ISAGI Technologies Privacy Policy
This is the privacy statement for ISAGI Technologies Limited (ISAGI or We). ISAGI is a private company (company number 13367081) with its registered office at Douglas Bank House, Wigan Lane, Wigan, England, WN1 2TB
For the purpose of the Data Protection Act 2018 and the General Data Protection Regulation 2016/679 the data controller is ISAGI. ISAGI is registered at the ICO with number ZB217153.
ISAGI is committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data We collect from you or that you provide to us, directly or indirectly, will be processed by us. Please read the following carefully to understand our views and practices regarding personal data and how We treat it.
ISAGI’s Data Protection Officer can be contacted at Richie@ISAGI-technologies.com
The General Data Protection Regulation 2016/679
In this statement We have used certain terms which are set out in the General Data Protection Regulation 2016/679 (GDPR or the Regulation):
- personal data means: any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- Controller means: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
- Processor means: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
- Processing means: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
What We Do
ISAGI is a service which enables its clients to access the financial information of their customers after obtaining all the relevant consents from those customers. ISAGI’s clients agree to use the data enables by ISAGI’s service for the specific purposes agreed between ISAGI and its clients.
ISAGI assists its clients to carry out financial checks on its clients’ customers e.g property owners and landlords (together, Landlords (being either actual or prospective Landlords)) in referencing tenants and creating detailed affordability checks to satisfy the tenant can afford the property rent.
ISAGI assists prospective and actual tenants (collectively, Tenants (which for the purposes of this privacy statement, shall be deemed to include any individual guarantors of any Tenant)) in validating their affordability and financial position when looking to rent a property.
For the purposes of this Privacy Policy, Landlords and Tenants are referred to collectively, as Users.
Our Status Under GDPR
Depending on the nature of the interaction, We may act as a processor in that We are acting upon instructions from our Users when We provide our services to them; and when We control the purposes and means of the processing of personal data, such as processing our employees’ personal data, We act as a controller, as defined under GDPR.
What Lawful Reasons Do We Use To Process Personal Data?
The lawful reasons ISAGI uses to process personal data are set out in Article 6 of the Regulation and with respect to the business model undertaken by ISAGI, our processing is lawful given that at least one of the following applies:
- the data subject has given consent to the processing of his or her personal data for one or more specific purposes (Consent).
- processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Contract Performance).
- processing is necessary for compliance with a legal obligation which We are subject to (Legal Obligations).
- processing is necessary for the purposes of the legitimate interests pursued by ISAGI, except where our interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child (Legitimate Interest).
Consent
Where We process personal data as a result of data subject consent, We ensure that consent is freely given, specific and informed; and established by a clear affirmative act. Where consent is withdrawn, We have set out (below) how this may be undertaken.
Contract Performance
Where We enter into a contract, processing of personal data may, as a matter of course, be necessary in order to execute such a contract or take pre-contract preparation steps.
Legal Obligations
Where We have legal obligations which apply to ISAGI, processing of personal data may be required by law.
Legitimate Interest
Where We process personal data as it is necessary for the purpose of our legitimate interests, We do so on the basis of a balanced evaluation of our interests and the rights and freedoms of the data subject which require protection.
Presently, We have concluded that the way We manage the processing of personal data results in a cumulation of data subject protections which show that the balance is in favour of ISAGI being able to rely on Article 6.1(f) of the Regulation as a lawful reason to process personal data.
Sensitive Personal Data
Where ISAGI processes sensitive personal data on behalf of a User, ISAGI does so on the basis that the User has established a lawful exception to the prohibition on processing sensitive personal data under Article 9 of the Regulation; and where ISAGI is processing sensitive personal data of employees, it does so pursuant to its employment relationship with its employees and so uses the exception set out in paragraph 2(b) of Article 9 of the Regulation.
ISAGI’s Use Of Personal Data: Overview
How ISAGI collects and uses personal data differs based on the nature of the interaction with the individual whose personal data We are processing. For example, personal data provided by a prospective Tenant when registering on the ISAGI website may be used for several purposes and in a different capacity by us, depending on the nature of the services We are providing. Where ISAGI’s engagement of an employee requires the processing of the employee’s personal data, We have also set out how this will be conducted. As a result, We have explained how personal data may be processed when used within our business, and in the context of the services we offer during our commercial life-cycle, i.e. in the context of the services We provide Landlords and Tenants, respectively. In addition, We have referred to other services which require the processing of personal data and how We process the personal data of third parties. In general, our objective is to inform through being transparent while being consistent with the requirements of the Regulation.
