Introduction

Welcome to the privacy policy applicable to SISO HOLDINGS LIMITED and its subsidiaries (the “SISO Group”).

The SISO Group values your privacy and is dedicated to safeguarding your personal data. This privacy policy aims to provide you with information on how we handle and protect your personal data when you interact with us, including by visiting our website or our online software product (together, the “SISO Platform”), regardless of your location. This policy also outlines your privacy rights and the legal protections available to you.

Please refer to the Glossary section for definition of certain terms used throughout this privacy policy.

1. Important information and who we are

Purpose of this Privacy Policy

This privacy policy aims to give you information on how the SISO Group collects and processes your personal data through your use of the SISO Platform, including any personal data you may provide through your usage of the SISO platform, or when you register as a user on the SISO Platform, or when you subscribe to any part of the SISO Platform.

The SISO Platform is not intended for use by children, and we do not knowingly collect personal data from children under age 16.

It is important that you read this privacy policy in conjunction with any other privacy policy or fair processing policy we may provide on specific occasions when we collect or process your personal data. This will ensure that you have a complete understanding of how and why we use your personal data. This privacy policy supplements other notices and privacy policies and is not intended to override them.

Controller

This privacy policy is issued on behalf of all companies in the SISO Group from time to time so when we mention SISO HOLDINGS LIMITED, we, us or our in this privacy policy, we are referring to the relevant company in the SISO Group responsible for processing your data. SISO HOLDINGS LIMITED acts as the controller and is responsible for the SISO Platform.

We have appointed a data privacy manager who is responsible for overseeing inquiries related to this privacy policy. If you have any questions regarding this privacy policy, including questions about exercising your legal rights, please contact our data protection officer using the contact details set out below.

Contact details

If you have any questions about this privacy policy or our privacy practices, please feel free to reach out using the following contact information:

Full name of legal entity:
SISO HOLDINGS LIMITED

Email address:
[email protected]

Postal address:
DD-15-134-004-007, Level 15, Wework Hub71, Al Khatem Tower, Abu Dhabi Global Market Square, Al Maryah Island, Abu Dhabi, United Arab Emirates.

Data Protection Officer

Luke Kyleman (CTO), [email protected]

If you are concerned about our handling of your personal data, you have the right to lodge a complaint with a privacy supervisory authority. In the European Economic Area, the relevant supervisory authority is determined based on the country or territory where:

• you reside;
• you work; or
• the alleged infringement occurred.

A list of National Data Protection Authorities in the European Economic Area can be found here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm; and for the UK here: https://ico.org.uk/for-organisations/data-protection-and-the-eu; and for the Abu Dhabi Global Market, here: https://www.adgm.com/operating-in-adgm/office-of-data-protection/overview.

However, we kindly request that you provide us with the opportunity to address your concerns before approaching the relevant privacy supervisory authority. Please contact us initially, and we will make every effort to resolve the matter.

Changes to the Privacy Policy and your duty to inform us of changes

We regularly review and update our privacy policy. This version was last reviewed and updated on 21 March 2024.

It is important that the personal data we hold about you is accurate and up to date. Please inform us promptly of any changes to your personal data during your relationship with us.

Third-Party links

The SISO Platform may include links to third party websites, documents, reports, plug-ins and applications (“Third Party Platforms”). Clicking on those links or enabling those connections may allow third parties to collect or share data about you. The inclusion of such links and connections does not imply our endorsement of any Third Party Platform. We do not have control over these Third Party Platforms and cannot be held responsible for their privacy, information, or other practices. When you leave the SISO Platform, we recommend that you carefully review the privacy policy of all such Third Party Platform(s) you visit.

2. The personal data we collect about you

Personal data, also referred to as personal information, means any information about an individual that can be used to directly or indirectly identify that person. It does not include data where the identity has been removed, rendering it anonymous.

We may collect, use, store and transfer various types of personal data about you which we have categorized as follows:

• Identity Data includes your first name, maiden name, last name, username or similar identifier, and title;
• Contact Data includes your organization name, billing address, delivery address, email address, and telephone numbers;
• Financial Data includes bank account and payment card details;
• Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us;
• Technical Data includes your internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technologies on the devices you use to access the SISO Platform;
• Profile Data includes your username and password, purchases or orders made by you, preferences, feedback, profile photo, and survey responses;
• Usage Data includes information about how you use the SISO Platform, and any other related services; and
• Marketing and Communications Data includes your preferences regarding receiving marketing materials from us and our third parties, as well as your communication preferences.

