Symatrix Privacy Policy

As of 7^th March 2025, Symatrix Limited has been acquired by International Business Machines Corporation (“IBM”) and will be integrated into the IBM organization.

This policy sets out how Symatrix Limited, an IBM Company (“Symatrix”) handles your personal information if you’re a Symatrix user or visitor to our sites.

If you have any questions about our privacy practices or how we have been managing your personal information, please contact our privacy officer at gareth.rossington@symatrix.com.

Introduction

At Symatrix we value your privacy and are committed to protecting and processing your personal information responsibly.

This privacy statement describes how Symatrix collects, uses, and shares personal information about consumers and other individuals within our clients, business partners, supplier and other organizations with which Symatrix has or contemplates a business relationship. It applies to Symatrix and subsidiaries except where a subsidiary presents its own statement without reference to Symatrix.

Where we provide products, services, or applications as a business-to-business provider to a client, the client is responsible for the collection and use of personal information while using these products, services, or applications. This collection and use is covered by the client’s privacy policy, unless otherwise described. Our agreement with the client may allow us to request and collect information about authorized users of these products, services, or applications for reasons of contract management. In this case, this privacy statement, or a supplementary privacy notice, applies.

We may provide additional data privacy information by using a supplementary privacy notice.

Information About Symatrix:

SYMATRIX LIMITED

A limited company registered in England under company number 03926985

Registered office: 86 King Street, Manchester M2 4WQ

Data Protection Officer: Gareth Rossington

Email address: gareth.rossington@symatrix.com

Telephone number: 0330 024 0454

Postal Address: Manchester Service Centre, 86 King Street, Manchester M2 4WQ

 

Personal Information We Collect and Use

This section describes the various types of information that we collect and how we use it.

It includes information on Your Account, Symatrix Websites, Marketing, Contractual Relationships, Support Services, Protecting You and Symatrix, Symatrix Locations, Recruitment and Former Employees, Conducting our Business Operations, Cookies and Similar Technologies, and Children.

The information that we collect and use may include profile information, interactions on webpages, marketing preferences, information to investigate malicious activities, recordings or transcripts of your conversations with us for support purposes, information to improve our business operations, and more.

Depending upon your use of our site or services, we may collect and hold some or all of the personal and non-personal data set out in the table below, using the methods also set out in the table. We do not collect any ‘special category’ or ‘sensitive’ personal data or personal data relating to children or data relating to criminal convictions and/or offences.

 

Data Collected	How we collect the Data
Identity Information including: ·        Name; ·        Title.	Email / Phone / Face to face meeting
Contact information including: Address; Email address; Telephone number.	Email / Phone / Face to face meeting
Business information including Business name; Job title; Profession.	Email / Phone / Face to face meeting
Profile information including: Information about your preferences and interests.	Email / Phone / Face to face meeting

 

Your Account

 

When you join Symatrix as a customer, a number of your staff will be able to log in to a customer-facing portal, which gives access into our case management system where you can view updates on incidents and changes. To facilitate this access we will maintain a record of the person’s name, your company name, phone number and email address.

 

Symatrix Websites

Our websites offer ways to communicate with you about us, our products, and services. The information that we collect on websites is used to provide you with access to the website, to operate the website, to improve your experience, and to personalize the way that information is provided to you. If you visit our websites without logging in with an account, we may still collect information that is connected to your website visit.

For more information on the technologies that we use to collect website information, and setting your preferences, see Cookies and Similar Technologies.

Learn more:

We collect information about your use of our websites, such as:

• the webpages you view,
• the amount of time you spend on pages,
• the website URL that referred you to our pages,
• your geographic information derived from your IP address,
• and any hyperlinks you select.

We use this information to improve and personalize your experience with our websites, provide you with content that you may be interested in, create marketing insights, and to improve our websites, online services, and related technologies.

We also collect the information that your browser or device automatically sends, such as:

• your browser type and IP address,
• operating system, device type, and version information,
• language settings,
• crash logs,
• and passwords.

We use this information to provide you with access to our webpages, improve the webpage view on your device and browser, adapt to your settings and language, and adapt content for relevancy or any legal requirements for your country. We also use this information to comply with system and network security requirements, and to provide support. For more information see, Support Services and Protecting You and Symatrix.

We also provide platforms and forums that enable online sharing, support, and collaboration among registered members. Any information that you submit to these platforms may be made available to others on the internet, or removed by us, as covered in the platform privacy notice or terms. We are not responsible for any content that you make available through your use of our products or services.