ISAGI Clients
How personal data is collected: Landlords interested in learning more about ISAGI’s services can enter their details into our website at https://www.myISAGI.com or via an enquiry form; or Landlords may email or call us directly using contact details provided on our website or elsewhere. This will likely be for the purposes of entering into a relationship with ISAGI through acceptance of our terms and conditions, requesting that We contact them, reading or downloading information, or requesting support from our support team. From time-to-time, We may also meet business-relevant connections at events or research individuals using social media platforms. Where these individuals are approached (or approach us) in their capacity as employees of their organisation, the interaction will be regarded as a business to business exchange.
Type of personal data collected:
Who controls the personal data: Where (by agreeing to ISAGI’s terms and conditions) a client enters into an agreement with ISAGI and ISAGI provides services to the client, the client controls the purposes of the processing of personal data under the agreement and is a controller.
Who processes the personal data: Where ISAGI is acting upon the instructions of the client pursuant to the terms of their agreement, ISAGI is a processor. In addition, client personal data is processed by ISAGI and our website, email, CRM, marketing platform providers and third-party contractors, who process personal data on our behalf. This is undertaken in a manner that is consistent with the Regulation and the ePrivacy Directive.
Where personal data is stored; how personal data is used:
How long personal data is stored: ISAGI client personal data is stored by ISAGI for the duration of the Landlord’s contract with the Tenant and thereafter in line with prescribed limitation periods under English law. Where the client’s customer withdraws consent to receive marketing material from ISAGI, or, retention of personal data is no longer necessary pursuant to the principles set out in Article 5 of the Regulation, personal data will either be deleted or archived. Where personal data is archived, it is kept to ensure that ISAGI does not lose its records with respect to marketing consent, or the fact of its withdrawal.
Our clients’ customer data
How personal data is collected: Our clients’ customers interested in learning more about ISAGI’s services can enter their details into our website at https://www.myISAGI.com or via an enquiry form; or they may email or call us directly using contact details provided on our website or elsewhere. Consenting client customers provide personal data to ISAGI for the purposes of accessing ISAGI’s services. Personal data is collected when the consenting client customer populates their details online via the ISAGI’s website or an affiliate website run by partners such as Briefyourmarket.com or Experian. During the course of the provision of ISAGI’s services to the consenting client customer, the consenting client customer may disclose additional personal data, which may involve more than one media.
Type of personal data collected: Data collected via the ISAGI website from consenting client customer may include name, telephone number, home address and past addresses, employment status and employment history, bank account information and transaction history, email address and IP address from the device being used, online identifiers and location data. On occasion We may collect sensitive personal data. Where a consenting client customer visits our website, We may collect and process information about their website usage (e.g. browsing history and information about their navigation through our website) using cookies and other similar technologies. During communications, We may process information about the interactions undertaken with us.
Who controls the personal data: When (by agreeing to ISAGI’s terms and conditions) a consenting client customer discloses personal data to ISAGI with a view to using ISAGI’s services to assist the consenting client customer in finding properties to rent, Local Authority checks, Credit hire affordability or any other service ISAGI offers, the resulting disclosure of personal data to ISAGI clients is controlled by ISAGI. When the data has been disclosed to the ISAGI client for the purposes of further communication regarding any specific use case, ISAGI’s client will then be the controller of the data.
Who processes the personal data: Where the consenting client customer, through ISAGI, commences discussions with ISAGI’s client with a view to agreeing a contract or service with the ISAGI client; and consenting client customers personal data has been disclosed to ISAGI’s client by ISAGI, the consenting client customer’s personal data is sent to ISAGI’s client through ISAGI under agreed terms with our client. Under these terms, ISAGI is the processor. Consenting client customers’ personal data may also be processed by ISAGI through our website, email, CRM, marketing platform providers and third-party contractors, who process personal data on our behalf. This is undertaken in a manner that is consistent with the Regulation and the ePrivacy Directive.
Where personal data is stored; how personal data is used: Consenting client customers’ personal data is provided for the purposes of obtaining ISAGI’s services and is stored in our databases and is primarily used to allow us to deliver our services. It may also be used to send news and information about our services, to implement and improve our services, including format and content, to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes, as part of our efforts to keep our website safe and secure, to measure or understand the effectiveness of any advertising We serve to you and others, and to deliver relevant information.
How long personal data is stored: Consenting client customers’ personal data is stored by ISAGI for the duration of ISAGI’s client’s contract with the consenting client customer and thereafter in line with prescribed limitation periods under English law. Where the consenting client customer withdraws consent to receive marketing material from ISAGI, or, retention of personal data is no longer necessary pursuant to the principles set out in Article 5 of the Regulation, personal data will either be deleted or archived. Where personal data is archived, it is kept in order to ensure that ISAGI does not lose its records with respect to marketing consent, or the fact of its withdrawal.
Payment Data
How personal data is collected:
Type of personal data collected: Payment data includes a name, address, bank account sort code, bank account number, payment card long number, payment card issue date, payment card expiry date and three-digit security number.
Who controls the personal data: Payment data is controlled by Users and processed by ISAGI under User instruction, subject to terms and conditions with Users.
Who processes the personal data: User payment data is processed by ISAGI and our third-party payment gateways.
Employees
How personal data is collected: ISAGI employees provide ISAGI with their personal data though email, digital or paper-exchange, in order for the employee and ISAGI to undertake a normal employer-employee relationship.
Type of personal data collected: Personal data might include a name, mobile number, email address, home address, photo, post code and notes about their role and skills. We collect sensitive personal data with respect to health, as necessary and in a proportionate manner.
Who controls the personal data: Personal data of ISAGI employees is controlled by ISAGI.
Who processes the personal data: ISAGI processes employee personal data which is also processed within third party platforms used to help us provide standard employment requirements such as payment of the employee through a third-party payroll business; or dissemination of payment data to HMRC, as is required by law.
How personal data is used by the controller: All ISAGI employee data is used in accordance with the Regulation in order to ensure that the relationship between the employee and ISAGI is undertaken in a manner that is consistent with the legal expectations of the parties in addition to third parties (such as HMRC, as referred to above).
How long personal data is stored: ISAGI employee personal data is stored within ISAGI for the duration of the employee’s contract with ISAGI and thereafter in accordance with ISAGI’s data retention policy which shall take into account limitation periods under the general law.
Job Candidates
How personal data is collected: Candidates interested in applying for a role at ISAGI may provide their personal details by email or through our job application platform to express their interest in a role.
Type of personal data collected: Personal data inputs by job candidates may include: name, email, phone number, home address, place of work, education and work history alongside their skills. We will not collect sensitive personal data.
Who controls the personal data: Job candidate data is controlled by ISAGI.
Who processes personal the data: Job candidate data is processed by our software providers and consultants involved in helping us to recruit candidates and manage employees.
How personal data is used by the controller: Job candidate data is used by ISAGI to manage and communicate with candidates in relation to the role they have applied for at ISAGI.
How personal data is used by the processor: Job candidate data is used by our processors to enable us to accept and manage applications and to support decision making processes.
How long personal data is stored: Job candidate data is stored for as long as necessary. It is then archived or deleted pursuant to our data retention framework.
Third Party Contractors
How personal data is collected: ISAGI engages third parties to deliver some services, for example to validate account information. ISAGI may use a number of businesses in various geographies and collects the personal data of data subjects connected to the third-party businesses concerned.
Type of personal data collected: Personal data input by data subjects connected to third parties may include: name, email, phone number, home address, place of work, skill-set and work history alongside their skills. We will not collect sensitive personal data.
Who controls the personal data: Third party personal data is controlled by ISAGI.
Who processes the personal data: Third party personal data is processed by our suppliers where such third parties require instructions by email (for example); and where third parties are paid.
How personal data is used by the controller: Third party personal data is managed by ISAGI where it is required to assist in the provision of services.
How personal data is used by the processor: Third party personal data is used by our processors to ensure that third party contractors have the information they need to provide ISAGI with services; and be paid for doing so.
How long personal data is stored: Third party personal data is stored for as long as necessary. It is then archived or deleted pursuant to our data retention framework.
Sharing Information
We may share information with third parties so that they can assist us in providing our services; selected third parties could include:
- Other ISAGI Users, for instance supplying your details to a User advertising a property if you request to rent that property.
- Analytics and search engine providers that assist us in the improvement and optimisation of our website.
We may also disclose your personal information to third parties:
- If ISAGI or substantially all of its assets are acquired by a third party, in which case personal data held by ISAGI (in part or in whole) may be one of the transferred assets.
- If We are under a duty to disclose or share personal data to comply with any legal obligation, or in order to enforce or apply our terms and other agreements; or to protect the rights, property, or safety of ISAGI or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Transferring Out Of The EEA
Storing personal data: We use cloud providers to store our personal data. Occasionally, personal data may be transferred to and stored at a destination outside the European Economic Area (EEA).
Processing personal data: We may use third parties to help us deliver our services and they may be based outside the EEA. Where data is transferred outside the EEA, We adhere to compliance mechanisms that are identified by the European Commission, for example, the use of EU model contract clauses or conformity to US Privacy Shield. Where We use sub-processors acting on our behalf, We ensure that they adhere to compliance mechanisms that are identified by the European Commission.
Where We are the processor: We may transfer personal data to non-EEA (and non-adequate) jurisdictions where We are a processor, pursuant to the instructions of a third-party controller, such as a Landlord. Where We do so, it is the third party’s responsibility to ensure that such transfer is consistent with GDPR.
