Privacy Policy
Last Updated: 20th August 2025
1. Introduction
1.1 Synomos Limited (‘we’, ‘us’, ‘our’) is a private company limited by shares (company number 16654237) providing freelance paralegal services to solicitor firms in England and Wales.
1.2 We are committed to protecting and respecting your privacy. This policy explains how we collect, process, and protect personal data when providing our paralegal services and through our website.
1.3 We are pending registration with the Information Commissioner’s Office (ICO).
1.4 For the purpose of the UK General Data Protection Regulation (UK GDPR):
- When we process personal data on your instruction as part of our paralegal services, you (the instructing solicitor firm) are the Data Controller and we are the Data Processor
- When we process data about our clients directly (such as contact details), we are the Data Controller
- For website visitors, we are the Data Controller
1.5 Important: We are not a solicitor firm, we are not regulated by the Solicitors Regulation Authority, and we do not perform reserved legal activities. We provide paralegal support services to qualified solicitor firms.
2. Terminology
| Term | Definition |
| We, us, our | Synomos Limited (company number 16654237) |
| Personal data | Any information relating to an identified or identifiable individual |
| Special category personal data | Personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, trade union membership; genetic data; biometric data (where used for identification); data concerning health, sex life or sexual orientation |
| Data subject | The individual who the personal data relates to |
| You, your | Our clients (solicitor firms), website visitors, and individuals whose data we process |
3. Personal Data We Collect
3.1 Client Data (Solicitor Firms)
We collect and process the following data about our clients:
Essential Client Information:
- Firm name and business address
- Contact person names and job titles
- Email addresses and telephone numbers
- Billing and payment information
- Professional regulatory details (SRA numbers where applicable)
Matter-Related Information:
- Case references and matter descriptions
- Instructions and correspondence
- Billing records and time entries
- File management information
3.2 Case Data (Data Processing Services)
When providing paralegal services, we may process personal data on your instruction, which may include:
Standard Personal Data:
- Names, addresses, and contact details of your clients
- Employment details and financial information
- Documentation related to legal matters
- Correspondence and witness statements
Special Category Data (where relevant to the matter):
- Health information (e.g., personal injury claims)
- Criminal records data
- Information about racial or ethnic origin, religious beliefs, or sexual orientation (e.g., discrimination matters)
3.3 Website Data
Our website address is: www.synomos.co.uk
Automatically Collected:
- IP addresses and browser information
- Pages visited and time spent on site
- Referral sources and exit pages
- Device type and operating system
Voluntarily Provided:
- Contact form submissions
- Newsletter subscriptions
- Comments on blog posts
4. How Your Personal Data is Collected
4.1 We collect personal data:
- Directly from you during client onboarding and ongoing instructions
- Through our website contact forms and interactions
- From publicly accessible sources (e.g., Companies House, Law Society records)
- Via our IT systems including email, case management systems, and website analytics
- From third parties with your consent (e.g., courts, other legal professionals)
4.2 Website-Specific Collection Methods:
- Cookies: We use cookies for website functionality and analytics
- Contact Forms: Information you provide when contacting us
- Comments: If you comment on our site, we collect the data shown in the comment form, plus your IP address and browser user agent string for spam detection
- Embedded Content: Our site may include embedded content from other websites which may collect data about you
5. Lawful Basis for Processing
5.1 Our lawful basis for processing personal data depends on the type of data and purpose:
| Purpose | Lawful Basis |
| Providing paralegal services to clients | Performance of contract |
| Case data processing on client instruction | Processing under your instruction as Data Processor |
| Client relationship management | Legitimate interests (business relationship) |
| Website operation and security | Legitimate interests (website security and improvement) |
| Marketing communications | Legitimate interests (with opt-out rights) |
| Legal compliance | Legal obligation |
| Special category data | Usually legal claims, substantial public interest, or explicit consent |
5.2 When processing special category personal data, we ensure we have appropriate additional lawful basis, typically:
- Processing is necessary for establishing, exercising, or defending legal claims
- Processing is necessary for reasons of substantial public interest
- We have your explicit consent
6. How and Why We Use Personal Data
6.1 We use personal data for the following purposes:
Client Services:
- Providing paralegal services as instructed
- Managing client relationships and communications
- Billing and payment processing
- File and matter management
Business Operations:
- Website operation and improvement
- System security and fraud prevention
- Quality control and training
- Business development and marketing
- Legal and regulatory compliance
Data Processing Services:
- Processing case data strictly in accordance with client instructions
- Maintaining confidentiality and security of client files
- Assisting with document preparation and case management
- Providing administrative support to legal matters
7. Marketing and Communications
7.1 We may send you updates about our services, including:
- Service updates and legal news relevant to your practice
- Information about new paralegal services
- Business updates and company news
7.2 Our lawful basis for marketing is legitimate interests, meaning we don’t usually need consent, but you can opt out at any time by:
