Last updated: 10 October, 2018
We will process all your Personal Data in accordance with the Data Protection Act (Chap. 440 of the Laws of Malta) (the “Act”) and applicable law. Please note:
- we need to ensure your identity before we can release, change or remove information;
- law, regulation and compliance may affect what we are allowed to do or not;
- being anonymous does not equate to being unaccountable.
Updates to this policy are indicated by a newer effective date.
We (DQR) obtain personal data about you from various sources to provide, manage, protect and improve our services and the information we provide to you. You may be a visitor to one of our websites, a user of our services or someone who has contacted us.
We actively seek to minimise the amount of personal data we collect, process and/or retain. Where this is unavoidable for technical, legal or protective reasons, we have implemented measures to ensure we explain clearly at the point of collection what information we collect, why we require it and ensure your consent is gained explicitly before we use the provided information.
Your information is only accessed, used and maintained by authorised staff for the purpose expressed at the time of collection, and is erased where permitted by law and regulation as soon as it is no longer required.
compliant with the EU/EC 2016/679 General Data Protection Regulation (“GDPR”) and actively assist our providers and partners in maintaining the same standards.
2. Personal data we collect
2.1 Personal data that we collect directly from you
- When you register for a DQR-X account, we are required to collect certain personal information to perform “Know your Customer” (KYC), Anti Money Laundering (AML) and Combating the Financing of Terrorism (CFT) screening;
- When you contact us, we collect your name and contact details so we can reply. We also log the IP address of your request to assist site security;
- When you provide contact details we may offer you the option to opt-in for marketing or surveys. When you respond to emails or surveys, we will retain your email address, name and any other information you have opted to share with us;
- If you contact us as a DQR-X user, we may require personal information to confirm your identity before we are able to assist;
- We retain transaction and trading activity information for reasons of compliance;
- Personal Information you give us. You may give us personal information by filling in forms on our Site or by sending your CV or other documentation. The personal information you give us may include your name, address, e-mail address and phone number, personal description, photograph, employment history and other relevant information;
- Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our Site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number;
- Personal Information from third parties. We may also acquire Personal Information about You from third parties to further personalize and enhance your experience.
- Our security and fraud prevention measures will, separately, collect data such as IP addresses, time of access and activity. These logs are retained and analysed for security and fraud, and are not accessible to anyone but security staff and/or partners we use for this specific purpose. In case of abuse, we reserve the right to correlate such data with personal information and may even be legally compelled to do so.
We believe in informed choice. When we ask for personal information we will always inform you why we require the information, what we will do with it, ask your permission to retain it and offer information about your rights and options in relation to our retention and handling of information.
2.2 Information that we collect automatically
- Browser and device data, such as IP address, device type, operating system and Internet browser type, screen resolution, operating system name and version, device manufacturer and model, language, plug-ins, and add-ons;
- Usage data, such as time spent on the services, pages visited, links clicked, language preferences, and the pages that led or referred you to our services.
We use Matomo (formerly “Piwik”) for website statistics, which anonymises traffic and respects browser “Do Not Track” settings – when detected, only our separate security facilities will retain information about your visit and activities.
3. How and why we use personal data
DQR does not sell personal data and will only share personal information (with your permission) with partners where required or permitted by law.
We use personal data only as outlined below.
3.1 Our services
In order to access our services, you will need to subscribe. We will require your personal details for KYC/AML screening, and will monitor trade activities with their associated ID reference to fulfil our legal and regulatory obligations.
Backups, long term storage and archive facilities for personal data deploy encryption to prevent unauthorised access.
Information and statistics can be shared in anonymised form with third parties and partners we trust. Under no circumstances will personally identifiable information be shared or used for any other purpose than indicated at the time of collection without permission of the user concerned.
3.2 Service related communication and marketing
In order to keep you up to date on services and facilities, we may occasionally write to you via email. We will inform you of service-relevant information such as changes in legislation or maintenance outages.
Upon registration, you were given the opportunity to opt in to Marketing messages signalling new and/or improved features. This low volume communication remains optional, and will always contain a link to opt out facilities.
3.3 Third Parties
We share personal data with service providers who assist us in ensuring compliance and protection. Such service providers are only permitted to use your personal data as necessary to perform services on our behalf or comply with legal requirements. We require such service providers to contractually commit to protecting the security and confidentiality of personal data they process on our behalf.