Data Retention Periods
ISAGI has a data retention policy which sets out how long it will store personal data, which is consistent with Article 5 of the Regulation. ISAGI only keeps personal data for as long as is necessary. For example, ISAGI is required to retain certain information in accordance with the general law, where information is needed for income tax and audit purposes. How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements and agreed practices. Personal data may be held beyond these periods depending on ISAGI’s business needs, which are balanced against the requirements of the Regulation and the rights of the individual.
Where We are the controller: We will retain personal data for as long as necessary. As described above, in some cases, We will have a legal or statutory obligation to retain information for a set period, such as the limitation period.
Where We are the processor: Personal data is stored as instructed by Landlords in accordance with their approach to retention of personal data provided that this is within the Regulation. We recommend that you view (where applicable) their Terms of Use and Privacy Policy for more information.
Security Measures
We have implemented security measures that are designed to help protect the personal data We collect or receive in connection with our services, from unauthorised access or disclosure. For example, We use encryption techniques to ensure the security of data; We also use password protection. However, no transmission or storage of data can be guaranteed to be completely secure and We cannot ensure or warrant the security of any information which We collect and store.
Cookies
We use cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and allows us to improve our website. By continuing to browse the website, you are agreeing to our use of cookies. A cookie is a small file of letters and numbers that We store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive. We use the following cookies:
Strictly necessary cookies: These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website.
Analytical/performance cookies: These allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
Functionality cookies: These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
Targeting cookies: These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website more relevant to your interests.
First Party Cookies
How do I block first party cookies?
You block first party cookies by activating the settings on your browser that allow you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.
Third Party Cookies
We may use third party services such as Google Analytics cookies to track anonymous usage statistics but We do not collect any personal information that can be used to identify you. This data helps us analyse web page usage and improve our website to tailor it to our audience needs. Services such as Google Analytics store information about what pages you visit, how long you are on the website, how you got there and what you clicked on. These are cookies served by a third-party service provider and are usually used to identify your computer when it visits another website, for example, when you log in to a social media site to share an article.
How do I block third party cookies?
You block third party cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.
Further Information
More information about cookies can be found at: https://www.allaboutcookies.org
Internet Advertising Bureau: Guide to online advertising and privacy
International Chamber of Commerce United Kingdom: ICC UK cookie guide
Your Right To Complain
If you have a complaint about the way We process your personal data, you can register your concern by contacting the Information Commissioner of the United Kingdom (the Information Commissioner) and following the instructions set out at www.ico.org.uk. Where you wish to contact ISAGI about your concerns, please contact Richie@isagi-technologies.com
Contacting You
The personal data We process is subject to rigorous measures and procedures to minimize the risk of unauthorized access or disclosure. We will get in touch with the supervisory authority (which in ISAGI’s case, is the Information Commissioner) and with affected data subjects where this is required under the Regulation.
Changes To This Privacy Statement
If We change this privacy statement, We will let you know about the changes by publishing the updated version on our website.
Your Rights
At the request of the data subject and where this is technically possible, We will confirm the information We hold about the data subject and how it is processed. As set out in the Regulation a data subject can request the following information:
- Identity and the contact details of the person or organisation that has determined how and why to process personal data. In some cases, this will be a representative in the EU.
- Contact details of the data protection officer, where applicable.
- The purpose of the processing as well as the legal basis for processing.
- If the processing is based on the legitimate interests of ISAGI or a third party, information about those interests.
- The categories of personal data collected, stored and processed.
- Recipient(s) or categories of recipients that the data is/will be disclosed to.
- If We intend to transfer the personal data to a third country or international organisation, information about how We ensure this is done securely. The EU has approved sending personal data to some countries because they meet a minimum standard of data protection. In other cases, We will ensure there are specific measures in place to secure information.
- How long the personal data will be stored.
- Details of data subject’s rights to correct, erase, restrict or object to such processing.
- Information about the data subject’s right to withdraw consent at any time.
- How to lodge a complaint with the supervisory authority.
- Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether We are obliged to provide the personal data and the possible consequences of failing to provide such data.
- The source of personal data if it wasn’t collected directly from you.
- Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
What forms of ID will I need to provide in order to access this?
ISAGI accepts the following forms of ID when information on your personal data is requested: passport, driving licence, birth certificate, utility bill from the previous 3 months. We reserve the right to request further information where your identification is not clear.
Contact Details
ISAGI Technologies Limited
Contact Name: |
Data Protection Officer |
Address: |
Douglas Bank House, Wigan Lane, Wigan, England, WN1 2TB |
Email: |