At Sansha, we are committed to protecting and respecting your privacy. This Privacy Policy outlines our practices regarding the collection, use, and disclosure of information that we receive through our IT and implementation services. We process and safeguard data in accordance with the specific requirements and regulatory standards of our projects and clients based in the UAE (DIFC Data Protection Law), USA (HIPAA, CCPA), UK (UK GDPR, Data Protection Act 2018), Canada (PIPEDA), Europe (GDPR), and Australia (Privacy Act 1988).
We collect various types of information to provide and improve our services. Additionally, we gather technical data including browser types and versions, operating systems, device types, IP addresses, time zone settings, and browser plug-in types and versions. Usage data, such as pages visited, time spent on pages, clicks, scrolling activity, and other actions taken on our website, is also collected to enhance user experience.
The information we collect is used for multiple purposes. We use it to provide and maintain our services, notify you about changes to our services, provide customer support, gather valuable information for improving our services, monitor service usage, detect and address technical issues, and comply with legal obligations.
Our legal basis for processing personal data depends on the specific context in which we collect it. We may process your personal data because we have obtained your consent, need to perform a contract with you, have legitimate interests that are not overridden by your rights, or to comply with legal obligations.
We are committed to complying with data protection regulations in the regions where we operate. In the UAE, we adhere to federal laws, including the DIFC Data Protection Law, ensuring consent and transparency in our data collection practices. In the USA, we follow sector-specific regulations such as HIPAA and CCPA, providing privacy notices and honoring consumer rights. For our UK operations, we comply with UK GDPR and the Data Protection Act 2018, ensuring lawful data processing, data subject rights, and conducting data protection impact assessments.
In Canada, we follow PIPEDA guidelines, emphasizing consent, transparency, and accountability in our data management practices. In Europe, we adhere to GDPR requirements, including data protection principles, data subject rights, and appointing data protection officers. For Australia, we comply with the Privacy Act 1988 and the Australian Privacy Principles, ensuring proper data collection, use, and disclosure practices while maintaining data quality and security.
To ensure the security of personal data, we implement appropriate technical and organizational measures such as encryption, access controls, and regular security assessments. We retain personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
Depending on your location, you may have rights regarding your personal data, including the right to access, rectify, erase, restrict processing, data portability, object to processing, and withdraw consent. We may transfer personal data to countries outside of your region, ensuring that appropriate safeguards are in place to protect your data in compliance with applicable data protection laws.
We may update our Privacy Policy from time to time, and we will notify you of any changes by posting the new Privacy Policy on our website. We advise you to review this Privacy Policy periodically for any changes. If you have any questions about this Privacy Policy, please contact us. Your privacy is important to us, and we are committed to safeguarding your personal information in accordance with applicable laws and best practices.