We prepare reports on the use of our websites to derive insights into trending topics and general market knowledge. These reports may be provided to third parties with details on how users interacted with or showed interest in the third-party products or services that were presented on our websites.

We accept no responsibility for the content provided on, or privacy practices, of third-party websites or applications.

Marketing

With your permission and/or where permitted by law, we may also use your personal data for marketing purposes, which may include contacting you by email or telephone or text message or post with information, news, and offers on our products or services. You will not be sent any unlawful marketing or spam. We will always work to protect your rights and comply with our obligations under the Data Protection Legislation and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out. We will always obtain your express opt-in consent before sharing your personal data with third parties for marketing purposes and you will be able to opt-out at any time.

Learn more:

We use information that we collect for marketing purposes. This may include information:

• Collected directly from you through your interactions with Symatrix, such as attendance at events or submission of online registration forms,
• Received from third-party data providers, subject to controls confirming that the third party legally acquired the information and has the right to provide the information to Symatrix for use in our marketing communications,
• Collected on our websites or from your interactions with Symatrix emails and content, including content on third-party sites. For more information on the technologies that we use to collect this information, see Cookies and Similar Technologies.

Subject to your preferences, we may use this information to market to you regarding Symatrix products, services, and offerings. For example, we may:

• Contact you by using email, telephone, or postal mail
• Personalize your experience with Symatrix products and services, such as sharing more relevant content or pre-filling registration forms on our websites.
• Deliver targeted Symatrix advertisements on third-party websites based on information we or authorized third parties collect about your interactions with Symatrix websites, our content, emails, or, in select geographies, activity linked to your hashed email address.

To set or update your preferences with regards to marketing activities using your email address, phone, or postal address, you may submit an opt-out request or select Unsubscribe in each marketing email.

To opt out of the use of your hashed email for personalization or targeted advertising, you can withdraw your email consent by using these options.

We also use this information to develop marketing and business intelligence, which is essential for our business operations. For example, we may:

• Combine the information we collect to better understand your interests and potential business needs,
• Use aggregated data to measure effectiveness of our marketing campaigns and events, and to proceed to informed business decisions and investments,
• Aggregate the information that is collected about Symatrix website visitors for the purposes of developing and modelling marketing audiences.

 

Contractual Relationships

A contractual relationship is created when you order a trial, or a product or service from us. While we mainly provide our products and services to businesses, individuals may also enter into an agreement with us directly as a client. We may collect any information that is reasonably necessary to prepare for, enter, and fulfill, the contractual agreement.

Learn more:

The information collected in a contractual relationship may include the business contact information of the requester and the order details. Information that is required for shipment and payment, for the implementation of services, or to grant access to the product or service may also be collected.

This information may be collected for various purposes, depending on the nature of the products or services, for example, for contractual management and compliance, to provide support, for the improvement or development of our products and services, to contact you for customer satisfaction surveys, and to generate technical and market insights.

The information collected in a contractual relationship is not used for the purposes of marketing and advertising without obtaining consent before processing.

 

Support Services

When you contact us to request support, we collect your contact information, problem description, and possible resolutions. We record the information that is provided to handle the support query, for administrative purposes, to foster our relationship with you, for staff training, and for quality assurance purposes.

Protecting You and Symatrix

We may collect and use information to protect you and Symatrix from IT security threats and to secure the information that we hold from unauthorized access, disclosure, alteration, or destruction. This includes information from our IT access authorization systems, such as log-in information.

Learn more:

The security solutions we use to protect your information, our infrastructure, and our networks may collect information such as IP addresses and log files. This is necessary for the functionality and utility of security programs to enable the investigation of any potential security incidents and generate insights on security threats.

We may use specialized tooling and other technical means to collect information at access points to, and in, IT systems and networks to detect unauthorized access, viruses, and indications of malicious activities. The information we collect may be used to conduct investigations when unauthorized access, malware or malicious activities are suspected, and to remove or isolate malicious code or content.

 

Symatrix Locations

When you visit a Symatrix location, we collect your name or business contact information (see Your Account), and, in some cases, information from a government issued ID. This information is collected for access management and to protect the security and safety of our locations and employees.

Learn more:

The information that is collected at our locations is used to issue access badges. We may verify the identity of visitors where legally permissible and, for supplier personnel working on site, a badge with a photo identification may be requested for identification purposes.

