists the client with reasonable privacy and security obligations where agreed in writing.

If there is a conflict between this Privacy Policy and a signed data processing agreement, the signed data processing agreement will apply to the extent of the conflict.

18. AI, Automation, and Development Tools

Synotech may use AI-assisted tools, automation, development environments, testing tools, analytics tools, and security tools to support service delivery and business operations.

Where personal information is involved, we take reasonable steps to ensure that such tools are used in a controlled and lawful manner. We do not intentionally use confidential client data, production personal information, or sensitive personal information in public AI tools unless the client has authorised the use and appropriate safeguards are in place.

19. Third-Party Websites and Services

Our website may contain links to third-party websites, platforms, tools, or resources. We are not responsible for the privacy practices, content, security, or availability of third-party websites or services.

You should review the privacy policies and terms of any third-party services you use.

20. Accuracy of Personal Information

We take reasonable steps to keep personal information accurate and up to date where necessary for the purpose for which it is used. You must provide accurate information and notify us of relevant changes, especially where the information relates to billing, project delivery, account access, legal notices, or security.

21. Contact and Complaints

For privacy questions, access requests, correction requests, deletion requests, objections, consent withdrawals, or complaints, contact:

Synotech
Website: www.synotech.dev
Email: [email protected]

We will review your request and respond in accordance with applicable law. If you are not satisfied with our response, you may have the right to contact the relevant data protection, information, communications, or consumer authority in your jurisdiction.

22. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, technologies, legal obligations, security practices, or business operations.

The latest version will be posted on www.synotech.dev. The “Last updated” date shows when the policy was last revised. Continued use of our website or services after an update means the updated Privacy Policy applies from its effective date.