Privacy Policy

This Privacy Policy was last updated on May 9, 2023

This privacy policy (“Privacy Policy”) constitutes a legally binding agreement made between you, (“you” or “your”) and Siren Associates, c/o Turley Legal Enterprise Causeway, 17 Sandel Village, Knocklynn Road, Coleraine, United Kingdom, BT52 1WW (“Siren”, “we”, “our” or “us”) regarding your access to and use of our website (the “Website”).

We place great importance on the privacy and security of your personal data and will therefore ensure that it is handled properly and protected in accordance with the applicable laws and regulations among which the United Kingdom General Data Protection Regulation (the “UK-GDPR”) and the Data Protection Act 2018 (as amended in 2021 to be read in conjunction with the new UK-GDPR) as well as data protection and privacy principles enshrined in applicable international best practices (such as Convention 108+ and the European General Data Protection Regulation (the “EU-GDPR”)) (hereinafter collectively referred to as the “Law”).

By asking you to carefully read and agree to this Privacy Policy, we want to ensure that your use of the Website is safe and that any Personal Data you might share with us or that we might collect throughout your visitor and/or user journey, is processed in a transparent, lawful, fair and secure manner.

Therefore, we, as Data Controller, will process Personal Data according to the following principles:

  1. Lawfulnessfairnessand transparency: we will obey the Law, only process Personal Data in a way that users and/or visitors would reasonably expect, and always be open about our data protection practices.
  2. Purpose limitation: we will only process Personal Data for the specific reason it was collected and nothing else.
  3. Storage limitation: we will not store Personal Data for longer than two years, subject to:
    • the requirements of the delivery of any consultancy services and other works;
    • any time required by relevant trade and tax legislation;
    • in individual cases, the requirements of any internal or externally conducted investigations into incidents or offences
  4. Data minimisation: In each case, we will not process any more Personal Data than we need to achieve the specific purpose(s) for which we process such Personal Data.
  5. Accuracy: we will make sure that any Personal Data held is adequate and accurate.
  6. Integrity and confidentiality: we will always process Personal Data securely.

Please note that this Privacy Policy is only applicable to the use of direct services of the Website and does not extend to any other website, application or digital service that you may access through our Website (if any), each of which may have their own privacy policies that differ from this one. This Privacy Policy relates solely to the online information processing practices of the Website.

We recognize that you may be concerned about the information you provide us with, and how we manage it. This Privacy Policy has been established to address those concerns as it tackles the following matters:

    • How, when, and what type of personal data we process when you visit and/or use the Website;
    • For what purpose and on what legal basis we process your Personal Data;
    • For how long we store your Personal Data;
    • What are the measures we have put in place to ensure a high level of security;
    • In what circumstances and with whom we share your personal data;
    • Your rights related to your personal data;
    • Data controller(s) and representative(s).

Please read this Privacy Policy carefully so that you can understand what our policy and procedures are regarding the processing of your Personal Data.

By agreeing to this Privacy Policy, you agree to the processing (i.e. without limitations: collection, use and/or disclosure) of your Personal Data in accordance with the terms set out in this Privacy Policy.

Definitions

The words of which the initial letter is capitalized have meanings defined hereunder. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

    • Cookies” are small files that are placed on your Device (as defined below) by the Website, containing the details of your browsing history on that Website among its many uses.
    • Data Controller” means the entity that, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
    • Device” means any device that is used to access the Website.
    • Personal Data” means any information relating to an identified or identifiable natural person (as detailed under the section below); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
    • Usage Data” is usage related information such as the time spent by a user on the Website, the pages visited, the date and time of visits (see below for more details).

What types of personal data do we process?

We process your Personal Data when you visit and/or use our Website in any way, such as, to contact, engage and/or register with us, subscribe to our mailing list, submit a feedback or complaint.

