SIYA Limited, trading as SIYA, is an incorporated company on the Isle of Man. We take the protection of your privacy very seriously. We are committed to being compliant with all applicable Isle of Man data protection legislation and the General Data Protection Regulation as it is applied to the Isle of Man in respect of personal data of natural persons (“GDPR”). We will only use your personal information in our business for our own commercial purposes, such as delivering the services you have requested from us, and to meet our legal responsibilities.

What Are The Data Protection Principles?

  • Lawfulness, Fairness and Transparency: Personal data must be processed lawfully, fairly and in a transparent manner.

  • Purpose Limitation: Personal data must be collected only for specified, explicit and legitimate purposes.

  • Data Minimisation: Personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.

  • Accuracy: Personal data must be accurate and where necessary kept up to date.

  • Storage Limitation: Personal data must not be kept in a form which permits identification of you for longer than is necessary for the purposes for which the data is processed.

  • Integrity and Confidentiality: Personal data must be processed in a manner that ensures its security using appropriate technical and organisational measures to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage.

How Do We Collect Information From You?

We obtain information about you when you engage us to deliver our services and/or when you use our website or social media platforms, for example, when you contact us about our services.

What Type of Information Do We Collect From You?

The personal information we collect from you will vary depending on which services you engage us to deliver. The personal information we collect might include your name, business or organisation name, address, telephone number and e-mail address. It may also include, and is not limited to, payment details, feedback, survey responses and marketing communication preferences.

In addition to the above, when you visit the website of SIYA Limited, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the installed cookies on your device. Additionally, as you browse the website, we collect information about the individual web pages you view, what websites or search terms referred you our website, and how you interact with our website.

You can visit our website without telling us who you are or revealing any information, by which someone could identify you as a specific, identifiable individual. However, if you wish to use some of our website’s features, or you wish to receive our newsletter or provide other details by filling a form, you may provide personal data to us. You can choose not to provide us with your personal data but then you may not be able to take advantage of some of the website’s features. For example, you won’t be able to contact us directly from the website or receive any direct marketing communications. If you are uncertain about what information is mandatory then please contact us as indicated under ‘Contact Information For Exercising Your GDPR Rights’ below.

How Is Your Information Used?

In general terms, and depending on which services you engage us to deliver, as part of providing our agreed services we may use your information to:

  • Contact you by post, e-mail, telephone, conference or video call;

  • Verify your identity where this is required;

  • Understand your needs and how they may be met;

  • Maintain our records in accordance with applicable legal and regulatory obligations;

  • Process financial transactions; and

  • Prevent and detect crime, fraud or corruption.

We will only retain your personal data for as long as is necessary to fulfil the purposes for which it is collected. We are required by legislation, other regulatory requirements and our insurers to retain your data where we have ceased to act for you.

When assessing what retention period is appropriate for your personal data, we take into consideration:

  • The requirements of our business and the services provided;

  • Any statutory or legal obligations;

  • The purposes for which we originally collected the personal data;

  • The lawful grounds on which we based our processing;

  • The types of personal data we have collected;

  • The amount and categories of your personal data; and

  • Whether the purpose of the processing could reasonably be fulfilled by other means.

Third Party Service Providers

We may pass your information to our third party service providers, agents, subcontractors and other associated organisations for the purposes of storage, completing tasks and providing services to you on our behalf, for example, to process basic bookkeeping, invoicing and payroll. However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service.

All our third party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

We will not release your personal information to third parties unless you have instructed us to or we are required to do so by law, for example, by a court order or for the purposes of prevention and detection of crime, fraud or corruption or we think a development or service will be of interest to you.

International Data Transfers

To provide you with our services, it may sometimes be necessary to transfer your personal data outside of the Isle of Man. SIYA is committed to ensuring the security and protection of your data, irrespective of where it is processed. When we transfer your personal data to other countries, we do so in compliance with GDPR requirements. We use the following safeguards to ensure your data is securely processed:

  • Adequacy Decisions: When possible, we transfer data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; and/or

  • Data Transfer Agreements: We enter into Data Transfer Agreements incorporating Standard Contractual Clauses recognised by the European Commission, ensuring that your personal data receives an adequate level of protection.

Security Precautions In Place To Protect The Loss, Misuse or Alteration of Your Information

Whilst we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk.

Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given, or where you have chosen, a password which enables you to access information, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Your data will usually be processed in our office on the Isle of Man. However, to allow us to operate efficient digital processes, we sometimes need to store information in servers located outside the Isle of Man. We take the security of your data seriously and so all our systems have appropriate security in place that complies with all applicable legislative and regulatory requirements.

When we use third party service providers and subcontractors, they will either be in a GDPR-compliant country (such as a country in the EEA or a country with an adequacy decision issued by the European Commission) or have the necessary safeguards in place.

Automated Decision-Making

We respect your rights and autonomy. We confirm that we do not use automated decision-making processes, including profiling, that produce legal effects concerning you or similarly significantly affect you. Our decisions that might impact you are made with human intervention, ensuring fairness and transparency in all our operations. Should we decide to implement any form of automated decision-making in the future, we will update this Privacy Notice accordingly and inform you of your rights related to such processing in line with GDPR requirements.

Your Choices

We may occasionally contact you by post/e-mail/telephone with details of any changes in legal and regulatory requirements or other developments that may be relevant to your affairs and, where applicable, how we may assist you further. If you do not wish to receive such information from us, please let us know by contacting us as indicated under ‘Contact Information For Exercising Your GDPR Rights’ below.

How You Can Access and Update Your Information

Keeping your personal information up to date and accurate is important to us. We commit to regularly review and correct where necessary, the personal information that we hold about you. If any of your information changes, please e-mail or write to us using the ‘Contact Information For Exercising Your GDPR Rights’ noted below.

Your Rights

Access to your information: You have the right to request a copy of the personal information about you that we hold.

Correcting your information: We want to make sure that your personal information is accurate, complete and up to date and you may ask us to correct any personal information about you that you believe does not meet these standards.

Deletion of your information: You have the right to ask us to delete personal information about you where:

  • You consider that we no longer require the personal information for the purposes for which it was obtained;

  • You have validly objected to our use of your personal information - see ‘Objecting to how we may use your information’ below;

  • Our use of your personal information is contrary to law or our other legal obligations; or

  • We are using your information with your consent and you have withdrawn your consent - see ‘Withdrawing consent to use your information’ below.

Restricting how we may use your information: In some cases, you may ask us to restrict how we use your personal information. This right might apply, for example, where we are checking the accuracy of personal information about you that we hold or assessing the validity of any objection you have made to our use of your personal information. The right might also apply where there is no longer a basis for using your personal information but you do not want us to delete the data. Where this right is validly exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.

Although certain documents may legally belong to you, we may destroy correspondence and other papers that we store electronically or otherwise that are more than six years old, except documents we think may be of continuing significance. You must tell us if you wish us to keep any documents for any longer period.

Where you do inform us of your wish for us to keep documents for a longer period, this is for discussion between the you and ourselves.

Objecting to how we may use your information: Where we use your personal information to perform tasks carried out on legitimate interest (or those of a third party) or in the public interest then, if you ask us to, we will stop using that personal information unless there are overriding legitimate grounds to continue. You may also object to us processing your personal information for direct marketing purposes.

Withdrawing consent to use your information: Where we use your personal information with your consent you may withdraw that consent at any time and we will stop using your personal information for the purpose(s) for which consent was given.

Automated decision-making and profiling: You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making unless we have a legitimate legal basis for doing so and we have notified you.

Please contact us in any of the ways set out in ‘Contact Information For Exercising Your GDPR Rights’ below if you wish to exercise any of these rights.

Fee For Accessing Your Personal Information

You will not have to pay a gee to access your personal information or to exercise any of the other rights. However, we may charge a fee if your request for access is unfounded or excessive.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information or exercise any of your rights. This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Updates To Our Privacy Notice

We are dedicated to maintaining the highest standards of privacy and data protection. Consequently, this Privacy Notice may be periodically updated to reflect changes in our data processing practices, compliance with new legal requirements, or enhancements in our privacy protection measures. Significant updates to this notice will be communicated to you through our website and, if you are our client, directly via e-mail. We encourage you to review this Privacy Notice regularly to stay informed about how we are protecting your data and your rights. The latest update will be displayed on our website.

This Privacy Notice was last updated on 18/03/2024.

Contact Information For Exercising Your GDPR Rights

Under GDPR, you have rights concerning your personal data, including the right to access, rectify, erase, restrict processing, object to processing, and the right to data portability. If you wish to exercise any of these rights or have questions regarding your personal data, please contact us using the details below:

Alexander Yiu alexanderyiu@SIYA.im

Complaints

We commit to processing all personal data in accordance with the GDPR and applicable Isle of Man data protection legislation. We seek to directly resolve all complaints about how we handle your personal information.

For any complaints or concerns that cannot be resolved directly with us, you have the right to lodge a complaint with the Isle of Man Information Commissioner at:

Information Commissioner

First Floor

Prospect House

Douglas

IM1 1ET

Isle of Man

Telephone: +44 (0)1624 693260

E-mail: ask@inforights.im

Website: https://www.inforights.im/

Privacy Notice For SIYA