Effective Date: from May 25 May 2018
Latest Revision: [June 2019]
Effective Date: from May 25 May 2018
Latest Revision: [June 2019]
The protection of your personal data is important to Duferco International Trading Holding S.A. and its affiliates, and we are committed to maintaining reasonable precautions concerning the security of all information provided to us and respecting the privacy of the individuals with whom we transact.
The purpose of this Data Protection Notice is to let you know which personal data we collect about you, how we process them, what your rights are and how you can exercise them under the EU General Data Protection Regulation 2016/679 (the “GDPR”) and the applicable Swiss data protection laws and regulations.
In this Data Protection Notice, “DITH” refers to Duferco International Trading Holding S.A. while “we” or “us” or “our”, or “DITH Group” refers to each subsidiary of DITH which from time to time acts as a data controller with respect to your data (save if such subsidiary acting as data controller provided you with a specific data protection notice (the “Specific Notice”), in which case such Specific Notice shall prevail).
This Data Protection Notice shall not apply to personal data of employees of the DITH Group, whose processing shall be governed by the DITH Employees Data Protection Notice.
We may collect your data in a number of ways, including:
Data we collect and process may include:
1. PROCESSING FOR THE PERFORMANCE OF A CONTRACT
We may process your personal data when necessary or appropriate for the performance of a contract to which you are a party (or which your employer or your principal is a party to) or in order to take steps prior to entering into a contract. This may include negotiating the actual or potential execution of the contract, fulfilling (or allowing you to fulfill) the obligations set out in such contract, maintain record of such activities and any other purposes for which you provide us with your personal data.
2. PROCESSING FOR LEGITIMATE INTERESTS
We also may process your personal data when because it is necessary for our legitimate interests (including the legitimate interest of any DITH Group company). This may include sending communications of commercial nature; training of our staff, collecting or retaining evidence of transactions, IT management and IT security, administration and management of our business (including protection of our rights and interests, archiving, auditing and reporting).
3. PROCESSING TO COMPLY WITH LEGAL OBLIGATIONS
We finally may process your personal data in order to comply with legal obligations applicable to us. This may include compliance with legal or regulatory obligations (including anti-money laundering, KYC, anti-bribery, antitrust, auditing obligations) and requirements by tax authorities or any competent court or legal authority.
In all cases set out above, please be aware that we may share your personal data to other companies in the DITH Group, agents, advisers, intermediaries, third parties involved in the provision of services or products in connection with the relevant contract (including other companies in the DITH group or financing entities involved in a commercial transactions), regulators, public offices or law enforcement agencies, and our IT service and storage providers (the “Third Parties”). We use reasonable commercial endeavours to ensure that Third Parties are required to take appropriate security measures to protect your personal information in line with our policies.
When sharing your personal data with third parties pursuant to this Data Protection Notice, it may be transferred outside the European Union.
In case of international transfers originating from the European Economic Area (EEA), where the European Commission has recognised a non-EEA country as providing an adequate level of data protection, your personal data may be transferred on this basis. For transfers to non-EEA countries whose level of protection has not been recognised by the European Commission, we will either rely on a derogation applicable to the specific situation (e.g. if the transfer is necessary to perform our contract with you such as when making an international payment) or use reasonable commercial efforts to implement one of the following safeguards to ensure the protection of your personal data: (i) standard contractual clauses approved by the European Commission; (ii) binding corporate rules.
We will retain your personal data for the longer of:
In accordance with applicable regulations, you have the following rights:
If you wish to exercise the rights listed above, or you wish to receive further information on your rights or this data protection notice, you can address your queries to the following address: info@dith.com
In accordance with applicable regulation, in addition to your rights above, you are also entitled to lodge a complaint with the competent data protection authorities