Loading...

LEGAL

 

DATA PROTECTION POLICY

  • Who is the controller?
    DIF Broker – Empresa de Investimento, SA.

1. Data Protection Policy

DIF Broker – Empresa de Investimento, SA. (hereinafter “DIF BROKER”) is committed to protecting the personal data of its Clients and Users of its website and, in this context, has prepared this Policy, which is underpinned by its commitment to comply with the legal rules on privacy and protection of personal data.

 This Personal Data Protection Policy informs the data subject of the processing processes to which personal data is subject. All personal data are collected and processed in strict respect and compliance with the provisions of the personal data protection legislation in force at all times, namely Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”) and Portuguese Law No. 58/2019, of 8 August 2019 (Enforcement Law), as well as Directive 2002/58/EC of the European Parliament and of the Council, of 12 July 2002 (Directive on privacy and electronic communications) and Law No. 41/2004, of 18 August. 

DIF BROKER adheres to best practice in the area of security and protection of personal data and for that purpose has adopted the necessary and appropriate technical and organisational measures to ensure compliance with the legislation on the protection of personal data and to ensure that the processing of personal data is lawful, fair, transparent, and limited to the purposes intended.

Similarly, DIF BROKER has adopted, and otherwise regularly updates, the measures it considers appropriate to ensure the accuracy, integrity, and confidentiality of personal data, and all the rights of data subjects.

This Policy also applies to all Clients and Users of mobile applications or who access DIF BROKER websites or who interact with DIF BROKER by any other means, including through social networks, digital communication channels and multi-platform instant messaging and voice call applications or otherwise. 

This policy is in addition to the provisions, with respect to the protection and processing of personal data, set forth in the agreements entered or to be entered into by Clients with DIF BROKER, as well as the rules set forth in the terms and conditions governing the provision of the various services, which are duly publicized on DIF BROKER’s websites. 

2. Controller

In accordance with the provisions of Regulation (EU) 2016/679, of 27 April 2016 (GDPR), the controller is the natural or legal person, public authority, agency or other body which, individually or jointly with others, determines the purposes and means of processing personal data. For all due purposes and under the terms set out below, the quality of controller is assumed by DIF Broker – Empresa de Investimento, SA.

Controller DIF Broker – Empresa de Investimento, SA.
Legal form Public Limited Company
Taxpayer Number 504767640
Portuguese Classification of Economic Activities by Industry 66120 – Activities of trading on behalf of others in securities and other financial instruments
Activity Its main activity is the provision of the following services and investment activities:
a) Receipt and transmission of orders on behalf of third parties;
b) Execution of orders on behalf of others;
c) Management of portfolios on behalf of others;
d) Investment advice.
It also provides the following auxiliary activities:
a) Preparation of investment studies, financial analysis or other generic recommendations related to operations in financial instruments;
b) Advice on capital structure, industrial strategy and related issues, as well as on mergers and acquisitions of companies;
c) Registration and deposit of financial instruments.
Registrations in Portugal CMVM No. 276, Bank of Portugal No. 225
Headquarters Avenida 24 Julho, nº 74 a 76, 1200-869 LISBOA , Portugal
Telephone contact +351 21 120 1595
E-mail suporte@difbroker.com
Website https://www.difbroker.com/en/

3. Data Protection Officer (DPO)

The Data Protection Officer plays an important role in the processing of personal data, ensuring, among other things, the verification and monitoring of compliance of data processing with the legislation in force,
verifying compliance with this Data Protection Policy and defining clear rules for the processing of personal data, ensuring that all those who entrust the processing of their personal data to the Data Protection Officer
are aware of how DIF Broker handles them and what rights they have in this regard.

