Introduction and Scope
This Privacy Statement sets out how Duma uses your Personal Data in connection with any services provided to you (“Services”). For purposes of this Privacy Statement, “Personal Data” means any information through which we can identify you as an individual, as further described below under paragraph 3 (Personal Data we collect).
This Privacy Statement only applies to the usage of Personal Data of (prospective) clients for which Duma is responsible and qualifies as Controller under the General Data Protection Regulation (2016/679/EU) (“GDPR“), as further described in this Privacy Statement. This type of Personal Data is collected through various channels, such as in a sales process, via telephone calls, via forms you submit to us, via email or via business events. This Privacy Statement does not apply to corporate company information if no personal data from individuals can be derived from such corporate information.
2. Who we are
When we refer to ourselves as “Duma” or “we“, we mean each Duma entity that is responsible for using your Personal Data. This will depend on the Duma entity(/ies) that you intend to or have entered into a contract with for the provision of Services.
3. Personal Data we collect
The Personal Data we collect about you when you use our Services include the following:
- Your contact details. Your name, address, telephone number, email address and any other contact details you provide to us.
- Your personal characteristics. Including your gender, profession, job title, marital status (if shown on national identification cards) or other personal characteristics that are requested to identify you as a client or client representative.
- Your communication data. Your requests, any complaints you may have and any other data that we receive if we communicate with you via email, telephone or otherwise.
- Any other personal data. This includes any personal data that you disclose to us during the course of your contractual relationship with us, either voluntarily or upon request.
- KYC information. Duma is required by law to conduct “know your client” identification procedures. To comply with our legal obligation, we also collect the following information from the Ultimate Beneficial Owners (UBOs) of our clients: first and family name, copy of ID, nationalities, tax residence, private/residential address, phone number, email address, date of birth, marital status, profession and actual function, range of annual income, range of estimated wealth, the source of wealth and (where applicable) an U.S. or other Taxpayer Identification Number.
4. Purposes for which we use your Personal Data
Duma collects and uses your Personal Data for the purposes below and on a lawful basis. Insofar we already hold information about you, we may use that information for the same purposes.
- For the performance of our agreement with you: We use your Personal Data in order to carry out our obligations arising from any agreements entered into between you and us, and to provide you with the information and services that you request, including managing and handling your requests, inquiries or complaints.
- Use of information based on your consent: If you are a prospective client: we use your Personal Data to send you marketing communications (such as newsletters, promotions, news or service updates) via email or other electronic means or via telephone, but we will only do so after we have received your explicit consent to do so. You can withdraw your consent at any time; see paragraph 8 (Your rights) below.
- To comply with our legal obligations: Any information referred to above under Paragraph 3 (Personal Data we collect) may be used to comply with a legal obligation to which we are subject, such as maintaining appropriate business records, conducting Know Your Client identification procedures, complying with lawful requests by governmental agencies and public authorities and to comply with applicable laws and regulations or as otherwise required by law.
- For our
legitimate commercial interests:
- If you are an existing client: we use your Personal Data (both on aggregated and on individual basis), such as your contact details and your electronic identification data for the purpose of advertising our Services that may be of interest to you (based on the Services you previously used), making contact with you for marketing or other commercial purposes.
- We use your Personal Data for client administration purposes, such as client Services agreements administration, internal administration of work done under client Services agreements;
- We use your Personal Data for analyzing and improving the quality of our Services and to understand you as a customer (customer optimization). This enables us to assess what may interest you, to measure or understand the effectiveness of advertising we serve to you and others and to deliver relevant advertising. In addition, based on your historical use of our Services we may target you with advertisement or other marketing materials that are customized to your personal preferences and experiences.
- In addition, we use your Personal Data for our other legitimate commercial interests such as, to operate and expand our business activities, to develop and improve or modify our Services, to generate aggregated statistics about the users of our Services; to assist in security and fraud prevention; to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, and statistical purposes.
