- Credit / Debit Cards
Under the EU’s General Data Protection Regulation (“GDPR”): Personal Data is defined as “any information relating to an identified or identifiable natural person ('data subject'); by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
Who is the Data Controller?
A Data Controller is the individual or legal person who controls and is responsible to keep and use personal data in paper or electronic files. We are the data controller as defined by relevant data protection laws and regulation.
The lawful bases for processing are set out in Article 6 of the GDPR. At least one of these must apply whenever personal data is to be processed:
(a) Consent: you have given Sisan Limited clear consent for your personal data to be processed for a specific purpose
(b) Contract: the processing is necessary for a contract you have with, Sisan Limited or Sisan Limited has asked you to take specific steps before entering into a contract
(c) Legal obligation: the processing is necessary for Sisan Limited to comply with the law (not including contractual obligations)
(d) Vital interests: the processing is necessary to protect someone’s life
(e) Public task: the processing is necessary for Sisan Limited to perform a task that is in the public interest or for its official functions, and the task or function has a clear basis in law
(f) Legitimate interests: the processing is necessary for Sisan’s Limited r legitimate interests, or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data that overrides those legitimate interests
What Personal Data can be collected
We may collect and process various types of personal data about you including but not limited to:
full name, address, telephone number, email, gender, address, Internet Protocol address, National Insurance Number, employment records, bank details, criminal record check, health care records.
What are your rights in respect of your personal data?
The right of access
The right to rectification
The right to erasure or right to be forgotten
The right to restriction of processing
The right to be informed
The right to data portability
The right to object
The right not to be subject to a decision based solely on automated processing
Who will have access to your personal data?
Information is stored by Sisan Limited on computers located in the EU Sisan Limited has security protocols and policies in place to manage and record your data privacy and preferences correctly, and to ensure that your data is stored securely to protect against its loss, misuse and alteration.
Sisan Limited takes steps to ensure that any businesses with which we share your data will have security protocols and policies in place to manage and record your data privacy and preferences correctly and that your data will be stored correctly, in accordance with GDPR.
Disclosure of your personal information
We may exchange your personal information with certain third parties to assist in managing, administering and executing services including but not limited to:
Organisations undertaking reviews of the accuracy and completeness of our information;
Our solicitors, valuers and insurers for products
Organisations maintaining our information technology system and providing information technology services
Organisation undertaking verification services
Authorised financial institutions, such as banks, credit unions and building societies, providing account details as a mechanism for providing payments or receipt of payments.
Where will my personal data be processed?
As a data controller Sisan Limited will retain all your information inside the European Economic Area (EEA). Where Sisan Limited may transfer your data to a third party, we will ensure that the third party processes your data inside the European Economic Area (EEA), or has been allocated an ‘adequacy’ rating by the European Commission.
How long do we keep your personal data?
We will not retain your personal data for longer than necessary and we will hold it only for the purposes for which it was obtained. The length of time we retain your personal data depends on the purposes for which we use it and/or for as long as is necessary to comply with applicable laws and to establish, exercise or defend our legal rights.
How can you object to the processing of your personal data?
Where permitted by applicable law or regulation, you have the right to object to us processing your personal data or to tell us to stop processing it (including for purposes of direct marketing). Once you have informed us of this request, we shall no longer process your personal data unless permitted by applicable laws and regulations.
How often do we update this privacy notice?
How can you contact us?
If you have any queries about how we use your personal data, you can write to us at the following address, or contact us by email or telephone as follows:
6 Leconfield House
London SE5 8AY
Tel. +44 07912 083963
If you are not satisfied with our response to any complaint, or if you believe our processing of your information does not comply with data protection law, you can make a complaint to the Information Commissioner’s Office (“ICO”) at the following address:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Telephone: 0303 123 1113