Platform
Solutions
Resources
PricingCompany
Talk to an expert
Platform
Unified Data Portal
Marketplace
Solutions
Global Business Onboarding
Customer Due Diligence
Credit Risk Assessment
Episodic Monitoring
Resources
Blog
Developers
Pricing
Company
API Documentation
Talk to an expert
SUPPORT@SIKOIA.COM

Privacy policy

About this document

This document is Sikoia’s privacy notice. It explains why Sikoia processes personal data, what is done with it, whether it is shared with other parties, and how long it is kept. It also explains your rights and how to exercise them in accordance with the UK Data Protection Act 2018, UK GDPR and where applicable the EU GDPR (“Data Protection Laws”).

To all visitors on our Website

Where you enter our Website we collect and store the following information: IP address, Clicked links and Content viewed. We may also collect the following data when you perform certain functions on our Website such as your first and last name and email address when you initiate contact with us for example by filling in our “Contact Us” form.

Depending on the circumstances, our lawful basis for collecting the data is for our legitimate interests to give you a better experience on our website and to carry out your requests where you contact us. In some instances, such as where we use “non-essential” cookies we will obtain your consent to process personal data. For further information on the use of cookies please see our Cookies Notice later in this document.

Children

We do not knowingly collect or use personal data from children under 16 years of age. If we learn that we have collected personal data from a child under 16 years of age, the personal data will be deleted as soon as possible. If a child under 16 years of age has provided us with personal data their parent or guardian may contact our data protection officer.

Key definitions in this notice

Who we are

When we refer to Sikoia in this privacy notice, we mean Sikoia Ltd. Sikoia is a privately held company, headquartered and operating out of London, UK and registered with the Information Commissioner’s Office (“ICO”) in the UK. Where we determined the purpose and means of processing personal data we act as a controller and where we act upon the instructions of our Client, we are a processor.

Client

‘Client’ means a company which has asked us to process your information on their behalf. Sikoia has a contractual arrangement with the client to do this. The client is the controller.

You

‘You’ means the end user. You will typically be a customer of Sikoia’s client or be considering becoming a customer. Alternatively you may be a supplier, customer or employee of Sikoia or be considering becoming so. In both cases, you are the Data Subject.

Lawful basis for processing your information

Under Data Protection Laws, the lawful bases we rely on for processing your information include:

Necessary for the performance of a contract

  • This basis applies when you have a contract with our client or are taking an initial step towards establishing a contract.

Legitimate interest

  • This basis applies where we analyse your information for purposes such as reducing fraud, improving credit risk and making responsible lending decisions.
  • This basis may also apply where our client has a legitimate interest basis for processing your information in a particular way, and we carry out that processing on their behalf.

Consent

  • This basis may additionally apply when you have freely given consent for your information to be processed by us for a particular purpose.

The type of personal information we have may include.

  1. Name, address, email, phone number and date of birth
  2. Details disclosed by you in a credit application
  3. Details of any shared credit with other parties
  4. Financial situation and history
  5. Employment situation and history
  6. Fraud prevention information
  7. Public information sources such as the Electoral Register, Companies House, published media and social networks

How we process your information

We act as a processor and will process your information in accordance with the controller’s instructions.

How we get your personal information

Your personal information can be added to our platform from a number of sources including:

  1. You, while you interact with Sikoia, a client, or a third-party system.
  2. A client, when that client sends data about you to Sikoia for processing.
  3. Other organisations (for example credit reference agencies, company registry offices, and social media), when gathered on behalf of our clients whilst using our products and services.

We may use your personal information:

  1. To provide products and services to our clients.
  2. To engage with you as a supplier, customer or employee, where appropriate.
  3. To ensure that we comply with laws or regulations.
  4. For other purposes including improving our services and exercising our rights in relation to agreements and contracts and identifying products and services that may be of interest.
  5. When we use your information like this, we will ensure it is covered by one of the lawful bases for processing personal data.

We do not sell your personal information to third parties.

Who we share your personal information with

We may share personal data in the following instance:

Employees

  • We may disclose user data to any member of our organisation who reasonably needs access to user data to achieve the purposes set out in this Privacy Notice.

Other Disclosures.

  • We will not sell or share your data with other third parties, except in the following cases: If the law requires it, if it is required for any legal proceeding, to prove or protect our legal rights and to buyers or potential buyers of this company in the event that we seek to sell the company.

If you follow hyperlinks from our Website to another Website, please note that we are not responsible for and have no control over their privacy policies and practices.