We also collect, use and share Aggregated Data, which refers to statistical or demographic information that has been anonymized and grouped together. Aggregated Data could be derived from your personal data but does not qualify as personal data under the law, as it does not directly or indirectly reveal your identity. For example, we may aggregate Usage Data to calculate the percentage of users accessing a specific feature on the SISO Platform.

However, if the Aggregated Data is combined or connected with your personal data in a manner that enables direct or indirect identification, we treat the combined data as personal data. In such cases, the handling of the combined data will comply with the provisions outlined in this privacy policy.

If you disclose any personal data relating to other people to us or to our service providers in connection with our services, you represent that you have the authority to do so and to permit us to use the information in accordance with this privacy policy.

We do not intend to collect, and we ask that you not send us, any Special or Sensitive Categories of Personal Data, such as information related to race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, or genetic and biometric data. Nor do we collect any information about criminal convictions and offences.

If you fail to provide Personal Data

In cases where collection of personal data is required by law or under the terms of a contract we have with you, and you fail to provide that data when requested, it may hinder our ability to fulfil the contract we have or are attempting to enter into with you. In this case, we may have to cancel a product or service you have with us, but we will notify you if this becomes necessary at the time.

3. How is your personal data collected?

We use various methods to collect personal data from and about you, which include:

Direct interactions. You may give us your personal data by filling in forms or by corresponding with us by post, phone, email or other means. This includes personal data you provide when you, for example:

• apply for our products or services;
• create an account on the SISO Platform;
• accept an invitation to join a project on the SISO Platform;
• subscribe to our services or publications;
• request marketing materials to be sent to you;
• participate in promotions or surveys; or
• provide feedback or contact us.

Automated technologies or interactions. As you interact with the SISO Platform, we automatically collect Technical Data about your devices, browsing actions and patterns. We collect this personal data by using cookies, server logs and similar technologies. We may also receive Technical Data about you if you visit Third Party Platforms that use our cookies. For more information, please refer to our Cookies & Similar Technologies Policy available at www.sisotechnologies.com.

Third parties or publicly available sources. We receive personal data about you from various third parties and public sources, as set out below.

Technical Data from the following parties:

• analytics and other online services providers such as Google, based outside the EU;
• advertising networks, based inside and outside the EU;
• professional public networking platforms, such as LinkedIn; and
• search information providers, based inside and outside the EU.

Contact, Financial and Transaction Data from providers of technical, payment and delivery services based inside and outside the EU.

Identity and Contact Data from data brokers or aggregators, both inside and outside the EU.

Identity and Contact Data from publicly available sources such as the Companies House and the Electoral Register, based inside the EU.

APIs. The SISO Platform may utilize Application Programming Interfaces (APIs) to integrate with other applications or services. Through APIs, the platform can automatically collect data from connected systems, such as social media platforms, cloud storage services, or third-party data providers. This data may include user profile information, preferences, or other relevant data.

4. How we use your Personal Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data where:

• we need to perform the contract we are about to enter into or have entered into with you;
• it is necessary for our Legitimate Interests (or those of a third party) and your interests and fundamental rights do not override those interests; or
• we need to comply with a legal obligation.

Generally, we do not rely on consent as a legal basis for processing your personal data, although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.

Purposes for which we will use your Personal Data

We have set out below, in a table format, a description of all the ways we plan to use your personal data and which of the legal bases we rely on to do so. We have also identified what our Legitimate Interests are where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Purpose/Activity	Type of data	Lawful basis for processing including basis of Legitimate Interest
To register you as a new customer	Identity Contact	Performance of a contract with you
To process and deliver your order including: Manage payments, fees and charges Collect and recover money owed to us Respond to inquiries and fulfill requests	Identity Contact Financial Transaction Marketing and Communications	Performance of a contract with you Necessary for our Legitimate Interests (to recover debts due to us)
To manage our relationship with you which will include: