SIRENUM LIMITED PRIVACY POLICY

1. PURPOSE OF OUR POLICY

  1. Sirenum Limited (Company Number 08749533) of Winston House, 349 Regents Park Road, London N3 1DH, UK (we, us or our) offers and provides human resource management software and services (Services) to our clients (Clients) via the Sirenum website, “MySirenum” mobile application and web applications (Platform).
  2. For the purposes of the Data Protection Act 1998 (Act), we are the data controller except where we act as a data processor for and under the instructions of a Client. This Policy also takes into account general application in the European Union of the General Data Protection Regulation (GDPR) from 25 May 2018.
  3. We have adopted this Privacy Policy to ensure that we have standards in place to protect the data that we collect about individuals that is necessary and incidental to providing the Services; and the normal operations of our business.
  4. By publishing this Privacy Policy we aim to make it easy for our users, customers and the public to understand what data we collect and store, why we do so, how we receive and/or obtain that information, and the rights an individual has with respect to their data in our possession.

2. WHOM AND WHAT THIS POLICY APPLIES TO

  1. We handle data in our own right and also for and on behalf of our Clients and other users.
  2. Our Privacy Policy does not apply to information we collect about businesses or companies, however, it does apply to information about the people in those businesses or companies which we store.
  3. The Privacy Policy applies to all forms of information, physical and digital, whether collected or stored electronically or in hardcopy.
  4. If, at any time, an individual provides data or other information about someone other than himself or herself, the individual warrants that they have that person’s consent to provide such information for the purpose specified.
  5. Services are not available to children (persons under the age of 18 years).
  6. There is a Website Privacy Policy available to the general public.

3. THE INFORMATION WE COLLECT

  1. In the course of business it is necessary for us to collect personal data with your consent, where we have a legitimate interest, or pursuant to contract, which we will maintain in accordance with this Privacy Policy.
  2. This information allows us to identify who an individual is for the purposes of our business, share data when required as part of the Services, contact the individual in the ordinary course of business and transact with the individual. Without limitation, the type of information we may collect is:
    • Personal Information. We may collect personal details such as an individual’s name, sex, date of birth, nationality, images and other information that allows us to identify who the individual is;
    • Contact Information. We may collect information such as an individual’s email address, telephone number, third-party usernames, residential, business and postal address and other information that allows us to contact the individual;
    • Employment Information. We may collect information relating to an individual’s employment status, place of work and salary that allows us (or a client) to provide human resources management tools to our users.
    • Financial Information. We may collect financial information related to an individual such as any bank or credit card details used to transact with us and other information that allows us to transact with the individual and/or provide them with our services;
    • Statistical Information. We may collect information about an individual’s online and offline preferences, habits, movements, trends, decisions, associations, memberships, finances, purchases and other information for statistical purposes;
    • Device Information. We collect device-specific information, such as the hardware model, operating system version, advertising identifier, unique application identifiers, and other unique device identifiers, browser type, language, wireless and mobile network information (including IMEI, mobile phone number and IP address); and
    • Geo-location Information. We may collect precise GPS location from mobile devices and WiFi and IP addresses received from your browser or device may be used to determine geolocation.
    • Services integrations. We may collect information when you integrate with a third-party service and the third party may share certain information about your account with us (we do not receive or store your passwords for any of these third-party services).
    • Information an individual sends us. We may collect any personal information that an individual sends us, or that is sent to us by others, including individual’s activities, images, communications and activities with our partners.
  3. We may collect other data about an individual, which we will maintain in accordance with this Privacy Policy.
  4. We may also collect anonymous data such as traffic and transaction statistics, which may be used and shared on an aggregated and anonymous basis.
  5. Most information will be collected in association with an individual’s use of the Sirenum Service, an enquiry about Sirenum or generally dealing with us. However, we may also receive data from other sources such as advertising, an individual’s own promotions, public records, mailing lists, contractors, staff, recruitment agencies and directly from our Clients as part of providing the Services. In particular, information is likely to be collected as follows:
    • Registrations/Users. When an individual register an account, list, account, connection or other process whereby they enter data details or grant access to information in order to receive or access the Platform, transactions or services;
    • Accounts/Memberships. When an individual submits their details to open an account and/or become a member with us;
    • When an individual grants us access to their accounts with our business partners (such as credit reference or fraud prevention agencies);
    • When a Client provides us with information on individual’s for the purpose of providing the Services;
    • Supply/Contact. When an individual supplies us with goods or services, or contacts us in any way;
    • Pixel Tags. Pixel tags enable us to send email messages in a format customers can read and they tell us whether mail has been opened.
  6. Where a third party provides data or other information about any individual, we ensure that third party warrants has obtained necessary consent to provide such information to us for the purpose specified.
  7. We will publish changes to the way that information is collected at the point of collection and within this policy.
  8. As there are many circumstances in which we may collect information both electronically and physically, we will endeavour to ensure that an individual provides express consent when their data is being collected in any other way.