The types of Personal Data we process, include (without limitations):

  • Identification information, credentials, and human resources data such as your: full name, gender, date and place of birth, address, country, city, postcode, e-mail address, mobile or other contact number, language skills, professional details (e.g., job title, skill set, areas of expertise, work experience, work affiliation, etc.), educational details (e.g., education certificates, university degree(s), etc.), experience details (e.g., work certificate/proof, years of professional experience, etc.), curriculum vitae, interests, complaints, feedbacks .

  • Usage Data among which: your IP address (including the domain name associated with the IP address, i.e. using reverse look-up), the date and time of your visit of the Website, the pages you visited on the Website, the browser being used, the country from which you are accessing the Website (only the ending is saved, e.g. “de”, since this indicates the relevant country), the language of the browser being used, the website from which you are accessing our Website (if applicable), the search word used on a search engine to access the Website (if the Website is accessed via a search engine), the type of connection you are using, your Device operating system and version, your Device type and name, your Device unique identifiers and other diagnostic data, your telecommunication service provider.

  • Any other personal data (i) you provide to us by using or visiting the Website and for the purposes indicated thereafter and/or (ii) generated by technology tools related to the Website (such as cookies), or by us while providing our services through the Website.

This Privacy Policy does not cover data through which the identification of a natural person is not possible, and which can be made available to the public.

When do we process your Personal Data?

We process your Personal Data :

    • When you visit and use the Website;
    • When you provide your Personal Data to us (e.g; when you apply for a position on the Career page of the Website or when you contact us on the Contact page or when you sign-up to our Mailing List or when you submit a feedback or complaint on the Microsoft Forms page) or interact with us in any other way;
    • When your personal data is generated by technology tools linked toour Website and the services related thereto;
    • When we need the data in the course and/or for the purposes of providing our services;
    • From other sources (public sources, data communicated by other clients etc.)

Why do we collect your Personal Data?

  1. For what purpose do we process your Personal Data? We process your Personal Data in different manners for the purposes of:
    • Providing and improving our services (e.g. delivering consultancy services);
    • Managing and processing contracts;
    • Processing invoices and payments;
    • Providing and improving our Website services and functionalities including monitoring its use.
    • Recruitment;
    • Promoting and marketing our services;
    • discharging our duty of care to full-time and part-time staff and to contractors, so as to protect their vital interests;
    • Controlling access to business-related data systems;
    • Fulfilling and executing legal, regulatory, compliance and risks obligations;

    Website use

    You might be invited to share your Personal Data on the Website. This is the case, for instance, on the Career and/or Contact and/or Submit your feedback or a complaint and/or Mailing List sign-up pages.

    The Personal Data you share on each page (or under each section, as the case may be) are used by us according to each page and/or section (as applicable) purpose(s), as provided for on the Website under each page and/or section.

    For Example :

    • if you send an inquiry to us through the electronic contact option, we will use the Personal Data you provided to respond. Any Personal Data received in this way will not be used for any other purpose without your prior consent and knowledge and will not be disclosed.
    • we welcome inquiries from people who wish to work in connection with our projects and we are pleased to receive both solicited and unsolicited inquiries and CVs. When Personal Data is submitted in this connection, we will process it in accordance with the Law (personal data will (i) be treated confidentially; (ii) only be used for recruitment purposes; and (iii) not be disclosed, otherwise than to the data processors involved in our recruitment procedures).

    We rely on individuals’ express consent and our legitimate interest as the lawful basis for doing this.

    In general, when you visit the Website, you do not need to provide Personal Data. We do however collect ‘aggregate data’ – that is, group data with no personal identifiers. This is processed to help understand how the Website is being used and to improve its usability.

    The Website uses cookies – To learn more about the cookies used on the Website please see our

    Cookie policy
    .

    We rely on our legitimate interest as the lawful basis for doing this.

    Publicity and marketing

    We may use on our Website or in our emails, technology tools that record data on your behavior when you access the Website or click on links in our emails (e.g. of data collected: date and time of access to Website, time spent on Website etc.). We may use this data to propose marketing that is likely to be of interest to you based on your behavior.

    If you don’t wish to receive marketing communications from us anymore, you may unsubscribe at any time by  using the unsubscribe link included at the bottom of any marketing email or filling out the contact us form on our website.

    We rely on your consent and our legitimate interest as lawful basis for doing this.

    Events

    You might express your will to attend events organized by us or our partners. In this regard, we may collect and process your Personal Data (such as your dietary preferences, access requirements, areas of interest etc.) to cater for your needs and to meet other legal or regulatory obligations. We may share this Personal Data with other service providers and/or partners involved in hosting and/or organizing the event (e.g. IT service provider, security at entry etc.).

    We rely on your consent, the performance of contracts and legitimate interest, as lawful basis for doing this.

  2. On what basis do we process your Personal Data?

    We rely on the following basis to process your Personal Data:

    Express consent: we rely on your consent when you complete any form by filling in your Personal Data as indicated (e.g., when you apply for a position on the Career page of the Website or when you contact us on the Contact page or when you submit a feedback or complaint etc.)

    Legitimate interest (legitimate business purposes): we also often base the processing of your Personal Data on our legitimate interest in enhancing the effectiveness of our services, whenever such processing is necessary and proportionate to that interest. For example, the processing of Usage Data to improve the services provided by our Website and make sure these services are helping achieve the purpose of providing our services.

    Performance of a contract: we might base the processing of your Personal Data on the performance of a contract to which you are a party (e.g., when you subscribe to our Mailing List).

    Compliance with regulatory and legal obligations: we may rely on this lawful basis if the processing of your Personal Data is necessary to comply with the Law or statutory obligation. If we can reasonably comply without processing your Personal Data, we will not rely on this basis as it doesn’t apply anyway.

    Vital Interests: we may rely on this lawful basis if the processing of your Personal Data is necessary to protect someone’s life.

    Please note that we will only use your Personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another related reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will seek your consent to use it for that new purpose.

For how long do we store your Personal Data?

The principle of “storage limitation” requires that we do not retain Personal Data any longer than is necessary to fulfil any legal or contractual requirements in connection with our core business.

The periods of retention of Personal Data are based on the purposes for which the data is processed, considering legal and regulatory obligations and requirements (among which, to retain the data for a minimum period to take legal action etc.).

The periods of retention of Personal Data received through the Website and held by us can be determined indicatively as follows:

 

Website – Cookies

The Website uses Google Analytics and Google Site. The default retention period for retention of any personal data is set to automatically delete it after twelve months. The Website also gives visitors the option to disable Cookies and shows what information is being collected.

We rely on ‘legitimate interest’ as the lawful basis for doing this.

Website – inquiries

When you send us an inquiry through the electronic contact option, we will use the Personal Data you provided to respond. Any Personal Data received in this way will not be used for any other purpose without your prior consent and knowledge and will not be disclosed. Personal data recorded on the Website which relates to inquires will be stored for a period of twelve months and then deleted automatically.

We rely on ‘legitimate interest’, as the lawful basis for doing this.

Website – complaints

Personal data arising from complaints and/or feedbacks made via the Website, which relates to complaints and/or feedbacks notified will normally be stored for a period of twelve months and then deleted automatically.

This may be extended where there is a sound organisational reason for doing so (for example, a lengthy investigation by us or an external organisation).

We rely on ‘legitimate interest’, as the lawful basis for doing this.

Website – Mailing List

When you subscribe to our mailing list (or other services) through the Website, we will use the Personal Data you shared to provide the service (send emails to the credentials provided). Any Personal Data received in this way will not be used for any other purpose without your prior consent and knowledge and will not be disclosed. Personal data recorded on the Website which relates to the subscription to services such as the mailing list will be stored for a period of twelve months after you unsubscribe, and then deleted automatically.

We rely on ‘Consent” and the “performance of contract’ as the lawful basis for doing this.

Website – Careers

When you apply for a position on the Career page of the Website and you provide your Personal Data as indicated thereafter, we are legally required to store your Personal Data for six months (in case you file a discrimination case).

