How do we share the information and who do we share it with

We will not share information unless one or more of the following conditions are met:

We have your express permission to do so.
We share information among and between our affiliates who will use the information for the same purposes as we do under this Policy.
We also disclose information to non-affiliated third parties for routine business purposes, for example, to service providers, consultants and other third parties for the purpose of providing Services to you (for example, cloud communication providers and telephony operators as necessary for proper routing and connectivity).
We may also disclose information to non-affiliated third parties in response to a subpoena, warrant or court order, or as otherwise required under the applicable law or regulations.
The disclosure is permitted under applicable law.
The information is publicly available under the applicable law.
As part of a business transfer or sale of business through corporate sale, merger, reorganization, dissolution of similar event as part of our assets or due diligence. For our marketing purpose. The disclosure about users engaged in illegal activity or in violation of our contract with them. We may share information if it has been de-identified or aggregated in a way that does not directly identify you.
If your contract with ISAP LIFE of which this Privacy Policy is an integral part, by executing such contract you expressly permit us to share your personal information with third parties for aforementioned reasons.

If your contact is with the iSAP, we, usually, process personal data in the European Union/European Economic Area (EU/EEA) and such data are not transferred and processed in non-EU/EEA countries, but we may need to transfer personal data to recipients outside the European Union. These activities can include dealings with the outsourcing of services to external providers located outside the EU and/or processing the data outside the EU (e.g. cloud computing, web-services), or when arranging staff work trips to non-EU countries.

According to the GDPR, such transfers are allowed when:

the country’s protections are deemed adequate by the EU; or
we take the necessary measures to provide appropriate safeguards, such as by including specific clauses in the contract concluded with the non-European importer of the personal data; or
we rely on specific grounds for the transfer (called ‘derogations’) such as the consent of the individual.
If your contract is with ISAP Life FZCO, we, usually, process personal data in Dubai, and such data is not transferred and processed outside Dubai, but we may need to transfer personal data to recipients outside Dubai. These activities can include dealings with the outsourcing of services to external providers located outside the Dubai and/or processing the data outside Dubai (e.g. cloud computing, web-services), or when arranging staff work trips to non-EU countries. By executing your contract with iSAP Life of which this Privacy Policy is an integral provision, you thereby consent to the transfer of personal data to third parties, including the parties outside Dubai.

Security of Information
To protect Information from unauthorized access and use we use physical, procedural and technical safeguards required under GDPR and local applicable law. We secure our website and other systems against loss, destruction, access, modification or distribution of your data by unauthorised persons. However, despite regular checks, complete protection against all risks is not possible.

Your rights
A data subject or their authorized representative has the following rights:

to receive information on whether we process the personal data of the data subject and then access them if such are processed;
to access their own personal data, based on a substantiated written request;
if necessary, to modify, add or delete any personal data stored on them at any time, based on a substantiated written request;
to transfer their own personal data from us to another controller, if it is technically possible, based on a substantiated written request;
to object to the processing of personal data or to make us restrict processing in accordance with the requirements of the applicable regulatory enactments;
not be subject to fully automated decision making, including profiling, if taking such a decision has legal effects or a similar considerable effect on the data subject;
at any time to withdraw their consent given to us for the processing of personal data;
to address issues and complaints about the use of personal data to the Data State Inspectorate, if the data subject considers that the processing of their personal data violates their rights and interests in accordance with the applicable regulatory enactments.
Data storage
Personal data will only be processed for as long as necessary. The storage period may be based on a contract, our legitimate interests or the applicable regulatory enactments (for example, laws on accounting, extinctive prescription, civil rights, etc.).

We do not accept liability for any unauthorized access to personal data and/or personal data loss, if it does not depend on us, for example, due to your fault and/or neglect.

How to request changes to the application of Privacy Policy
We will share information as described in the section above unless you direct us otherwise by taking one of the below steps. Note that based on the sharing practices above there are certain instances of sharing which you may not opt out. Email us at gdpr@isap.life Requests must include company name, address, contact email and telephone number, name of the contact individual, the account number(s) if applicable is for the business entity(ies) opting out. Incomplete information will delay or possibly prevent our ability to honor your request. Our system will be updated to reflect your privacy preferences within 30 days following receipt of such a request with complete information.