 

Recruitment and Former Employees

We are constantly searching for new talent for our organization, and we collect information about job applicants or prospective candidates from several sources. Applicants are referred to the Talent Acquisition Privacy Notice for more information. When an employee leaves Symatrix, we continue to process information that is related to them for any remaining business, contractual, employment, legal, and fiscal purposes, including the management of pensions to the extent handled by Symatrix.

As part of Onboarding activity, background checks are completed by Sterling Check and any Right to Work Checks along with payroll information, Contracts etc is saved to the employee folder. If they leave the organisation, this is deleted as per retention guidelines.

 

Learn more:

Regarding recruitment, we may look for prospective candidates with the help of recruitment intermediaries and may use publicly available information on social media platforms to identify prospective candidates for a specific function.

When an employee leaves Symatrix, we retain basic information from the former employee about their employment at Symatrix.

After an employee retires, we process information about the retiree for fulfilling the pension obligations toward the retiree. Information about the processing of pension information, or other retirement programs, can be found with the local organization responsible for pensions. In some countries, this may be an independent organization.

 

Conducting our Business Operations

We collect and use information to improve our business operations, systems, and processes. For example, information may be used to conduct, maintain, audit, and optimize our operations, to protect our assets and employees, for product development, and to defend our rights.

Learn more:

We collect information about our business operations to make informed decisions about the organization, the business, and to report on performance, audits, and trends. For example, we use this information to analyze the costs and quality of our operations. Where possible, this is done by using aggregated information, but may use personal information.

We collect and use information from our business systems, which may include personal information, to:

• protect or enforce our rights, including to detect fraud or other criminal activities (for example, by using information in payment systems)
• handle and resolve disputes
• answer complaints and defend Symatrix in legal proceedings
• and comply with legal obligations in the countries where we do business

We collect information from the use of our business processes, websites, cloud and online services, products, or technologies. This information may include personal information and is used for product and process development. For example, we may use this information to increase efficiency, decrease costs, or improve services by developing automated processes and tools, or to develop or improve the technologies on which these are based.

 

Cookies and Similar Technologies

When you visit our websites, cloud and online services, software products, or view our content on certain third-party websites, we collect information regarding your connection and your activity by using various online tracking technologies, such as cookies, web beacons, Local Storage, or HTML5. Information that is collected with these technologies may be necessary to operate the website or service, to improve performance, to help us understand how our online services are used, or to determine the interests of our users. We use advertising partners to provide and assist in the use of such technologies on Symatrix and other sites.

Learn more:

A cookie is a piece of data that a website may send to your browser, which may be stored on your computer and can be used to identify your computer. Web beacons, including pixels and tags, are technologies that are used to track a user visiting a Symatrix web page or if a web page was copied to another website. Local Shared Objects can store content information displayed on the webpage visited, and preferences. All of these technologies may be used to provide connected features across our websites or display targeted Symatrix advertising (subject to your cookie preferences) on other websites based on your interests. Web beacons may also be used to track your interaction with email messages or newsletters, such as to determine whether messages are opened or links are selected.

For information on cookies and how to remove these technologies by using browser settings, see https://www.allaboutcookies.org/. 

 

Children

Unless otherwise indicated, our websites, products, and services are not intended for use by children or minors as specified by law in their jurisdiction.

 

Sharing Personal Information

We may share your personal information internally and externally with suppliers, advisors, or Business Partners for Symatrix’s legitimate business purposes, and only on a need-to-know basis. This section describes how we share information and how we facilitate that sharing.

 

How We Share Personal Information

 

When sharing personal information, we implement appropriate checks and controls to confirm that the information can be shared in accordance with the applicable law.

If we decide to sell, buy, merge, or otherwise reorganize businesses in some countries, such a transaction may involve disclosing some personal information to prospective or actual business purchasers, or the collection of personal information from those selling such businesses.

Learn more:

Internally, personal information is shared for our business purposes: to improve efficiency, for cost savings, and internal collaboration between our subsidiaries. For example, we may share personal information such as managing our relationship with you and other external parties, compliance programs, or systems and networks security.

Our internal access to personal information is restricted and granted only on a need-to-know basis. Sharing of this information is subject to the appropriate intracompany arrangements, our policies, and security standards. For more information, see Legal Basis.

