Collection and use of your Personal Data
1.1 This policy regulates the way in which Sitra Holdings (International) Limited (“Sitra”) and its subsidiaries (collectively the “Company”). obtains, uses, holds, transfers and otherwise processes your personal data. It is also intended to ensure that personnel understand the rules on the protection of personal data and the individual’s rights in relation to their personal data processed by the Company.
1.2 The Company processes personal data about individuals such as its personnel (past and present), job applicants, client contacts, supplier contacts, website users, and shareholders. The Company processes such personal data for a number of business purposes, including:
- Provide services, customer support and responding to the User’s requests;
- To enable Sitra’s subcontractors, third-party agents and service providers, to fulfil obligations/services as stipulated in your contract with Sitra;
- Contacting you for feedback after a sale of a product or service;
- Send the user’s service updates, promotional offers and communicating with the user;
- Resolving any problems or disputes you may encounter in relation to our products and services;
- Marketing, publicity and business development purposes;
- Complying with legal and regulatory obligations and requirements;
- Enforcing obligations owed to the Sitra Group;
- Accounting, risk management, compliance and record keeping purposes;
- Government and other regulatory reporting;
- Recruitment, including evaluation of an individual for suitability of employment;
- Employee management and administration (including payroll and leave);
- For security and access controls, safety surveillance and monitoring purposes;
- Staff training.
1.3 The Company generally collect Personal Data in the following ways:
- When you submit any form, including but not limited to application and registration forms or other forms relating to any of our products or services;
- When you interact with our staff, including customer service officers, via telephone calls, letters, face-to-face meetings,emails, social media and online chat programmes (i.e. WhatsApp, Skype, etc.);
- When you request that we contact you or request that you be included in an email or other mailing list;
- When you submit an employment application or when you provide documents or information including your resume and/or CVs in connection with any appointment as an officer, director representative or any other position;
- When you are contacted by, and respond to, our marketing representatives and customer services officers;
- When we seek information about you and receive your Personal Data in connection with your relationship with us, including for our products and services or job applications.
- When you submit your Personal Data to us for any other reasons.
1.4 The Company may collect the following kinds of Personal Data through the different channels mentioned above:
- your contact information, including your name, address, birthdate and email address and telephone number. We need your e-mail address and telephone number so that we may contact you if we have questions or information for your regarding your order or the service that we are providing or will provide to you.
- other information such as information concerning the products you have ordered or the service we are providing to you, the billing and/or delivery address, banking and/or credit card details
1.5 By your submission of your Personal Data to us, you consent to the onward disclosure of your Personal Data to these agents or service providers and the processing of your Personal data by these agents or service providers.
1.6 Please note that if you do not consent to any of the above business purposes, it may affect the Company’s ability to continue an employer /employee relationship with you.
2. The Company's duties
To protect personal data, the Company will observe the following guidelines:
2.1 The Company will process personal data fairly and lawfully. In particular, the Company will not process personal data unless one of the following conditions is met:
(i) the individual concerned has consented to such processing;
(ii) the Company needs to carry out such processing (1) to perform, or take steps with view to enter into, a contract with the individual concerned, (2) to comply with legal obligation of the Company or (3) to protect the vital interests of the individual concerned in a `life or death' situation; or
(iii) the Company needs to carry out such processing to pursue the Company's legitimate interests, and those interests are not overridden because the processing prejudices the interests or fundamental rights and freedoms of the individual concerned.
2.2 When an individual gives the Company his/her personal data, the Company will observe compliance with the Personal Data Protection Act 2012 (the “PDPA”).
The Company will make sure that information to individuals is also provided in all instances where existing personal data are going to be used in a new way, or for different purposes.
2.3 The Company will not collect Personal Data unless: i) you consent to such collection, or ii) the Company needs to do so to meet its obligations or exercise its rights under employment law, or iii) in exceptional circumstances such as where the processing is necessary to protect the vital interests of the individual concerned, or (iv) in circumstances permitted by the PDPA.
The Company may in exceptional circumstances, rely on consent given on behalf of the individual, for example, by a company employee on behalf of a family member.
2.4 The Company shall:
(i) not collect excessive personal data
(ii) the personal data collected are adequate and relevant for the intended purposes, accurate and up to date;
(iii) it processes personal data only for the purposes specified in this policy or in information provided to the individual concerned; and
(iv) one of the conditions in section 2.1 is met if it processes personal data for new or different purposes.
2.5 The Company will maintain retention policies and procedures, so that personal data are deleted after a reasonable time, given the purposes for which the personal data are held, except where, given those purposes, another law requires the data to be kept for a certain time. When the Company no longer needs to keep personal data for the purposes for which they are held it will destroy them as soon as practicable.
2.6 The Company will maintain organizational, physical and technical security arrangements in relation to all of the personal data it holds.
2.7 The Company will not transfer personal data to entities outside the Company in other countries for further processing unless such entities agree to abide by a data privacy standard at least as high as this policy, or enter into a contractual arrangement. The only exceptions are where:
(i) the transfer is necessary to 1) protect the vital interests of the individual concerned in a `life or death' situation, or 2) enter into or perform a contract with (or for the benefit of) that individual; or
(ii) the individual has consented to the transfer.
2.8 The Company has procedures to deal with any suspected breach of data security arrangements, unauthorized access or disclosure, or loss of personal data.
3. An individual's rights
3.1 Right of access
(a) On written request by an individual, and where the Company has or is given sufficient information to identify the individual making the request and decides whether the Company holds personal data about him or her, the Company will:
(i) Inform that individual whether the Company holds personal data about him or her;
(ii) Describe the personal data that it holds, the reason for holding the data and the categories of person to whom it may disclose the data; and
(iii) Provide the individual with copies of the personal data held about him or her, together with an indication of the source(s) of the data, if known.
(b) The Company will provide this information and these copies within a reasonable period after the individual's request, or within any specific period that may be required by local law in any country.
(c) The Company may, however, refuse to provide an individual with information where disclosure of that information would reveal information about another individual (in which case the Company will provide as much of the information as possible without revealing information about the other individual), unless the other individual agrees that the Company may release the information or the Company decides that it is reasonable to provide the information without the other individual's agreement.
3.2 Right of correction
An individual may request that the Company correct the personal data it holds about him/her. If the Company agrees that the data are incorrect, it will delete or correct the data. If it does not agree that the data are incorrect, it will, nevertheless, record in the relevant file(s) the fact that the individual considers the data to be incorrect.
4. Company compliance with this Policy
(a) The Company will maintain external and internal arrangements to:
(i) facilitate compliance with this policy;
(ii) allow effective exercise of individuals' rights guaranteed in the policy; and
(iii) consider and respond to complaints from individuals that the Company may not have complied with this policy.
(b) This Policy may be routinely updated. If the individual’s questions are not answered online, the individual may email to firstname.lastname@example.org