However, and depending on the circumstances, we may wish to retain the said data for longer than this, because we foresee scenarios where you weren’t right for the role being advertised, but you might be suitable for a future position.

In this case, we may be able to claim a right to retain your Personal Data under the ‘legitimate interest’ basis. However, this right may be challenged.

You shared your Personal Data with us and there is little risk of it being misused. Additionally, keeping it is beneficial for both of us.

We rely on “consent” and ‘legitimate interest’, as the lawful basis for doing this.

In what circumstances and with whom do we share your Personal Data?

We may share your Personal Data in some cases with specific third parties:

In general

We may share some of your personal data with trusted third parties including:

  • our advisers and auditors;
  • our business partners and contractors;
  • our entities, affiliates, subsidiaries, representatives and entities;
  • service providers to whom we outsource certain services (e.g. IT service providers etc.);
  • third parties (i) engaged in our course of business and services (e.g. local counsel, legal counsels, technology service providers (data room etc.) etc.); and/or (ii) involved in hosting or organizing events for us or with our collaboration;
  • regulatory authorities when necessary and required.

It is established that we share Personal Data with trusted third parties based on and in accordance with contractual arrangements signed with them.

We rely on ‘legitimate interest’ and “performance of contract” as the lawful basis for doing this.

For compliance

Under some circumstances, we may be compelled to share your Personal Data with third parties to comply with legal or other regulatory requirements.

With competent authorities

Normally, under no circumstances will we share your Personal Data, without your prior consent. However, we recognise the importance of sharing Personal Data with law enforcement authorities (known under data protection law as “competent authorities”) who are discharging their statutory law enforcement functions. Where a request for Personal Data is received from a competent authority, the matter will be passed to, and considered and approved by, the Chief Executive.

We will use reasonable endeavors and efforts to notify you before we share your Personal Data with the competent authorities.

For reorganisation of business

If we wish to reorganise our business, consolidate it, or to transfer all or part of it, we might be obliged to transfer Personal Data to third parties to whom the business was transferred.

We rely on ‘legitimate interest’ as the lawful basis for doing this.

In partnership-based project delivery

We may adopt a partnership or consortium-based approach to project delivery. In these circumstances, and in the interests of effective project management, it may be necessary to share certain Personal Data with the partner entity or entities involved. If you are concerned, you will be advised of this and your consent for the transfer and sharing of your Personal Data obtained.

We rely on ‘legitimate interest’ as the lawful basis for doing this.

With third parties’ sites and apps

We may use third parties’ sites and applications (e.g., social media: twitter, LinkedIn, Facebook etc.), their privacy policies should be reviewed for more information on how they handle and treat Personal Data.

We rely on ‘legitimate interest’ and “performance of contract” as the lawful basis for doing this.

In any case, and under no circumstances will we sell, rent or otherwise commercially exploit your Personal Data alone or with the collaboration of third parties except with your express prior consent.

Transfer of data to locations outside UK and/or EEA

We may need to transfer Personal Data to locations outside the jurisdiction in which such data were provided.

This may constitute a transfer of data from the UK to a location outside the UK or vice versa. It may also constitute a transfer of data from a location within the European Economic Area (the “EEA”) to a location outside the EEA or vice versa.

Countries outside the UK or the EEA may offer a lower level of protection of Personal Data. When this is the case, we implement appropriate technical and contractual measures to protect the Personal Data which transfer is contemplated.

When third parties that process Personal Data outside the UK and/or the EEA provide services to us, they are bound by appropriate contractual and technical measures (e.g., UK-GDPR and/or EU-GDPR standard contractual clauses), otherwise we would’ve not engaged with them.

Kindly note that the UK and the EEA both offer the same level of protection of Personal Data. Therefore, transfers of data from the UK to the EEA and vice versa are allowed and no additional measures should be implemented. Such transfers are covered by an adequacy decision issued by the EU proving the said same level of protection.