5. HOW DATA IS STORED

  1. The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (EEA) and with third parties. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. Note that wherever possible we will ensure that such parties are subject to a similar regime in their jurisdiction.
  2. You hereby consent to this transfer, storing or processing, including:
    • Amazon Web Services: operated by Amazon Web Services Inc. (a company incorporated in the United States of America) that host on servers that may be located in Australia, The United States of America and/or the United Kingdom; and
    • Google Analytics: who improve our visibility and to monitor website browser behaviour and navigation across the Website.
  3. Any such information shall be processed on terms which are substantially the same as those set out in this Privacy Policy, GDPR and/or subject to the protection of the EU-U.S. Privacy Shield (To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List at https://www.privacyshield.gov/list).
  4. We will retain data for the period necessary to fulfil the purposes outlined in this Privacy Policy for 7 years unless a longer retention period is required or permitted by law.

6. WHEN DATA IS USED

  1. We will not use any data other than for the purpose for which it was collected other than with the individual’s consent, pursuant to contract or where we have a legitimate interest. The purpose of collection is determined by the circumstances in which the information was collected and/or submitted.
  2. In particular, we will share and process data relating to specific individuals in the course of providing the Services to our Client, in a manner compliant with the Act.
  3. 3. Information will also be used to enable us to operate our business, especially as it relates to an individual. This may include, subject to express consent (as required):
    • verifying an individual’s identity;
    • communicating with an individual about:
      1. their relationship with us;
      2. our goods and services;
      3. our own marketing and promotions to customers and prospects;
      4. competitions, surveys and questionnaires;
    • investigating any complaints about or made by an individual, or if we have reason to suspect that an individual is in breach of any of our terms and conditions or that an individual is or has been otherwise engaged in any unlawful activity; and/or
    • as required or permitted by any law (including the Act).
  4. There are some circumstances in which we must disclose an individual’s information:
    1. where we reasonably believe that an individual may be engaged in fraudulent, deceptive or unlawful activity that a governmental authority should be made aware of;
    2. as required by any law (including the Act); and/or
    3. in order to sell our business or part thereof (as we may transfer data to a new owner).
  5. If you publicly post about Sirenum, or communicate directly with us, on a social media website, we may collect and process the data contained in such posts or in your public profile for the purpose of addressing any customers services requests you may have and to monitor and influence the public opinion in respect of Sirenum.

7. WHEN DATA IS DISCLOSED

  1. It may be necessary for us to disclose an individual’s data to third parties in a manner compliant with the Act in the course of our business, such as for processing activities like website hosting.
  2. We will not disclose or sell an individual’s data to unrelated third parties under any circumstances, unless we employ other companies to perform tasks on our behalf and we need to share your information with them to provide products and services to you.
  3. There are some circumstances in which we must disclose an individual’s information:
    • Where we reasonably believe that an individual may be engaged in fraudulent, deceptive or unlawful activity that a governmental authority should be made aware of;
    • As required by any law (including the Act) including court orders; and/or
    • In order to sell our business (as we may transfer data to a new owner).
  4. We will not disclose an individual’s data to any entity outside of the United Kingdom that is in a jurisdiction that does not have a similar regime to the Act or an implemented and enforceable privacy policy similar to this Privacy Policy. We will take reasonable steps to ensure that any disclosure to an entity outside of the United Kingdom will not be made until that entity has agreed in writing with us to safeguard data as we do.
  5. We may partner with or utilise third-party service providers (such as Gmail from Google, Inc) to communicate with an individual and to store contact details about an individual. These service providers may be located outside the United Kingdom, (including the United States of America).
  6. If the Company gets involved in a merger, asset sale, financing, liquidation or bankruptcy, or acquisition of all or some portion of the business to another company, we may share information with that company before and after the transaction closes.

8. THIRD PARTY WEBSITES AND Accounts

  1. We may share an individual’s information with third parties for the processing and storage of certain personal information. For example:
    • all information may be processed and stored with cloud service providers (such as Amazon Web Services); and
    • information related to work experience and qualifications will be processed by background check service providers (such as Onfido);
  2. We recommend that you read the privacy policies of third party service providers so you can understand the manner in which your personal information will be handled by these providers.
  3. In particular, remember that certain service providers may be located in or have facilities that are located a different jurisdiction (including outside the EEA). So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
  4. As an example, if you are located in United Kingdom and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation (including the USA Patriot Act).
  5. The information we may obtain from those services often depends on your settings or their privacy policies. We recommend that you read any third party privacy policies before entering any personal information.