Externally,

• our business with suppliers may include the collection, use, analysis, or other types of processing of personal information on our behalf. 
• our business model includes cooperation with independent Business Partners for marketing, selling, and the provision of Symatrix products and services. Where appropriate (for example, when necessary for the fulfilment of an order), we share business contact information with selected Business Partners.
• we may share personal information with professional advisors, including lawyers, auditors, and insurance companies to receive their services.
• we may share contractual relationship information with others, for instance, our Business Partners, financial institutions, shipping companies, postal, or government authorities, such as the customs authorities that are involved in fulfillment.
• We may share personal information with third parties, such as advertising technology partners, data analytics providers and social networks engaged by Symatrix to deliver targeted advertisements on their platforms, to aggregate information for analysis, and to track engagement with those advertisements.

In certain circumstances, personal information may be subject to disclosure to government agencies in accordance with judicial proceedings, court orders, or legal processes. We may also share personal information to protect the rights of Symatrix or others when Symatrix believes that such rights may be affected, for example to prevent fraud.

 

Facilitating International Transfers

Your personal information may be transferred to or accessed by our subsidiaries and third parties globally. Symatrix and IBM complies with laws on the transfer of personal information between countries to keep your personal information protected, wherever it may be.

We may store or transfer some or all of your personal data in countries that are not part of the European Economic Area (the “EEA” consists of all EU member states, plus Norway, Iceland, and Liechtenstein). These are known as “third countries” and may not have data protection laws that are as strong as those in the UK and/or the EEA. If we do so, we will take additional steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK and under the GDPR.

We use specific contracts with external third parties that are approved by the European Commission for the transfer of personal data to third countries. These contracts ensure the same levels of personal data protection that would apply under the GDPR. More information is available from the European Commission.

Where we transfer your data to a third party based in the US, the data is protected by ensuring compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), and the UK Extension to the EU-U.S. DPF. This requires that third party to provide data protection to standards similar to the levels of data protection in Europe and the UK. More information is available from the European Commission, the Dept for Science, Innovation & Technology and the US Dept of Commerce International Trade Administration.

Please contact us using the details below for further information about the particular data protection mechanisms used by us when transferring your personal data to a third country:

Data Protection Officer: Gareth Rossington

Email address: gareth.rossington@symatrix.com

Telephone number: 0330 024 0454

Postal Address: Manchester Service Centre, 86 King Street, Manchester M2 4WQ

The security of your personal data is essential to us, and to protect your data, we take a number of important measures, including the following:

• limiting access to your personal data to those employees, agents, contractors, and other third parties with a legitimate need to know and ensuring that they are subject to duties of confidentiality;
• procedures for dealing with data breaches (the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your personal data) including notifying you and/or the Information Commissioner’s Office where we are legally required to do so.

 

Controller and Representative Information

IBM does business through its subsidiaries worldwide. The privacy laws in some countries consider a Controller to be the legal entity (or natural person) who defines the purposes for which the processing of personal information takes place and how that information is processed. Parties that are involved in processing operations on behalf of a Controller may be designated as Processors. Designations and associated obligations differ, depending on the jurisdiction.

 

Information Security and Retention

To protect your personal information from unauthorized access, use, and disclosure, we implement reasonable physical, administrative, and technical safeguards. These safeguards include role-based access controls and encryption to keep personal information private while in transit. We also require our Business Partners, suppliers, and third parties to implement appropriate safeguards, such as contract terms and access restrictions, to protect information from unauthorized access, use, and disclosure. 

We only retain personal information as long as necessary to fulfill the purposes for which it is processed, or to comply with legal and regulatory retention requirements. Legal and regulatory retention requirements may include retaining information for:

• audit and accounting purposes,
• statutory retention terms,
• the handling of disputes,
• and the establishment, exercise, or defense of legal claims in the countries where we do business. 

We retain any contractual relationship information for administrative purposes, legal and regulatory retention requirements, defending Symatrix rights, and to manage our relationship with you. The information that is provided in a supplementary privacy notice may provide more detailed information on applicable retention terms.

When personal information is no longer needed, we have processes in place to securely delete it, for example by erasing electronic files and shredding physical records.

 

Your Rights

Under the GDPR, you have the following rights, which we will always work to uphold:

a) The right to be informed about our collection and use of your personal data. This Privacy Notice should tell you everything you need to know, but you can always contact us to find out more or to ask any questions using the details detailed in this statement.

b) The right to access the personal data we hold about you.

c) The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. Please contact us using the details in in this statement to find out more.

d) The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have. Please contact us using the details in this statement to find out more.

e) The right to restrict (i.e. prevent) the processing of your personal data.

f) The right to object to us using your personal data for a particular purpose or purposes.

g) The right to withdraw consent. This means that, if we are relying on your consent as the legal basis for using your personal data, you are free to withdraw that consent at any time.

h) The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.

i) Rights relating to automated decision-making and profiling. We do not use your personal data in this way.

