Data Privacy Notice

 

Last updated: May 2022

 

1. WHO WE ARE AND HOW YOU CAN CONTACT US

 

DMA LINK LIMITED (“we” or “DMALINK”) respect and value the data protection rights and privacy of individuals whose personal data we process.

 

Our business is not retail focused. We onboard institutions (legal entities) only. During the onboarding process, we may, occasionally, identify personal data such as when an individual submits a contact request on our website or a support request for an existing account. 

 

In our role as service provider to the organization that you represent, we are primarily a data processor for the purposes of the processing of your personal data, however in limited circumstances we will be a separate data controller of the personal data that you provide us with.

 

For more details, or if you have any questions, you can contact us at gdpr@dmalink.com.

​

Full contact information is available at www.dmalink.com/contact

​

 

2. HOW AND WHY WE USE YOUR PERSONAL DATA

​

We may be required to retain, process and use your personal information on one or more legal grounds: (i) the processing is necessary for the performance of the agreement between you and us; (ii) to comply with our legal or regulatory obligations or; (iii) the processing is necessary for our legitimate interests or the legitimate interests of a third party that receives your personal data, provided that such interests are not overridden by your interests or fundamental rights and freedom. In addition, the processing may be based on your consent where you have expressly given that to us.

 

We use your personal data for the activities and reasons set out below:

 

• to verify your identity, and complete know your customer (KYC) due diligence and anti-money laundering (AML) screening checks;

• to provide and support our services to the organization you represent;

• to issue invoices, resolve fee disputes and other associated billing services;

• to comply with our legal obligations;

• to comply with our regulatory obligations;

• to monitor compliance with our rulebooks and contractual terms of use;

• to better understand our customers and the way they use and interact with our websites and platforms (the “Sites”) and our services;

• to implement any personal settings you request;

• to enhance security, prevent fraud or market abuse, monitor and verify identity or service access, combat spam or other malware or security risks;

• to deliver targeted marketing and service update notices;

• to facilitate events we participate in and communicate with you about those;

• to enforce our agreements with third parties; and

• to protect our business and to enforce and exercise our rights

• To create an account for you and register you as a customer

 

 

3. WHAT PERSONAL DATA WE COLLECT

 

In order to conduct the activities set out above, we collect certain personal data from you, and others. In some circumstances, we are required to collect this information by law.

 

We collect the following personal data:

 

• When the organization that you represent becomes a customer or counterparty and/or you become a user of our services, we may collect the following types of information: your name, gender, date of birth, government-issued identification and/or number, photo identification, address, phone, fax, email, country of residence, nationality, place of birth, country of birth and occupation.

 

• For certain services, we may require additional information if required under applicable law or to meet our regulatory obligations, including under MIFID II, the Dodd-Frank Act and equivalent regulation of other jurisdictions. The types of information may include your identification (including any information you may share about members of your family including information we may gather about you or your dependents and family),  personal circumstances (financial or non-financial), CV, criminal convictions, bank account details, proof of address (e.g., utility bills) and your registration details with any competent authority.

 

• Whenever you contact us or respond to our communications (e.g., in email, telephone, or writing), we receive your contact information and any other personal data you choose to provide us. DMALINK will use such information to fulfil your requests or to provide services.

• We collect personal data when you use or request information about our services, subscribe to marketing communications, request support, complete surveys, or sign up for and/or attend events DMALINK participates in.

 

 

4. WHERE WE OBTAIN AND COLLECTION YOUR PERSONAL DATA FROM

 

As explained in section 3 above, we collect personal data from you, as well as from others.

 

• We collect personal data that you give us: directly by filling in forms, using our services and contacting us, and that we learn about you from our business interactions, communications and dealings with you.

 

• We collect personal data automatically: when we receive and store certain types of information automatically, such as whenever you interact with the Sites or use the services:

 

• this personal data does not necessarily reveal your identity directly but may include information about the specific device you are using, such as the hardware model, operating system version, web-browser software (e.g., Firefox, Safari, or Internet Explorer) and your Internet Protocol (IP) address/MAC address/device identifier.

 

• we automatically receive and record personal data from your web-browser/DMALINK application, including: how you came to and used the services and Sites; your IP address; GPS location; device type and unique device identification numbers; device event information (e.g., crashes and system activity); broad geographic location (e.g., country or city-level location); and other technical data collected through cookies, pixel tags and other similar technologies that uniquely identify your web-browser.

 

• we may also collect information about how your device has interacted with our Sites, including pages accessed and links clicked. We may use identifiers to recognize you when you arrive at the Sites via an external link, such as a link appearing on third party Sites.
   

• For specific GDPR information of "Google" (our domain, cloud and email host), please visit this third party page. 
   

• For specific GDPR information for "WIX" (our web hosting provider), please visit this third party page. 

 

Please refer to the DMALINK Cookie Policy for more information about our use of cookies.

 

• We collect personal data from others: when we obtain information about you from third party sources as permitted by applicable law, such as from public databases, joint marketing partners, and social media platforms:

 

• Public Databases, Credit Bureaus & ID Verification Partners: in order to comply with our legal obligations, such as AML laws, and to prevent and detect fraud and market abuse, we obtain personal data from public databases and ID verification partners for the purposes of verifying your identity. ID verification partners use a combination of government records and publicly available information about you to verify your identity. Such personal data includes your name, address, job role, public employment profile, credit history, status on any sanctions lists maintained by public authorities, and other relevant personal data. In some cases, we may process additional personal data to ensure our services are not used fraudulently or for other illicit activities.