Your personal information will be shared within Sikoia and with other companies that provide services to you or us including:

  1. Clients we cooperate with, based on a contractual arrangement, who ask us to process your information on their behalf.
  2. Outside companies whose services we use to run our business including agents, suppliers, sub-contractors and advisers. Some examples of such companies include:
  3. Computing Services - Microsoft Azure
  4. OpenBanking - Nordigen, TrueLayer, Yapily.
  5. Credit Reference Agencies - TransUnion, Equifax, Experian.
  6. Identity Verification - Veriff, Au10tix.

What rights you have over your personal information

The law gives you a number of rights in relation to your personal information including:

  1. The right to access the personal information we have about you.
  2. The right to get us to correct personal information that is wrong or incomplete.
  3. In certain circumstances, the right to ask us to stop using or delete your personal information.
  4. Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.
  5. Your right to object to processing - You have the right to ask us to object to the processing of your information in certain circumstances.
  6. Your right to data portability - You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

To exercise these rights, please refer to the “How you can contact us” section below for information on how to reach us.

How we use credit reference agencies and fraud databases

In order to process your application, our clients may use our platform to supply your personal information to credit reference agencies (CRAs) and fraud databases and ask them to provide information about you, such as about your financial history.

They do this this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity.

The data exchanged may include:

  1. Name, address and date of birth
  2. Credit application
  3. Details of any shared credit
  4. Financial situation and history
  5. Fraud prevention information
  6. Public information sources such as the Electoral Register, Companies House, published media and social networks.

Our clients may use this data to:

  1. Assess whether you or your business is able to afford to make repayments
  2. Make sure what you’ve told them is true and correct
  3. Help detect and prevent financial crime
  4. Manage your accounts with them
  5. Trace and recover debts
  6. Make sure any offers are relevant for you

When a CRA is asked about you or your business, they will note it on your credit file. This is called a credit search.

You can find out more about the CRAs on their websites, in the Credit Reference Agency Information Notice (CRAIN). You can also contact them to ask them to update your information if you believe that the data they hold about you is incorrect.

Here are links to the information notice for each of the three main UK Credit Reference Agencies:

  1. TransUnion - https://www.transunion.co.uk/legal/privacy-centre?#pc-credit-reference
  2. Equifax - https://www.equifax.co.uk/crain
  3. Experian - https://www.experian.co.uk/legal/crain

Automated Decision Making

Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We are allowed to use automated decision-making in the following circumstances:

Where Sikoia is Data Processor:

  1. Where it is necessary to perform the contract with a Sikoia Client and appropriate measures are in place to safeguard your rights at both the Client (acting as Data Controller) and Sikoia (acting as Data Processor). Any requests for reconsideration should be directed to the Client.

Where Sikoai is Data Controller:

  1. Where we have notified you of the decision and given you 21 days to request a reconsideration.
  1. Where it is necessary to perform the contract with you and appropriate measures are in place to safeguard your rights.
  1. In limited circumstances, with your explicit written consent and where appropriate measures are in place to safeguard your rights.

If we make an automated decision on the basis of any particularly sensitive personal information, we must have either your explicit written consent or it must be justified in the public interest, and we must also put in place appropriate measures to safeguard your rights.

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.

International transfers

When we process your personal data, send it to a client, or send it to a third-party for processing, this may involve transferring your data outside the UK.

Whenever we transfer your personal data out of the UK, we ensure an equivalent level of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  1. We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data.
  2. Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.

How we keep your data secure

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

How long we store your personal data

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.

We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

By law we have to keep basic information about our clients (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.

In some circumstances you can ask us to delete your data: see section “What rights you have over your personal information” for further information .

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

How you can contact us

If you have any questions, concerns or complaints, you can contact our Data Protection Officer, Stephen Simmons, by email to stephen@sikoia.com or mail to Sikoia Ltd, 71-75 Shelton Street, London, WC2H 9JQ, United Kingdom.

Complaints will be handled within one month. If you are unsatisfied with the outcome of your complaint about how we have handled your data you can complain to the UK Information Commissioner’s Office (“ICO”).

Cookies notice

A cookie is a small file, stored on a user’s hard drive by a website. Its purpose is to collect data relating to the user’s browsing habits. You can choose to be notified each time a cookie is transmitted. You can also choose to disable cookies entirely in your internet browser or by using the cookies consent mechanism but this may decrease the quality of your user experience.

We use the following types of cookies on our Site:

  1. Analytical cookies
  2. Analytical cookies allow us to improve the design and functionality of our Site by collecting data on how you access our Site, for example data on the content you access, how long you stay on our Site, etc; and
  3. Third-Party Cookies
  4. Third-party cookies are created by a website other than ours. We may use third-party cookies to achieve the following purposes:
  5. Monitor user preferences in order to improve website usage.

© Sikoia Ltd. All rights reserved.
Privacy policy
Terms & conditions
Cookies policy
Cookie settings