- Contacting us directly
- Updating preferences on our website
7.3 We will never sell your data to third parties for marketing purposes.
8. Cookies and Website Technologies
8.1 Our website uses cookies for:
- Essential cookies: Website functionality and security
- Analytics cookies: Understanding how visitors use our site
- Preference cookies: Remembering your settings
8.2 Specific Cookie Usage:
- If you comment on our site, you may opt-in to saving your name, email, and website in cookies for convenience (lasting one year)
- Login cookies last for two days, with ‘Remember Me’ extending this to two weeks
- Administrative cookies for managing content expire after one day
8.3 You can control cookies through your browser settings, though some website functionality may be affected.
9. Who We Share Your Personal Data With
9.1 We may share personal data with:
Service Providers:
- IT service providers and cloud storage platforms
- Professional indemnity insurers
- Banking and payment processing services
- Website hosting and analytics providers
Professional Third Parties:
- Other legal professionals when instructed by clients
- Courts and tribunals when required
- Regulatory bodies when legally obligated
- Professional advisors (accountants, solicitors)
Legal Requirements:
- Law enforcement agencies when legally required
- Regulatory bodies in compliance with legal obligations
- Courts and tribunals in connection with legal proceedings
9.2 We only share data where necessary and ensure all third parties have appropriate security measures and confidentiality obligations.
9.3 Important for Case Data: As a Data Processor, we will only share case data in accordance with your specific instructions or where legally required.
10. Data Security
10.1 We implement appropriate technical and organisational measures including:
- Encryption of data in transit and at rest
- Access controls and user authentication
- Regular security updates and monitoring
- Staff training on data protection
- Secure backup and recovery procedures
10.2 We limit access to personal data to those with genuine business need and subject all staff to confidentiality obligations.
10.3 We have procedures for dealing with suspected data breaches and will notify you and relevant regulators as required by law.
11. International Transfers
11.1 We primarily store and process data within the UK. Where we use service providers that may transfer data internationally, we ensure:
- Adequate protection through adequacy decisions, or
- Appropriate safeguards such as standard contractual clauses
11.2 Current international transfers:
| Service Provider | Category | Countries | Safeguards |
| Microsoft Corporation | Cloud services (Microsoft 365 Business) | United States and other countries where Microsoft operates data centres | UK Extension to EU-US Data Privacy Framework (adequacy decision) and Microsoft Data Protection Addendum |
12. Data Retention
12.1 Client Data: We retain client contact and business information for 6 years after the end of our business relationship to comply with legal and accounting obligations.
12.2 Case Data: We retain case data for the duration of the matter we’re instructed on. Upon completion:
- We securely return or delete case data in accordance with your instructions
- We may retain necessary records for complaints handling as agreed
12.3 Website Data:
- Analytics data: 26 months
- Contact form submissions: 3 years
- Comments: Indefinitely (for spam prevention and continuity)
12.4 We will securely delete or anonymise data when retention periods expire.
13. Your Rights
13.1 Under UK GDPR, you have the following rights:
| Right | Description |
| Access | Request copies of your personal data |
| Rectification | Request correction of inaccurate data |
| Erasure | Request deletion in certain circumstances |
| Restriction | Request limitation of processing |
| Portability | Request transfer of data to another organisation |
| Objection | Object to processing, particularly for marketing |
| Withdrawal of consent | Where we rely on consent, you can withdraw it |
13.2 For Case Data: As we process this data on instruction from solicitor firms, requests regarding case data will be forwarded to the relevant Data Controller (your solicitor firm).
13.3 To exercise your rights:
- Email us at dataprivacy@synomos.co.uk
- Provide sufficient identification information
13.4 We will respond within one month of receiving a valid request.
14. Website-Specific Privacy Information
14.1 Comments: An anonymised string from your email address may be provided to Gravatar to display your profile picture. After approval, your profile picture is visible publicly with your comment.
14.2 Media Uploads: Avoid uploading images with location data (EXIF GPS) as visitors can download and extract this information.
14.3 Embedded Content: Third-party embedded content (videos, social media) may collect data about you and use cookies.
14.4 Spam Detection: Comments may be checked through automated spam detection services.
15. Contact and Complaints
15.1 Our Contact Details:
- Email: dataprivacy@synomos.co.uk
- Address: 4 Tower View, Sheffield, S10 5BX
15.2 Data Protection Queries: Contact us using the details above for any privacy-related questions.
15.3 Complaints: You have the right to lodge a complaint with:
Information Commissioner’s Office (ICO)
- Website: www.ico.org.uk
- Phone: 0303 123 1113
- Address: Wycliffe House, Water Lane, Wilmslow, SK9 5AF
16. Changes to This Policy
16.1 This privacy policy was last updated on 20th August 2025.
16.2 We may update this policy periodically. Significant changes will be notified via our website and by email to existing clients.
16.3 The current version is always available on our website.
17. Additional Information
17.1 Accessibility: This policy is available in alternative formats upon request.