Your rights in relation to your personal data

We undertake to respect the confidentiality of your Personal Data and to guarantee you can exercise your rights.

In compliance with the UK GDPR and EU GDPR you have the right under this Privacy Policy, to:

  • Request access to your Personal Data: you have the right to request access, update, or deletion of your Personal Data by contacting us. This also enables you to receive a copy of the Personal Data we hold about you.

  • Request correction of the Personal Data that we hold about you: you have the right to have any incomplete or inaccurate information we hold about you corrected by contacting us.

  • Object to the processing of your Personal Data: this right exists where we are relying on a legitimate interest as the legal basis for our processing and there is something about your particular situation, which makes you want to object to our processing of your Personal Data on this ground. You also have the right to object where we are processing your Personal Data for direct marketing purposes. If you want to exercise your right of objection, contact us through our Data Protection Officer.

  • Request erasure of your Personal Data: you have the right to ask us to delete or remove Personal Data when there is no good reason for us to continue processing it, by contacting us. However, it is not an absolute right. We may refuse to comply if we need to keep processing the data in order to carry out whatever task it was being used for. We would have to consider whether you have the right to restrict or object to legitimate processing.

  • Request the transfer of your Personal Data: we will provide to you, or to a third-party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

  • Withdraw your consent (right to object): this could mean that you are withdrawing your consent, which effectively allows you to stop or prevent us from processing your Personal Data at any time – if you withdraw your consent, we may not be able to provide you with some specific functionalities of the Website such as (without limitations) the Mailing List service. However, to the extent required or permitted by law, we may be able to continue to process your Personal Data even if you exercised your right to object.

Siren’s obligations regarding the exercise of your rights

Regarding the exercise of any of your rights mentioned above, we are committed to:

  • inform you, through this Privacy Policy, that you can make a request to exercise any of your abovementioned rights.
  • not charge a fee for responding to a rights request. However, we can charge an appropriate fee for requests that are “manifestly unfounded or excessive” or repetitive.
  • respond to every request “without undue delay” and within a maximum period of one month. You will be kept closely informed if the processing of a request takes longer than one month.
  • If there are any doubts about the identity of the user making the request, we may ask for proof of identification.

Data Protection Officer

For any inquiries about how your Personal Data is being processed or any other question related to your privacy and related rights, please contact our Data Protection Officer through our dedicated contact form

Right to resort to the appropriate data protection authority

Please note that, in accordance with UK-GDPR and the Data Protection Act 2018, you, or any of your heirs, may resort to the competent authorities, in particular the United Kingdom Information Commissioner’s Office (the ICO) in order to ensure the exercise of your rights and to report the application of the provisions of the abovementioned law.

What are the security measures we have implemented?

To provide the highest level of security to our systems, we have put in place procedures and technologies as per good industry practices and in accordance with applicable laws, to maintain security of all data from the point of collection to the point of destruction. These include multi-factor authentication, alerting systems, security tests and audits…. However, such measures do not offer a complete guarantee of security.

Data controller and EU Representative

Data controller

We (either alone or jointly with other persons) determine the purposes for which and the manner in which your Personal Data is or is to be processed. Therefore, and according to both the UK GDPR and the EU GDPR, Siren is the Data Controller.

Representative

Siren is a UK-based entity with no offices, branches or other establishments in the EEA. However, Siren may offer services to and/or monitor the behaviour of individuals in the EEA.

Consequently, Siren guarantees its full compliance with EU GDPR regarding theses processing and appoints accordingly a representative in the EEA.

Siren’s EU representative(s) act(s) on its behalf in the EEA regarding all matters related to Siren’s compliance with EU GDPR as it shall deal with any supervisory authorities or data subject in this respect.

For any inquiries about how your Personal Data is being processed in the EEA or any other question related to your privacy and related rights in the EEA, please contact our EEA representative:

Name: Fride Lia Stensland

Email: [email protected]

Changes to this Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. We will let you know via email and/or a prominent notice on our Website, prior to the change becoming effective and update the “Last updated” date at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.