Thus, the owners of personal data, if they wish, may address a communication to the Data Protection Officer, for matters relating to the processing of personal data, using the following contact details: RGPD@difbroker.com 

4. Legal principles applicable to the processing of personal data

In processing personal data, DIF BROKER acts in compliance with and in respect of the following legal principles:

  • Lawfulness, Fairness and Transparency: personal data is processed lawfully, fairly, and transparently;
  • Purpose Limitation: personal data is collected for specific, explicit, and legitimate purposes and not processed in a way incompatible with those purposes.
  • Data Minimisation: personal data is adequate, relevant, and limited to what is necessary in relation to the purposes for which it will be processed.
  • Accuracy Principle: personal data must be accurate and up to date. Inaccurate data shall be updated or deleted.
  • Storage Limitation Principle: Personal data shall be kept in a form which permits identification of the data subjects for no longer than is necessary for the purposes for which they are processed, without prejudice to the application of longer conservation periods in compliance with legal obligations.
  • Integrity and Confidentiality Principle: personal data shall be kept secure by means of appropriate and effective technical and organisational measures against unauthorised or unlawful processing and against accidental loss, destruction, or damage by means of the application of appropriate technical or organisational measures.
  • Accountability Principle: DIF BROKER is responsible and liable for compliance with these principles and must be able to prove it.

5. Concepts and definitions

The following concepts and definitions are used in the terms of this Personal Data Protection Policy:

TABLE 1- PERSONAL DATA PROTECTION POLICY CONCEPTS AND DEFINITIONS

Clients

Clients” means all natural persons who have entered into, or are in the process of entering into, a contractual relationship with DIF BROKER, including not only current purchasers of its services but also any natural person who is considered a potential purchaser of its services.

Personal Data

Personal data is considered to be all information about Clients and users that falls under the definition provided by the provisions of paragraph 1 of Article 4 of the General Data Protection Regulation.

Enforcement Law

Law No. 58/2019, of 8 August 2019, which ensures the implementation, in the national legal order, of Regulation (EU) 2016/679 of the Parliament and of the Council, of 27 April 2016.

Controller

The entity that determines the purposes and means of the processing of personal data, as defined in Article 4(7) of the General Data Protection Regulation.

General Data Protection

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of personal data (General Data Protection Regulation)

Processor

Legal or natural person who processes personal data on behalf of the controller, as defined in Article 4(8) of the General Data Protection Regulation.

Processing

Processing” of personal data means any operation performed upon personal data or sets of personal data, whether by automated or non-automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction as defined in Article 4(2) of the General Data Protection Regulation.

Users

For the purposes of this Personal Data Protection Policy, “Users” means all natural persons who visit or otherwise access the website of the Data Controller. 

Website

It refers to DIF BROKER’s website at https://www.difbroker.com and its subdomains, provided that they are controlled or maintained by DIF BROKER. 

6. Collection and processing of personal data 

Personal data, the object of processing by DIF BROKER, is obtained in the following ways: 

  • Directly from the data subject: DIF BROKER collects personal information from its Clients by telephone (where the Client or potential Client contacts DIF BROKER for information regarding its services) or in writing (by sending an e-mail or by submitting forms available on DIF BROKER’s website that the Client or potential Client has completed, including account opening forms, contact forms, WhatsApp forms, or newsletter subscriptions). 
  • Through the use of cookies: DIF BROKER collects information through the use of cookies stored on users’ devices. Cookies are small text files that are stored on the disk or in the memory of the device accessing the website. For more information on the use and purposes of cookies please see our Cookie Policy. 
  • Through logs: DIF BROKER may use logs relating to your website activity to record and store certain types of information when you interact with our services. This information includes Internet Protocol (IP) log and other identifying information or numbers, as well as browser type and Internet service provider.
  • Through processors: in compliance with the legal obligations to which it is bound, DIF BROKER needs to carry out a number of procedures relating to the prevention of money laundering and the financing of terrorism and, for this purpose, will obtain Clients’ personal data relating to criminal convictions and offences. 

7. Cases in which our website requests personal data 

  1. DIF Broker may request personal data through its website in the following situations:
  2. When the data subject requests information about our products and services.
  3. When the data subject submits questions or other requests via the contact form.
  4. When the data subject contacts DIF Broker via WhatsApp Chat.
  5. When the data subject signs up for DIF Broker’s trading simulation platform.
  6. When the data subject requests help, guides, or video tutorials on DIF Broker’s trading platform. 
  7. When the data subject enters into a financial services contract with DIF Broker or determines certain orders to be executed by DIF Broker. 
  8. When the data subject participates in seminars, courses or other events promoted by DIF Broker. 
  9. When the data subject requests any services or products that are provided by DIF Broker. 

8. Purposes of the processing  

DIF Broker processes personal data that is necessary to manage and optimize its products and services and its commercial relations with its Clients and users. In addition, DIF Broker uses the information generated by Clients and users to send you and inform you of commercial offers that best suit your interests and are related to its products and services. 

