Privacy and Data Protection Policy

Data Privacy and Protection policy for Marsa by SiTech (“Marsa”)

This Privacy Statement is effective as of 01 January 2021.

This Privacy Statement describes Marsa’ general privacy practices that apply to personal information we collect, use and share about our clients, business partners, suppliers and other organizations with which Marsa has or contemplates a business relationship as well as the individuals working for them. This Privacy Statement does not apply to the extent Marsa processes personal information on behalf of clients for their benefit and under their control. It may apply to collection of information related to authorized users of services to the extent Marsa processes this information for its own interests.

Last updated: 01/01/2021

Privacy Officer

SiTech, Inc.

Data protection principles

Marsa is committed to processing data in accordance with its responsibilities under the GDPR (General Data Protection Regulation).

Article 5 of the GDPR requires that personal data shall be:

  1. processed lawfully, fairly and in a transparent manner in relation to individuals
  2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes
  3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
  4. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay
  5. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals
  6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

General provisions

  1. This policy applies to all personal data processed by Marsa
  2. The Responsible Privacy Officer named above shall take responsibility for Marsa’s ongoing compliance with this policy
  3. This policy shall be reviewed at least annually

Why and how we collect and use your personal information

We may collect your personal information as an individual for various purposes, such as the following:

  1. Access and use of websites or other online services (including “apps”). When entering one of our websites, or using an online service (where references to online services include desktop or mobile applications or “apps”), we will record information necessary to provide you with access, for the operation of the website and for us to comply with security and legal requirements in relation to operating our site, such as passwords, IP address and browser settings. We also collect information about your activities during your visit in order to personalize your website experience, such as recording your preferences and settings, and to collect statistics to help us improve and further develop our websites, products and services.
  2. Responding to your request for information, order, or support. When you contact us (online or offline) in connection with a request for information, to order a product or service, to provide you with support, or to participate in a forum or other social computing tool, we collect information necessary to fulfill your request, to grant you access to the product or service, to provide you with support and to be able to contact you. For instance, we collect your name and contact information, details about your request and your agreement with us and the fulfillment, delivery and invoicing of your order and we may include client satisfaction survey information. We retain such information for administrative purposes, defending our rights, and in connection with our relationship with you.
  3. Providing your name and contact. When you provide your name and contact information to register in connection with such a request, the registration on the sites may serve to identify you when you visit our websites. For ordering of most services and products we require you to have registered an Marsa ID. Registration may also allow you to customize and control your privacy settings.
  4. Contacting employees of our clients, prospects, partners and suppliers. In our relationship with clients or prospects, partners and suppliers, they also provide us with business contact information (such as name, business contact details, position or title of their employees, contractors, advisors and authorized users) for purposes such as contract management, fulfillment, delivery of products and services, provision of support, invoicing and management of the services or the relationship.
  5. Visitor information. We register individuals visiting our sites and locations (name, identification and business contact information) and use camera supervision for reasons of security and safety of persons and belongings, as well as for regulatory purposes.
  6. Marketing. Most information we collect about you comes from our direct interactions with you. We combine the personal information we collect to develop aggregate analysis and business intelligence for conducting our business and for marketing purposes. You can choose to receive information by email, or telephone about our products and services. When visiting our websites or using our services we may provide you with personalized information

Where we reference that we use your personal information in connection with a request, order, transaction or agreement (or preparing for the same), or to provide you with services that you requested (such as a website), we do this because it is necessary for the performance of an agreement with you.

Where we reference that we use your personal information in relation to marketing, improvement or development of our products or services, for reasons of safety and security, or regulatory requirements other than in connection with your agreement or request, we do this on the basis of our or a third party’s legitimate interests, or with your consent. When we collect and use your personal information subject to the EU Privacy Legislation this may have consequences for your rights.

Sharing of Personal Information

As an organization offering a wide range of products and services, with business processes, management structures and technical systems that cross borders, Marsa has implemented global policies, along with standards and procedures, for consistent protection of personal information. We may share information about you with our subsidiaries world-wide and transfer it to countries in the world where we do business in accordance with this Privacy Statement.

Between Marsa controlled subsidiaries we only grant access to personal information on a need-to-know basis, necessary for the purposes for which such access is granted. In some cases, Marsa uses suppliers located in various countries to collect, use, analyze and otherwise process personal information on its behalf.

Where appropriate, Marsa may also share your personal information with selected partners to help us provide you, or the company you work for, products or services, or to fulfill your requests, or with your consent. When selecting our suppliers and partners, we take into account their data handling processes.

If Marsa decides to sell, buy, merge or otherwise reorganize businesses in some countries, such a transaction may involve the disclosure of personal information to prospective or actual purchasers, or the receipt of such information from sellers. It is Marsa's practice to require appropriate protection for personal information in these types of transactions.

Please be aware that in certain circumstances, personal information may be subject to disclosure to government agencies pursuant to judicial proceeding, court order, or legal process. We may also share your personal information to protect the rights or property of Marsa, our business partners, suppliers or clients, and others when we have reasonable grounds to believe that such rights or property have been or could be affected.

Information Security and Accuracy

We intend to protect your personal information and to maintain its accuracy. Marsa implements reasonable physical, administrative and technical safeguards to help us protect your personal information from unauthorized access, use and disclosure. For example, we encrypt certain sensitive personal information such as credit card information when we transmit such information over the Internet. We also require that our suppliers protect such information from unauthorized access, use and disclosure.

Retention Period

We will not retain personal information longer than necessary to fulfill the purposes for which it is processed, including the security of our processing complying with legal and regulatory obligations (e.g. audit, accounting and statutory retention terms), handling disputes, and for the establishment, exercise or defense of legal claims in the countries where we do business.

Archiving / removal

  1. To ensure that personal data is kept for no longer than necessary, Marsa shall put in place an archiving policy for each area in which personal data is processed and review this process annually.
  2. The archiving policy shall consider what data should/must be retained, for how long, and why.

Lawful purposes

  1. All data processed by Marsa must be done on one of the following lawful bases: consent, contract, legal obligation, vital interests, public task or legitimate interests.
  2. Where consent is relied upon as a lawful basis for processing data, evidence of opt-in  consent shall be kept with the personal data.
  3. Where communications are sent to individuals based on their consent, the option for the individual to revoke their consent should be clearly available and systems should be in place to ensure such revocation is reflected accurately in Marsa’s systems.

Data minimization

Marsa shall ensure that personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

Breach

In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, Marsa shall promptly assess the risk to people’s rights and freedoms and if appropriate report this breach to the ICO (more information on the ICO website).

Changes to our Privacy Statements

We may update this Privacy Statement from time to time to reflect changes to our data governance practices. The revised Privacy Statement will be posted here with an updated revision date. We encourage you to check back periodically for any changes or updates. If we make a material change to our Privacy Statement, we will post a notice at the top of this page for 30 days. By continuing to use our websites after such revision takes effect, we consider that you have read and understand the changes.

How to contact us

If you have a question related to this Privacy Statement, please contact us by sending us an email to support@Marsa.io. Your message will be forwarded to the appropriate member of Marsa's Data Privacy Team, such as Data Protection Officers or members of their teams.