9. COOKIE POLICY

  1. Our Platform may use cookies to distinguish you from other users of our platform. This helps us to provide you with a good experience when you browse our platform and also allows us to improve our Platform. By continuing to browse the site, you are agreeing to our use of cookies.
  2. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your device if you agree. Cookies contain information that is transferred to your device’s hard drive. You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our Platform.
  3. We use the following cookies:
    • Strictly necessary cookies.These are cookies that are required for the operation of the Platform. They include, for example, cookies that enable you to log into secure areas of the Platform.
    • Analytical/performance cookies.They allow us to recognise and count the number of visitors, track views of content and to see how users move around the Platform when they are using it. This helps us to improve the way the Platform works, for example, by ensuring that users are finding what they are looking for easily.
    • Functionality cookies.These are used to recognise you when you return to the Platform or when you have logged into the Platform already. This enables us to personalise our content for you, greet you by name and remember your preferences.
    • Tracking cookies. These enable us to track use of content from the Platform (on third party services, such as posts on social media networks), in accordance with your third party settings.
    • Targeting cookies.These cookies record your visit to the Platform, the pages you have visited and the links you have followed. We will use this information to make the Platform more relevant to your interests. We may also share this information with third parties for this purpose.
  4. Please note that third parties (including, for example, advertising networks and providers of external services like user traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical, performance or targeting cookies.
  5. If you are unclear about the types of functions of cookies we use, please contact us for more information.

10. CONSENT TO COLLECTION OF DATA

  1. An individual may opt to not have us collect their data and communicate with them, by not providing consent or withdrawing that consent. This may prevent us from offering them some or all of our services and may terminate their access to some or all of the services they access with or through us. They will be aware of this when:
    • Opt In. Where relevant, the individual will have the right to consent to having information collected and/or receive information from us; or
    • Opt Out. Where relevant, the individual will have the right to choose to exclude himself or herself from some or all collection of information and/or receiving information from us. An individual may revoke their consent at any time, and the decision to opt out will be made through the same media which allowed the individual to opt in (and additional media).
  2. We may send an individual important notices, such as changes to our terms, conditions and policies. Because this information is important to the individual’s interaction with us, they may not opt out of receiving these communications.
  3. If an individual believes that they have received information from us that they did not opt in or out to receive, they should contact us on the details below.

11. THE SAFETY AND SECURITY OF DATA

  1. We will take all reasonable precautions to protect an individual’s data from unauthorised access. This includes appropriately securing our physical facilities and electronic networks.
  2. The security of online transactions and the security of communications sent by electronic means or by post cannot be guaranteed. Each individual that provides information to us via the internet or by post does so at their own risk. We cannot accept responsibility for misuse or loss of, or unauthorised access to, data where the security of information is not within our control.
  3. We are not responsible for the privacy or security practices of any third party (including third parties that we are permitted to disclose an individual’s data to in accordance with this policy or any applicable laws). The collection and use of an individual’s information by such third parties may be subject to separate privacy and security policies.
  4. If an individual suspects any misuse or loss of, or unauthorised access to, their data, they should let us know immediately.
  5. We are not liable for any loss, damage or claim arising out of another person’s use of the data where we were authorised to provide that person with the data.

12. HOW TO ACCESS AND/OR UPDATE INFORMATION

  1. The Act gives you the right to request from us the data that we have about you.
  2. If an individual cannot update his or her own information, we will correct any errors in the data we hold about an individual within 7 days of receiving written notice from them about those errors.
  3. It is an individual’s responsibility to provide us with accurate and truthful data. We cannot be liable for any information that is provided to us that is incorrect.
  4. We may charge an individual a reasonable fee for our costs incurred in meeting any of their requests to disclose the data we hold about them if such a request is manifestly unfounded or excessive. We reserve the right to clarify the specific information your request relates to.
  5. Information will be provided within one month of receipt of the request.

13. COMPLAINTS AND DISPUTES

  1. You have the right to object to processing not based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); and direct marketing, unless we hold legitimate grounds for processing or the processing is for the establishment, exercise or defence of legal claims.
  2. You have the right to lodge a complaint with a supervisory authority if you consider that the processing of your data infringes the General Data Protection Regulation.
  3. If an individual has a complaint about our handling of their data, they should address their complaint in writing to the details below.
  4. If we have a dispute regarding an individual’s data, we both must first attempt to resolve the issue directly between us.
  5. If we become aware of any unauthorised access to an individual’s data which is likely to result in a high risk for the rights and freedoms of the data subjects we will inform the individual without undue delay after becoming aware of it, once we have established what was accessed and how it was accessed.

14. ADDITIONS TO THIS POLICY

  1. We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the Platform. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.
  2. If we decide to change this Privacy Policy, we will post the changes on our Platform at www.sirenum.com/privacy-policy. It is your responsibility to refer back to this Privacy Policy to review any amendments. We may do things in addition to what is stated in this Privacy Policy to comply with the Act and nothing in this Privacy Policy shall deem us to have not complied with the Act.

15. CONTACTING US

  1. All correspondence with regards to privacy should be addressed to: The Data Protection Officer
    Sirenum Limited
    enquiries@sirenum.com
    You may contact us by email in the first instance.