The personal data processed by DIF Broker is intended to achieve the following set of purposes:

8.1.Contractual necessity

Client management

The following specific purposes are understood in the field of Client management: management of products and services under contract between the Client and DIF Broker; management and Client service; administrative management; order management; invoicing; management and control of payments; invoicing and compliance with diligences, even after the end of the investment contracts, due to corporate events that took place within the scope thereof.

If the Client chooses to operate in markets outside the European Union (EU) or the European Economic Area (EEA), DIF Broker may, within the scope of inquiries or requests addressed, have to transmit to these markets, their representatives and respective supervisors, personal data and other information associated with the Client, for purposes relating to the fight against fraud and the investigation of financial crimes.

In this context, the following specific purposes also underlie the processing of personal data: registration of users on the DIF Broker website in order to complete the process of opening a user account and access to the trading platform for carrying out financial transactions. 

The basis for the lawfulness of data processing is the conclusion of a contract for the provision of financial intermediation or portfolio management services, under the terms and conditions set out in the contract between DIF Broker and the Client. 

The personal data collected are only those necessary for the provision of the corresponding services and which are indispensable for the services to be provided. 

 

User registration and processing on DIF Broker’s trading platform

The data processing that takes place in this context aims to complete the user registration process on the DIF Broker trading simulation platform, in order to enable the user to carry out financial transactions in simulation mode. 

The legal basis for the processing of data is the conclusion of a contract for the provision of financial intermediation or portfolio management services, under the terms and conditions set out in the contract between DIF Broker and the Client. 

The personal data collected are only those necessary for the provision of the corresponding services and which are indispensable for the services to be provided. 

 

Management of potential Clients

The data processing that takes place in this context is intended to present to the potential Client the offer of services and products requested by the latter and to manage the business relationship between the parties. If the potential Client accepts the services and products presented by DIF Broker, his personal data will be processed for contract management purposes, and he will become a new Client of DIF Broker. 

The legal grounds for the processing of data correspond to the performance of pre-contractual due diligence, based on the request submitted by the potential Client or, alternatively, on the proposal for services submitted by DIF Broker. 

8.2. Purposes based on the consent of the data subject 

The basis of lawfulness of data processing corresponding to the consent given by the data subject shall be used, without prejudice to the free withdraw thereof, to achieve the following set of specific purposes. 

  1. Respond to requests and applications submitted by the data subject via email, contact form, WhatsApp chat, or any other communication channels of DIF Broker. 
  2. To contact the data subject in order to advertise DIF Broker’s product and service offering. 
  3. Manage the sending of written or audiovisual content to the data subject. 
  4. Manage the data subject’s subscription to DIF Broker’s Youtube channel in order to be notified of new publications, videos, events, or any other information related to DIF Broker’s activity. 

8.3. Legal Obligations 

The basis of lawfulness of data processing corresponding to the need to compliance with legal obligations applicable to DIF Broker aims to enable the following set of purposes to be achieved:

  1. Record telephone calls in order to comply with applicable legislation, ensuring in particular that it is possible to verify the integrity of communications made and interactions with the data subject, in compliance with the legislation in force. 
  2. Conducting due diligence for the prevention of money laundering and the financing of terrorism;
  3. Compliance with diligence measures to prevent market abuse; 
  4. Reporting to national and international supervisory bodies on DIF BROKER;  5) Reporting to tax and administrative authorities;  6) Provision of information in court proceedings. 

8.4. Purposes which relate to the legitimate interest of DIF Broker 

The basis for the lawfulness of data processing corresponding to the legitimate interest pursued by DIF Broker is to enable the following set of purposes to be achieved:

  1. 1. record telephone calls in order to manage and assess the quality of its services and ensure the integrity of contacts made by this means. The prevailing legitimate interest is based on the need to ensure and verify the integrity of the information provided by telephone contact, given the fact that the reception, transmission, and execution of Client orders carried out by this means imply the need to keep the telephone record in order to ensure the integrity of the information provided. Likewise, in case of dispute between the Parties, the call record is essential as a means of evidence in case of dispute between the parties, allowing to prove the facts and allegations that may be made by DIF Broker in the context of exercising its right of defence or right to action. 
  2. Communication of Clients’ personal data to the other entities of the groups in order to optimise their internal resources.  
  3. Management of the newsletter, commercial communications, and other communications with data subjects, such as the dissemination of news, publications, events, and other information related to the activity of DIF Broker. Likewise, the data processing aims to ensure that the commercial communications initiated with the data subject are adequately tailored to their interests and preferences, particularly for purposes of presentation and dissemination of products and financial instruments, written and audiovisual content, and operations performed on the trading platform. The data subject may at any time withdraw his or her consent if he or she chooses to no longer receive communications and other commercial contacts from DIF Broker.
  4. Aggregating and transmitting information and news relating to financial markets via instant messaging services or multi-platform applications to which data subjects may freely subscribe, withdraw, or exercise their right to object to the processing at any time.

9. Personal data to be processed 

9.1. Processing of Clients’ personal data 

DIF BROKER, within the scope of its business activities and in compliance with the data minimization principle, processes personal data strictly necessary for the provision of the services contracted with its Clients. Such personal data falls into the following categories:

    a.Identification: this category includes personal data such as name, photograph, address, telephone contact, e-mail address, gender, nationality, and place of birth.

    b.Data relating to the Client’s economic and financial situation: this includes personal data relating to the income obtained and transactions made by the holders, as well as their financial and personal assets. 

    c.Tax-related data: this data includes the owner’s tax-related data, including the tax identification number, the Social Security Identification Number (NISS), the tax address, as well as contributions and withholdings for tax declaration purposes.

    d.Commercial information: this category encompasses all information that is generated by the interaction between the Client and DIF Broker, namely, information on the Client’s preferences and types of investment, financial products, and assets in which he/she is interested, and investor profile.  

    e.Transactions in goods and services: this category includes data on the value on account and types of financial products traded.

    f.Academic and professional data: this category of personal data includes data such as the holder’s curriculum vitae, profession/category, employer, sector of activity and level of education.

    g.Household data: this category includes data such as marital status, household composition and identification of household members as PEP (Politically Exposed Person).

h.Data on interests and preferences: this category includes demographic data, Client preferences, webinars attended, and communications (chat).

    i.Voice recordings: this data comprises the recordings of calls and the other information that is discussed in this particular context.

    j.Data relating to criminal convictions and offences: under this category personal data relating to criminal convictions and offences are collected.

    k.Bank information: this category includes the personal data subjects’ bank, financial and related data, such as the IBAN (International Bank Account Number).

9.2. Processing potential client´s personal data 

DIF BROKER, within the scope of its business activities and in compliance with data minimization principle, processes personal data strictly necessary for carrying out pre-contractual procedures with potential Clients. Such personal data falls into the following categories:

    l.Identification: this category includes personal data such as name, photograph, address, telephone contact, e-mail address, gender, nationality, and place of birth.

    m.Commercial information: this category covers all information that is generated by the interaction between the potential Client and DIF Broker, namely, information on the preferences and types of investment of the potential Client, financial products, and assets in which he or she is interested, and investor profile.  

    n.Data on interests and preferences: this category includes demographic data, the preferences of potential Clients, webinars attended, and communications (chat).

10.Retention Period

The period of time during which personal data is stored and retained varies depending on the specific purposes for which they are required. Some of the retention periods derive directly from the Law, which imposes an obligation to retain personal data for a minimum period of time. Thus, and whenever there is no specific legal requirement, the data will be stored and kept only for the minimum period necessary for the pursuit of the purposes that motivated their collection or their subsequent processing, under the terms defined by law.

In the context of the personal data processing activities carried out by DIF BROKER, it is possible to identify the following time periods for storing personal data or the criteria that serve as a reference for their materialization: 

  • 30 days: messages sent via WhatsApp chat on the website opened by Clients, potential Client or Users will be stored and kept for a period of 30 days. 
  • 3 years: in the case of newsletters or other promotional communications, the personal data used for this purpose will be kept for a period of 3 years, or alternatively, until the moment in which the holder chooses to withdraw their consent or to oppose the processing of their data. 
  • 7 years: the Client’s personal data that has been collected in compliance with legal obligations relating to measures against money laundering and terrorist financing will be kept for a period of 7 years after the Client account is closed, as provided for in article 51 of Law Lei n.º 83/2017, de 18 de Agostoda . 
  • 10 years: Client data will be kept for a minimum period of 10 years for the purposes, among others, of recording accounting transactions, preparing accounting information, and preparing tax reports and reports to other supervisory entities. 
  • 20 years: the personal data of Clients, necessary for the purposes of validity, effectiveness and evidential value of electronic documents and the digital signature shall be kept for a minimum period of 20 years, as provided for in Decree-Law 290-D/99 of 2 August.
  • 20 years: the personal data of Clients, collected in the contractual context, are kept for a maximum period of 20 years, for the purposes of exercising the different procedural rights that DIF BROKER enjoys.
  • For the period corresponding to the period of the contractual relationship with the Client: in all other cases where no specific minimum storage period has been defined, Clients’ personal information will be kept for the minimum period corresponding to the period of the contractual relationship between DIF BROKER and its Clients. 

11. Data processing by third parties (Processors) 

As part of its business, DIF BROKER uses processors to provide certain services. In this context, the provision of services involves access to Client information by such processors. In such cases, DIF BROKER has implemented appropriate measures to ensure that third parties having access to such data comply with the obligations imposed by the GDPR and offer the highest possible guarantees to protect the rights and freedoms of data subjects. In compliance with the provisions of Article 28(3) of the GDPR, the terms and conditions of data processing by third parties are objectively defined by means of a data protection agreement that binds both parties. 

Accordingly, all processors are required to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, namely against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure, or access and against all other unlawful forms of processing.

In any case, DIF BROKER remains responsible for the personal information made available to its processors. 

For the purpose of the preceding paragraphs, DIF Broker uses the following categories of processors located in the European Union (EU) or the European Economic Area (EEA): 

  • Computer consulting services: service provider contracted for technical and computer support.
  • Administrative and business advisory services: provider of contracted services for administrative and business support and management.

Trading platforms in financial markets: service provider contracted to provide access for Clients to different financial markets.

  • Digital communication services: service provider contracted to supply and maintain the digital platforms for communication and interaction with Clients and potential Clients.

DIF Broker also uses the following categories of processors are located outside the European Union (EU) or the European Economic Area (EEA):

  • Business and IT consulting services: providers of technical and IT support services located in the United States of America, India and Switzerland, with data transfers being carried out pursuant to an adequacy decision (article 45 of the RGPD) and under the standard data protection clauses adopted by the European Commission and additional and appropriate security measures adopted (Article 46 of the RGPD).

Digital communication services: service provider hired to supply and maintain digital platforms for communication and interaction with Clients and potential Clients located in the United States of America, in relation to which the standard data protection clauses adopted were regularly ratified by the European Commission and additional and appropriate security measures adopted.

12. Recipients to whom the personal data are disclosed 

DIF Broker does not market its Clients or potential Client´s personal data, as it considers such information to be an essential part of its relationship with the respective data subjects. However, there are circumstances in which, for legal reasons or for reasons relating to DIF BROKER’s organizational structure, it is necessary to communicate personal information of Clients and potential Clients to third parties, in accordance with the following terms. 

12.1. Recipients located within the European Union 

Personal data is shared with the following entities or categories of entities in compliance with various legal regulations governing its activities, including regulations concerning the prevention, detection and reporting of money laundering operations or suspicious transactions: 

  • Banking institutions and authorised credit institutions: for the purpose of collecting the amounts referring to the services provided to the Client.
  • Autoridade Tributária e Aduaneira (Portuguese Tax Authority) and Agencia Tributaria (Spain Tax Authority): for the purposes of compliance with tax and fiscal obligations applicable to DIF Broker’s activity.
  • Sale, merger, or acquisition of operations: in the event of a merger, acquisition or sale of all or part of the assets of DIF Broker, personal data of Clients and prospective Clients may be transmitted to the acquiring entity pursuant to the merger, acquisition or sale agreement or contract. 
  • Courts of Law: DIF Broker may, for the purposes of formulating, exercising, or defending its legally protected rights and interests, transmit personal data of its Clients or potential Clients to courts acting in their judicial capacity, or similarly may transmit personal data of its Clients by virtue of the receipt of a court order or intimidation. 
  • Securities and Exchange Commission (CMVM) and Comisión Nacional del Mercado de Valores (CNMV): under certain legal circumstances, and for the purposes of reporting suspicious transactions, DIF Broker may need to transmit personal data of its Clients or potential Clients to the CMVM and to the CNMV.
  • Central Bureau of Investigation and Prosecution, Judicial Police or Financial Intelligence Unit (FIU): for the purposes of combating money laundering and terrorist financing, DIF Broker may need to transmit personal data of its Clients or potential Clients to different criminal law enforcement agencies. 