We also share personal data with business partners, suppliers, and sub-contractors when this is necessary for the performance of any contract we enter into with you or third parties or to provide our services to our users. Examples of third parties to whom we may be required to disclose personal data are banks and payment method providers when we provide services interacting with fiat currency.
Third Parties may include individuals or organizations outside the EEA, including countries which may not provide legal protection of Personal Data which is equivalent to the protection provided in Malta. In such cases we endeavour to undertake the necessary procedures to safeguard the data being transferred. Details of the individuals, organizations and countries involved will be provided on request.
3.4 Corporate reorganisation
In the event that we enter into, or intend to enter into, a transaction that alters the structure of our business such as a reorganisation, merger, sale, joint venture, assignment, transfer or change of control of all or a portion of our business, assets or stock, we may migrate personal data to this new structure if we can perform this without materially changing the protection of personal data and its permitted use.
3.5 Compliance and legal requirements
For reasons of compliance and protection, we must retain records of your KYC/AML screening and transaction data.
We only share personal data as required:
- to comply with applicable law and regulation;
- to enforce our contractual rights;
- to enforce out Terms & Conditions
- to protect the rights, privacy, safety and property of DQR, you and other users; and
- when formally and correctly requested by courts, law enforcement agencies, regulators or other public and government authorities.
DQR strictly adheres to the law, which includes laws explicitly protecting your right to privacy.
4. Your rights
You have choices regarding our use and disclosure of your personal data. To the extent permitted by law, data subjects retain their rights to access, rectify or, in appropriate circumstances, erase any inaccurate, incomplete or immaterial Personal Data which is being processed.
4.1 Opting out of receiving electronic communications from us
If you no longer want to receive marketing communication from us, you may opt out via the unsubscribe link included in such emails. We will try to comply with your request as soon as reasonably practicable. Please note that if you opt out of receiving marketing emails from us, we may still send you important administrative messages that are required to provide you with our services and comply with applicable laws.
4.2 Seeing and/or changing personal data
If you would like to review, correct, or update personal data that you have previously disclosed to us, you may do so by contacting us.
4.3 The process for exercising your rights
The Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. Assuming we indeed hold information about you, we will comply with your request to the extent required by applicable law but, for your protection, may need to verify your identity before responding to your request.
For your information, we hereby repeat what rights you have under the GDPR regarding offering personal information to organisations.
4.4 Your formal rights under EU GDPR
As an EU resident or citizen you have the right to:
- Be informed of the fair use of your data;
- Request access to your data at any time;
- Request that your information is corrected;
- Receive your data in a machine-readable format;
- Request that your data is erased;
- Request a restriction on processing of your data;
- Object to processing of your data;
- Not be subjected to automated data profiling.
Please note that your request and regulatory and/or legislative demands may collide.
5. Security, retention and breaches
We make extensive efforts to protect your personal information. We maintain legal, structural, technical and operational measures to protect your personal data against unauthorised access, destruction, loss, alteration or misuse.
Please note that regular email is an unsecure medium and we cannot accept responsibility for its privacy or security. To protect your communication, please use our webforms, especially if you request access to your information. If you have a service account with us, we can make our reply accessible to you from within your account.
If you have reason to believe that your account has been breached, please contact us immediately. Please have alternative means of identification ready as we are otherwise unable to assist.
If you are a DQR-X user, we retain your personal data as long as we are providing the services to you. We retain personal data after we cease providing services to you to the extent necessary to comply with our legal and regulatory obligations and for the purpose of fraud monitoring, detection and prevention. We also retain personal data where data retention is mandated by the banking and payment methods that we use. Where we retain data, we do so in accordance with applicable law.
When we detect a possible security breach, we will use your personal contact information to notify you as soon as possible. Please note that we are required by law to report security and privacy breaches to regulatory bodies.
6. Links to other companies and websites
Services and information may provide links to other companies and websites. As these operate independently of us, they will have their own privacy and security policies – we cannot accept liability or responsibility for their content, any use of these websites or the privacy practices of the operators of those other companies and websites.
To facilitate easy management of your personal data, use the “Contact” section at https://www.dqr-group.com/contact/ to contact us.