This document is Sikoia’s privacy notice. It explains why Sikoia processes personal data, what is done with it, whether it is shared with other parties, and how long it is kept. It also explains your rights and how to exercise them in accordance with the UK Data Protection Act 2018, UK GDPR and where applicable the EU GDPR (“Data Protection Laws”).
Where you enter our Website we collect and store the following information: IP address, Clicked links and Content viewed. We may also collect the following data when you perform certain functions on our Website such as your first and last name and email address when you initiate contact with us for example by filling in our “Contact Us” form.
We do not knowingly collect or use personal data from children under 16 years of age. If we learn that we have collected personal data from a child under 16 years of age, the personal data will be deleted as soon as possible. If a child under 16 years of age has provided us with personal data their parent or guardian may contact our data protection officer.
When we refer to Sikoia in this privacy notice, we mean Sikoia Ltd. Sikoia is a privately held company, headquartered and operating out of London, UK and registered with the Information Commissioner’s Office (“ICO”) in the UK. Where we determined the purpose and means of processing personal data we act as a controller and where we act upon the instructions of our Client, we are a processor.
‘Client’ means a company which has asked us to process your information on their behalf. Sikoia has a contractual arrangement with the client to do this. The client is the controller.
‘You’ means the end user. You will typically be a customer of Sikoia’s client or be considering becoming a customer. Alternatively you may be a supplier, customer or employee of Sikoia or be considering becoming so. In both cases, you are the Data Subject.
Under Data Protection Laws, the lawful bases we rely on for processing your information include:
Necessary for the performance of a contract
The type of personal information we have may include.
We act as a processor and will process your information in accordance with the controller’s instructions.
Your personal information can be added to our platform from a number of sources including:
We may use your personal information:
We do not sell your personal information to third parties.
We may share personal data in the following instance:
If you follow hyperlinks from our Website to another Website, please note that we are not responsible for and have no control over their privacy policies and practices.
Your personal information will be shared within Sikoia and with other companies that provide services to you or us including:
The law gives you a number of rights in relation to your personal information including:
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
To exercise these rights, please refer to the “How you can contact us” section below for information on how to reach us.
In order to process your application, our clients may use our platform to supply your personal information to credit reference agencies (CRAs) and fraud databases and ask them to provide information about you, such as about your financial history.
They do this this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity.
The data exchanged may include:
Our clients may use this data to:
When a CRA is asked about you or your business, they will note it on your credit file. This is called a credit search.
You can find out more about the CRAs on their websites, in the Credit Reference Agency Information Notice (CRAIN). You can also contact them to ask them to update your information if you believe that the data they hold about you is incorrect.
Here are links to the information notice for each of the three main UK Credit Reference Agencies:
Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We are allowed to use automated decision-making in the following circumstances:
Where Sikoia is Data Processor:
Where Sikoai is Data Controller:
If we make an automated decision on the basis of any particularly sensitive personal information, we must have either your explicit written consent or it must be justified in the public interest, and we must also put in place appropriate measures to safeguard your rights.
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.
When we process your personal data, send it to a client, or send it to a third-party for processing, this may involve transferring your data outside the UK.
Whenever we transfer your personal data out of the UK, we ensure an equivalent level of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.
We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
By law we have to keep basic information about our clients (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.
In some circumstances you can ask us to delete your data: see section “What rights you have over your personal information” for further information .
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
If you have any questions, concerns or complaints, you can contact our Data Protection Officer, Stephen Simmons, by email to firstname.lastname@example.org or mail to Sikoia Ltd, 71-75 Shelton Street, London, WC2H 9JQ, United Kingdom.
Complaints will be handled within one month. If you are unsatisfied with the outcome of your complaint about how we have handled your data you can complain to the UK Information Commissioner’s Office (“ICO”).
A cookie is a small file, stored on a user’s hard drive by a website. Its purpose is to collect data relating to the user’s browsing habits. You can choose to be notified each time a cookie is transmitted. You can also choose to disable cookies entirely in your internet browser or by using the cookies consent mechanism but this may decrease the quality of your user experience.
We use the following types of cookies on our Site: