DITH Data Protection Notice

Effective Date: from May 25 May 2018

Latest Revision: [June 2019]


The protection of your personal data is important to Duferco International Trading Holding S.A. and its affiliates, and we are committed to maintaining reasonable precautions concerning the security of all information provided to us and respecting the privacy of the individuals with whom we transact.


The purpose of this Data Protection Notice is to let you know which personal data we collect about you, how we process them, what your rights are and how you can exercise them under the EU General Data Protection Regulation 2016/679 (the “GDPR”) and the applicable Swiss data protection laws and regulations.


In this Data Protection Notice, “DITH” refers to Duferco International Trading Holding S.A. while “we” or “us” or “our”, or “DITH Group” refers to each subsidiary of DITH which from time to time acts as a data controller with respect to your data (save if such subsidiary acting as data controller provided you with a specific data protection notice (the “Specific Notice”), in which case such Specific Notice shall prevail).

This Data Protection Notice shall not apply to personal data of employees of the DITH Group, whose processing shall be governed by the DITH Employees Data Protection Notice.


We may collect your data in a number of ways, including:

  • when you provide us with information; either in writing, in meetings or over the phone;
  • when you communicate with us (or using our IT infrastructures) by telephone, fax, email or other forms of electronic communication. In this respect, we may record and store any such communication;
  • when your information is provided to us by your employer, principal, company or an authorized intermediary;
  • when we conduct commercial transactions with you (such as sale or purchases or products or services);
  • when you complete (or we complete on your behalf) client or supplier on-boarding, KYC, anti-fraud, or other procedures;
  • from other companies in the DITH group;
  • from agents, advisers or intermediaries to the extent involved in a transaction.

Data we collect and process may include:

  • your name and contact information such as your address, email and telephone number;
  • biographical information which may confirm your identity including your date of birth, tax identification number and your passport number or national identity card details, country of domicile and/or your nationality;
  • data concerning our commercial transaction (which may include data on your company, your bank account, contracts and invoices).

We may process your personal data when necessary or appropriate for the performance of a contract to which you are a party (or which your employer or your principal is a party to) or in order to take steps prior to entering into a contract. This may include negotiating the actual or potential execution of the contract, fulfilling (or allowing you to fulfill) the obligations set out in such contract, maintain record of such activities and any other purposes for which you provide us with your personal data.

We also may process your personal data when because it is necessary for our legitimate interests (including the legitimate interest of any DITH Group company). This may include sending communications of commercial nature; training of our staff, collecting or retaining evidence of transactions, IT management and IT security, administration and management of our business (including protection of our rights and interests, archiving, auditing and reporting).

We finally may process your personal data in order to comply with legal obligations applicable to us. This may include compliance with legal or regulatory obligations (including anti-money laundering, KYC, anti-bribery, antitrust, auditing obligations) and requirements by tax authorities or any competent court or legal authority.

In all cases set out above, please be aware that we may share your personal data to other companies in the DITH Group, agents, advisers, intermediaries, third parties involved in the provision of services or products in connection with the relevant contract (including other companies in the DITH group or financing entities involved in a commercial transactions), regulators, public offices or law enforcement agencies, and our IT service and storage providers (the “Third Parties”). We use reasonable commercial endeavours to ensure that Third Parties are required to take appropriate security measures to protect your personal information in line with our policies.


When sharing your personal data with third parties pursuant to this Data Protection Notice, it may be transferred outside the European Union.

In case of international transfers originating from the European Economic Area (EEA), where the European Commission has recognised a non-EEA country as providing an adequate level of data protection, your personal data may be transferred on this basis. For transfers to non-EEA countries whose level of protection has not been recognised by the European Commission, we will either rely on a derogation applicable to the specific situation (e.g. if the transfer is necessary to perform our contract with you such as when making an international payment) or use reasonable commercial efforts to implement one of the following safeguards to ensure the protection of your personal data: (i) standard contractual clauses approved by the European Commission; (ii) binding corporate rules. 


We will retain your personal data for the longer of:

  • the duration of our relationship (for example, for the duration of our contract or for as long as you may be our client or supplier); or
  • the period required in order to comply with any applicable laws and regulations or;
  • another period with regard to our operational requirements, such as proper account maintenance, auditing, reporting, tax requirements, and responding to legal claims or regulatory requests.

In accordance with applicable regulations, you have the following rights:

  • To access: you can obtain information relating to the processing of your personal data, and a copy of such personal data.
  • To rectify: where you consider that your personal data are inaccurate or incomplete, you can require that such personal data be modified accordingly.
  • To erase: you can require the deletion of your personal data, to the extent permitted by law.
  • To restrict: you can request the restriction of the processing of your personal data.
  • To object: you can object to the processing of your personal data, on grounds relating to your particular situation. You have the absolute right to object to the processing of your personal data for direct marketing purposes, which includes profiling related to such direct marketing.
  • To withdraw your consent: where you have given your consent for the processing of your personal data, you have the right to withdraw your consent at any time.
  • To data portability: where legally applicable, you have the right to have the personal data you have provided to us be returned to you or, where technically feasible, transferred to a third party.

If you wish to exercise the rights listed above, or you wish to receive further information on your rights or this data protection notice, you can address your queries to the following address:  info@dith.com

In accordance with applicable regulation, in addition to your rights above, you are also entitled to lodge a complaint with the competent data protection authorities

Start typing and press Enter to search