This page is to provide information on how we collect user data and how we make use of user data.
1. How do we collect your personal data?
We can collect your data directly (e.g. when you give it to us), indirectly (e.g. when someone else gives it to us, like your employer or relative) or through automated technologies (e.g. cookies).
2. What personal data do we collect?
Sureremit collects information when you use our Applications. We only collect as much information as we need for specific and identified purposes. Every customer has to register an account with Sureremit before using the platform (app or web). In doing so, the Customer will provide data that will have them “identified” or “identifiable”.
Data collected may include:
- Identity Data (e.g. your name);
- Contact Data, (e.g. your email and phone number);
- Professional Data (e.g. your role in a company, if you are representing a legal person);
- Technical Data, (e.g. your IP);
- Usage Data, (e.g. how you use our services);
- Any other personal data provided by you in the course of your engagement with Sureremit.
At no point will we store payment card details as this is passed through payment gateways.
3. Why do we process your personal data?
3.1. In the instances where you gave us access to identifiable data, we may use it for the following purposes:
|Purpose/Activity||Type of data||Lawful basis for processing including basis of legitimate interest|
|To provide the services and manage the client relationship.|| (a) Identity data|
(b) Contact data
(c) Professional data
| (a) Performance of a contract with you;|
(b) Necessary to comply with a legal obligation;
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services).
|To administer website|| (a) Identity|
| (a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise);|
(b) Necessary to comply with a legal obligation.
|For advertisement, data analytics and to provide recommendations|| (a) Identity data|
(b) Contact data
(c) Professional data
(d) Technical data
(e) Usage data
(f) Marketing and Communications Data
|Necessary for our legitimate interests (to study how users use our services and website, to develop them, to grow our business, and to inform our marketing strategy). This data is not shared/sold to third parties for any purpose whatsoever.|
3.2. We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for or as established by regulatory or legal requirements. We will only retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation with respect to our relationship with you.
4. When do we share your information?
Sureremit does not disclose your personal data to third parties, except as described in this policy.
We might share your data with third parties when needed to perform support services (e.g., we need to communicate your phone number in order for it to be refilled) or somehow facilitate the provision of Sureremit’s services.
We may also disclose your personal data under your instructions, to perform the contract entered into by us with you, to protect ours and your rights and interests and those of our business partners or pursuant to your express consent.
Sureremit will not sell data to third-parties for profit.
4.2. Specifically: Cooperation with law enforcement
Your personal data will only be disclosed to law enforcement authorities, or other government bodies, to the extent required by laws and regulations.
Sureremit will not ordinarily share Customer personal data unless required to do so by an appropriate legal instrument (e.g. a subpoena, a warrant or the legal equivalent in the issuing country). Exceptional circumstances (such as a very urgent request that may save a human life, or avoid great harm) may determine a different reaction from our side, but only to the extent permitted by law.
5. How do we protect your personal data?
We are committed to protecting the privacy and confidentiality of your personal data. Access to your data is limited only to authorized Sureremit officers, employees, contractors or others who may require access to it in order to perform the services requested by you.
6. How can you exercise your data subject rights?
Under certain circumstances, you have the following rights under the data protection laws in relation to your personal data:
- Right to access, correct or erase your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it, correct any inaccuracies or request (to the extent permitted by law) the deletion of your data.
- Object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
- If you want us to establish the data’s accuracy.
- Where our use of the data is unlawful but you do not want us to erase it.
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
- You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Withdraw consent at any time where we are relying on consent to process your personal data.
- Request the transfer of your personal data to you or to a third party.
If you wish to exercise any of the rights set out above, please contact us in writing to email@example.com. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is unreasonable, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We try to respond to all legitimate requests within one to two months. Occasionally it could take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.