 

• Resellers, Joint Marketing Partners, and Social Media Platforms: we collect personal data about your publicly available social media profile, interests or preferences, and page-view information from third parties.

 

• We process such personal data to promote and optimize our services.

 

5.  WHO WE SHARE YOUR PERSONAL DATA WITH

 

We disclose your personal and non-personal aggregated and anonymised data for the purposes set out above:

 

• to other members of DMALINK including employees, directors;

• to service providers who host our sites or other information technology systems on our behalf, under strict conditions of confidentiality and security;

• to business partners, professional advisors, suppliers and sub-contractors for the performance of any contract we enter into with them or the organization that you represent;

• to organizations and individuals involved in events that DMALINK participates in;

• to your colleagues within the organization that you represent; and

• in exceptional circumstances:

• to competent regulatory, prosecuting and other governmental agencies, or litigation counterparties, in any country or territory;

• to third parties as part of a reorganization, sale, merger or joint venture of any other part of DMALINK; and

• where we are required by law to disclose.

 

Please note that third parties you interact with, including your employer, may have their own privacy policies, and DMALINK is not responsible for their operations, including, but not limited to, their personal data practices. Personal data collected by third parties, which may include contact details, is governed by their privacy practices. We encourage you to learn about the privacy practices of those third parties.

 

6. RETENTION OF YOUR PERSONAL DATA

DMALINK will retain your personal data for as long as is necessary for the purposes of our business relationship with you, to perform our contractual obligations to you and, if longer, as required for legal and regulatory purposes.

 

We have established internal policies for the deletion of personal data in accordance with our legal and regulatory obligations.

 

7. INTERNATIONAL TRANSFER OF PERSONAL DATA

 

DMALINK is headquartered in the United Kingdom with offices in London and Ebene, Mauritius. We and our service providers do not store, transfer and process your personal data outside of United Kingdom. All personal data is stored in the United Kingdom only. 

 

Where we disclose personal data to fulfil legal obligations as set out in section 5, these disclosures may include transfers to countries outside the UK, which do not have similarly strict data privacy laws and may afford a lower standard of personal data protection.

 

In those cases where we transfer personal data we will ensure that, where applicable, approved data transfer agreements are used, designed to ensure that your personal data is protected.

​

European Customers based in the EEA

​

The personal information that we collect from you may be sent, stored at, and used in a country outside the European Economic Area (EEA consisting of EU, Norway, Iceland & Liechtenstein) which may not offer the same level of protection as the EEA. It may also be processed by staff operating outside the EEA who work for us, one of our suppliers, introducers, business partners, agents or subcontractors. By submitting your personal data, you agree to this transfer, storing and processing.

​

Customers from the rest of the World

​

The data that we collect from you may be stored in a jurisdiction that is different to the country in which the specific DMALINK entity you are dealing with is registered and established. It may also be transferred outside of the country in which the specific DMALINK entity you are dealing with is registered and established, and processed by staff operating in another country but who are nevertheless employed by us, one of our suppliers, Introducers, business partners, agents or sub-contractors. By submitting your personal data, you agree to this transfer, storing and processing.

​

In both cases above, we will take all steps reasonably necessary to ensure that your personal information is treated securely and in accordance with our legal obligations and standards. Where this is not possible and we are required to disclose your personal information, for example because we are required by law to disclose your personal information, we will do this in accordance with applicable legal and regulatory obligations. You may contact us anytime using the contact details below if you would like further information on such safeguards.

 

8. YOUR RIGHTS IN RESPECT OF PERSONAL DATA

​

Subject to certain legal conditions, you have certain rights in relation to your personal information. Generally speaking, all customers of  DMALINK have the right to ask us not to process your personal data for marketing purposes. We will usually inform you before collecting your data if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us using the email gdpr@dmalink.com 

​

We will respond to any requests referenced above within twenty-eight (28) days of receipt. If we require more information from you, or if your request is unusually complicated, we may require more time and will inform you accordingly. We will not usually charge you a fee for a request. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.

 

In the limited circumstances where we act as data controller, EU citizens have certain data protection rights, including:

• the right to access your personal data;

• the right to restrict the use of your personal data;

• the right to have incomplete or inaccurate data corrected;

• the right to ask us to stop processing your personal data; and

• the right to require us to delete your personal data in some limited circumstances.

 

From 25 May 2018, you also have the right in some circumstances to request for us to "port" your personal data in a portable, re-usable format to other organizations (where this is possible).

 

 

• SECURITY

 

Whilst DMALINK takes appropriate technical and organizational measures to safeguard the personal information that you provide, no transmission over the Internet can ever be guaranteed secure. Consequently, please note that the security of any personal information that you transfer over the Internet to DMALINK cannot be guaranteed.

​

We will implement and maintain the appropriate technical and organizational measures to keep your personal information secure and to protect it from damage, loss, alteration, unauthorized access or disclosure, unlawful or accidental destruction. For example, we will use the following types of measures, where appropriate: (i) encryption of personal information, (ii) back-up servers and facilities, (iii) testing, and (iv) ongoing monitoring of the effectiveness of security measures. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

 

 

• HOW TO CONTACT US

 

We welcome questions, comments and requests regarding this data privacy notice and our processing of your personal data. You can contact us at gdpr@dmalink.com.

 

You can also complain about our processing of your personal data to the relevant data protection authority. In the UK, the relevant data protection authority is the Information Commissioner's Office (ICO).

 

DMALINK is registered with the Information Commissioner’s Office under registration number ZA091953.