For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided in this statement.

It is important that your personal data is kept accurate and up-to-date. If any of the personal data we hold about you changes, please keep us informed as long as we have that data.

Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.

If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.

Furthermore, the Contact Us form can be used to:

• ask questions related to this Privacy Statement and privacy practices. Your message is forwarded to the appropriate member of the Symatrix Team, including the responsible Data Protection Officer.
• submit a complaint to Symatrix if you are not satisfied with how Symatrix is processing your personal information.

If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a Data Rights request (DR).

All DR requests should be made in writing and sent to the email or postal addresses shown at the start of this statement.

There is not normally any charge for a DR request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.

You can submit a DR request to:

• request access to the personal information that we have on you, or have it updated or corrected. Depending on the applicable law, you may have additional rights concerning your personal information.
• request to obtain your personal information in a usable format and transmit it to another party (also known as the right to data portability);
• request to delete the personal information we hold about you;
• Opt-out of specific personal information processing types, such as targeted advertising

Data Right Request Details:

When you submit a DR request, you provide us with personal information, including your name and contact details, which we use to respond to your request. In some circumstances, to verify your identity and to ensure we disclose the personal information to the correct individual, we may also request a copy of your photo ID, which is deleted immediately after verification of your identity.

Upon your DR request, your personal information is processed for handling and fulfilling your DR request, in line with Symatrix’s legal obligations and commitments related to DRs.

The data relevant to your DR request is retained for a minimum of three years from the date of your last DR-related communication with Symatrix, to address any request you may have in relation to it, and for Symatrix's compliance and recording purposes.

For more information about how we process your data, see Personal Information We Collect and Use.

 

Your rights may be subject to limitations and exceptions resulting from applicable laws. For example, there may be situations where we cannot share certain information that you seek if disclosing this means disclosing information about others.

You may also have the right to complain to the competent supervisory authority.

You can opt out of our marketing communications by contacting us using the details in this statement to request to opt-out or select Unsubscribe at the end of each marketing email.

 

Legal Basis

In some jurisdictions, the lawful handling of personal information is subject to a justification, sometimes referred to as legal basis. The legal bases that we rely on for the lawful handling of your personal information vary depending on the purpose and applicable law.

The different legal bases that we may use are:

Necessary for the performance of a contract with you

We rely on this legal basis when we need to process certain personal information, such as your contact details, payment details, and shipment details, to perform our obligations or to manage our contractual relationship with you.

Examples:

• If you intend to purchase a product or service, we require your business contact information to enter into a contract with you
• When fulfilling a contract, you may need to receive support services, for which we will need to collect your contact information.
• We need personal information to consider job applicants or manage the pension entitlements of retirees (see Recruitment and Former Employees).

Necessary for the purposes of Symatrix’s or a third party’s legitimate interest

Legitimate interests relate to being able to conduct and organize business, which includes the marketing of our offerings, protecting our legal interests, securing our IT environment, or meeting client requirements.
Examples:

• We capture your use of, and interaction with our websites to improve them.
• Where we have a contractual relationship with the organization that you are working for, we have a legitimate interest to process your personal information used to manage this contract.
• We process your business contact information (see Your Account) in combination with other business-relevant information to tailor our interactions with you and promote our products and services. We may process your contact information together with details of a Symatrix event you attended to develop Marketing and business intelligence.
• We process the personal information of applicants based on our legitimate interest to source suitable talent (see Recruitment and Former Employees).
• We have to keep our general business operations functional. To this end we may, for example, processes the login information of our IT systems and networks, We may also process personal information where it is necessary to defend our rights in judicial, administrative, or arbitral proceedings. This also falls under the legal basis of legitimate interest in countries where they are not a separate legal basis.

We process personal information for credit protection, which is a specific legal basis under Brazilian law (LGPD) but is also covered under the legal basis of legitimate interest in other countries.

Consent

The processing is based on your consent where we request this.
Example:

• the optional use of Cookies and Similar Technologies or email of Marketing materials.

Legal obligation

Where we need to process certain personal information based on our legal obligation. Example:

• We may be obliged to ask for a government-issued ID for certain transactions, such as for a financing transaction (see Contractual Relationship).

 

Privacy Statement Updates

We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection. Any changes will be made available through our website.

By continuing to use our websites and services after a revision takes effect, it is considered that users have read and understand the changes.

Previous versions of the Privacy Statement are available by contacting us at: gareth.rossington@symatrix.com.