DITH Data Protection Notice - Previous Version

Effective Date: from May 25 May 2018

Latest Revision: [22 October 2018]


The protection of your personal data is important to Duferco International Trading Holding S.A. and its affiliates (“DITH”, “we” or “us” or “our”), and we are committed to maintaining reasonable precautions concerning the security of all information provided to us and respecting the privacy of the individuals with whom we transact.


The purpose of this Data Protection Notice is to let you know which personal data we collect about you, how we process them, what your rights are and how you can exercise them under the EU General Data Protection Regulation 2016/679 (the “GDPR”) and the applicable Swiss data protection laws and regulations.


In this Data Protection Notice, “DITH”, “we” or “us” or “our”, refers to each subsidiary of Duferco International Trading Holding S.A. which from time to time acts as a data controller (save if such subsidiary acting as data controller gave you a specific data protection notice (the “Specific Notice”), in which case such Specific Notice shall prevail).


We may collect your data in a number of ways, including:

  • When you provide us information; either in writing, in meetings or over the phone;
  • When you communicate with us (or on our infrastructures) by telephone, fax, email or other forms of electronic communication. In this respect, we may monitor, record and store any such communication;
  • From information about you provided to us by your employer, principal, company or an intermediary;
  • When we conduct commercial transactions with you (such as sale or purchases or products or services);
  • When you complete (or we complete on your behalf) client or supplier on-boarding, KYC, anti-fraud, or other procedures;
  • From other companies in the DITH group;
  • From agents, advisers or intermediaries to the extent involved in a transaction.

Data we collect and process may include:

  • Your name and contact information such as your home or business address, email address and telephone number;
  • Biographical information which may confirm your identity including your date of birth, tax identification number and your passport number or national identity card details, country of domicile and/or your nationality;
  • Data concerning our commercial transaction (which may include data on your company, your bank account, contracts and invoices)

We may process your personal data when necessary or appropriate for the performance of a contract to which you are a party or in order to take steps prior to entering into a contract. This may include negotiating the actual or potential execution of the contract, fulfilling (or allowing you to fulfill) the obligations set out in such contract, maintain record of such activities and any other purposes for which you provide us with your personal data.

 We also may process your personal data when because it is necessary for our legitimate interests (including the legitimate interest of any DITH Group company). This may include marketing communications; training of our staff, proof of transactions, IT management and IT security, administration and management of our business (including protection of our rights and interests, archiving, auditing and reporting).

We finally may process your personal data in order to comply with legal obligations applicable to us. This may include compliance with legal or regulatory obligations (including anti-money laundering, KYC, anti-bribery, antitrust, auditing obligations) and requirements by tax authorities or any competent court or legal authority

In all cases set out above, please be aware that we may share your personal data to other companies in the DITH Group, agents, advisers, intermediaries, third parties involved in the provision of services or products in connection with the relevant contract (including other companies in the DITH group), regulators, public offices or law enforcement agencies, and our IT service and storage providers.


When sharing your personal data with third parties pursuant to this Data Protection Notice, it may be transferred outside the European Union. 

In case of international transfers originating from the European Economic Area (EEA), where the European Commission has recognised a non-EEA country as providing an adequate level of data protection, your personal data may be transferred on this basis. For transfers to non-EEA countries whose level of protection has not been recognised by the European Commission, we will either rely on a derogation applicable to the specific situation (e.g. if the transfer is necessary to perform our contract with you such as when making an international payment) or use reasonable commercial efforts to implement one of the following safeguards to ensure the protection of your personal data: (i) Standard contractual clauses approved by the European Commission; (ii) Binding corporate rules. 

In these circumstances, your personal data will only be transferred on one of the following bases: 


We will retain your personal data for the longer of:

  • the duration of our relationship (for example, for the duration of our contract or for as long as you may be our client or supplier); or
  • the period required in order to comply with any applicable laws and regulations or;
  • another period with regard to our operational requirements, such as proper account maintenance, auditing, reporting, tax requirements, and responding to legal claims or regulatory requests.

In accordance with applicable regulations, you have the following rights:

  • To access: you can obtain information relating to the processing of your personal data, and a copy of such personal data.
  • To rectify: where you consider that your personal data are inaccurate or incomplete, you can require that such personal data be modified accordingly.
  • To erase: you can require the deletion of your personal data, to the extent permitted by law.
  • To restrict: you can request the restriction of the processing of your personal data.
  • To object: you can object to the processing of your personal data, on grounds relating to your particular situation. You have the absolute right to object to the processing of your personal data for direct marketing purposes, which includes profiling related to such direct marketing.
  • To withdraw your consent: where you have given your consent for the processing of your personal data, you have the right to withdraw your consent at any time.
  • To data portability: where legally applicable, you have the right to have the personal data you have provided to us be returned to you or, where technically feasible, transferred to a third party.

If you wish to exercise the rights listed above, or you wish to receive further information on your rights or this data protection notice, please write us on our Contact Us page.

In accordance with applicable regulation, in addition to your rights above, you are also entitled to lodge a complaint with the competent data protection authorities.

Start typing and press Enter to search