- We also use your Personal Data for system integrity purposes (for example the prevention of hacking, spamming etc.); to facilitate our business operations, to operate company policies and procedures; to enable us to make corporate transactions, such as any merger, sale, reorganization, transfer of Duma’ assets or businesses, acquisition, bankruptcy, or similar event; or for other legitimate business purposes permitted by applicable law.
5. How we share your Personal Data
We share your Personal Data with the following parties:
- Data controllers within Duma. Your Personal Data will be shared between the Duma entities that may use your Personal Data as described in this Privacy Statement for internal administrative purposes, management purposes, analytical purposes and other business-related purposes. Your Personal Data will only be used by Duma companies for marketing purposes if you have given your explicit consent thereto and/or where we have legitimate interest to do so.
Providers and Processors. We engage
third party vendors to provide Services on our behalf, which may have access to
your Personal Data, including:
- Business partners (such as law, tax and audit firms or finance providers), including subcontractors which are engaged to perform (part of) the Services under client services agreements;
- Suppliers (such as IT service providers);
In providing their services, they will access, receive, maintain or otherwise process Personal Data on our behalf. Our agreements with these service providers do not permit use of your Personal Data for their own (marketing) purposes. Consistent with applicable legal requirements, we take commercially reasonable steps to require third parties to adequately safeguard your Personal Data and only process it in accordance with our instructions.
- Third parties in case of legal requirement. We will disclose your Personal Data if disclosure is required by law or in the context of an investigation, regulatory requirement, judicial proceeding, court order or legal process served on us, or to protect the rights or safety of the website, us or our affiliated companies.
- Corporate transaction. In addition, information about our clients, including Personal Data, may be disclosed as part of any merger, sale, transfer of Duma’s assets, acquisition, bankruptcy, or similar event.
- With consent. We also disclose information about you, including Personal Data to any other third party, where you have consented or requested that we do so.
Duma will take reasonable steps to ensure that your Personal Data are properly secured using appropriate technical, physical, and organizational measures, so that they are protected against unauthorized or unlawful use, alteration, unauthorized access or disclosure, accidental or wrongful destruction, and loss.
We take steps to limit access to your Personal Data to those persons who need to have access to it for one of the purposes listed in this Privacy Statement. Furthermore, we contractually ensure that any third party processing your Personal Data equally provide for confidentiality and integrity of your data in a secure way.
7. Data Retention
We retain your Personal Data for as long as required to satisfy the purpose for which they were collected and used (for example, for the time necessary for us to provide you with client Services) unless a longer period is necessary for our legal obligations or to defend a legal claim. The Personal Data that we collect of ultimate beneficial owners is retained for ten (10) years to cover the different requirements under national legislation of the countries where such data is collected.
8. Your Rights
Subject to the conditions set forth in the applicable law, you have the right to request, review, correct, update, suppress, restrict or delete Personal Data that you have provided to us or if you would like to request to receive an electronic copy of such personal data for purposes of transmitting it to another company, by sending an email to firstname.lastname@example.org specifying your request. We will respond to your request consistent with applicable law.
In your request, please tell us what Personal Data you would like to have changed, whether you would like to have it suppressed from our database, or otherwise let us know what limitations you would like to put on our use of it. We will try to comply with your request as soon as reasonably practicable.
Please note that we may need to retain certain Personal Data for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion.
In the event your personal data is processed on the basis of your consent, you can withdraw your consent at any time by sending an email to email@example.com specifying your request, without affecting the lawfulness of processing based on consent before its withdrawal.
You may lodge a complaint with a supervisory authority, in particular in your Member State of residence, if you consider that the collection and use of your Personal Data infringes this Privacy Statement or applicable law.
9. Changes to this Privacy Statement
This Privacy Statement may be revised from time to time. If a fundamental change to the nature of the use of your personal data is involved or if the change is in any other manner relevant to you, we will ensure that information is provided to you well in advance of the change actually taking effect.
10. Contact Us
If you have any queries about this Privacy Statement or our handling of your Personal Data in general, or if you want to exercise your rights, please email us at firstname.lastname@example.org and be sure to indicate the nature of your query.