12.2. Recipients located outside the territory of the European Union (international transfers of personal data) 

DIF BROKER will only transfer personal data to third parties outside the European Union or the European Economic Area in the following cases: 

  • Entities of the DIF Broker group: Clients’ personal data are transmitted to entities of the DIF Broker group, located in third countries for which it is verified that there is a Where the third-party entities are established in third countries for which there is an adequacy decision adopted by the European Commission under Article 45 of the GDPR; 
  • Supervisory entities from third countries and other market management entities: the Clients’ personal data may be communicated and transmitted to supervisory authorities, market management entities and/or centralized system, issuing companies and other intermediaries in the chain of intermediation, in relation to any securities and financial instruments held by the Clients, including shares of companies issuing shares admitted to trading on a regulated market, and may also be transmitted to the supervisory authorities linked to the capital markets that supervise such securities, instruments financial institutions, markets and settlement systems, based, in the absence of an adequacy decision adopted by the European Commission under the terms of article 45 of the RGPD, the provisions of paragraph b) and d) of paragraph 1 of article 49 .º of the GDPR, as appropriate. 
  • Third Countries tax authorities: the Clients’ personal data may be transmitted to tax authorities in third countries with which information exchange schemes are in place and to other financial institutions and entities that manage or provide services related to the platform online trading, with the provisions of paragraph d) of paragraph 1 of article 49 being applicable, article 96 of the RGPD is also applicable.
  • USA tax entity (US IRS): As a qualified intermediary (Qualifed Intermediary), DIF Broker transmits to the Internal Tax Service (IRS) data and information of the clients that have received  dividends provided for holding securities of entities subject to the US market or that have made investments or hold shares of entities operating in that market. In conjunction with the provisions of paragraph d) of paragraph 1 of article 49, article 96 of the RGPD is also applicable.Transmission and registration of personal data.

13. Security measures for the processing of personal data 

The transmission of personal data by the Clients or potential Clients is mandatory for the purposes described in paragraph 8 of this Data Protection Policy. Failure to provide the personal data requested makes it impossible to subscribe, register, contract or receive information regarding the products and services provided by DIF Broker. 

14. Transmission and Register of Personal Data

DIF BROKER has implemented the appropriate technical and organisational mechanisms and security measures to ensure an adequate level of risk in the processing of personal data. 

For such purposes, DIF BROKER used an objective assessment to identify, analyse and evaluate the risks, likelihood and impact on the rights and freedoms of individuals (risk assessment stage) and, accordingly, DIF BROKER had implemented timely and effective mechanisms and security measures to eliminate or mitigate the risks identified in the risk assessment stage. In particular, appropriate, and effective technical and organisational measures are adopted to mitigate the risks of accidental or unlawful destruction, loss or alteration of personal data transmitted, stored or otherwise processed, or unauthorised access to such personal data. 

Likewise, DIF BROKER guarantees to data subjects that they will comply with the duty of professional secrecy, confidentiality, and respect for their personal data. 

15. Data subjects’ rights

Data subjects, Clients, and potential Clients, enjoy, under the terms of the General Data Protection Regulation, the following framework of rights. 

Rights

Description

Right to withdraw consent

Where consent is used as the legal basis for data processing, the data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of data processing carried out until then pursuant to that consent.

Right to Information

The data subject shall have the right to receive, among others, information about the identity of the person responsible for processing the personal data; the purposes and grounds for processing the personal data; the terms and time limits for storing the personal data; the rights he or she enjoys and the specific manner in which these can be exercised; and the existence or non-existence of automated decisions concerning his or her data.

Right of Access

The data subject shall have the right to obtain confirmation from DIF BROKER as to whether or not personal data is being processed, including, among other things, the purposes of the processing, the categories of personal data concerned by the processing, the storage periods and related criteria, and the existence of automated decisions. The right of access shall also include the right to have direct access to such personal data.

Right to Rectification

The data subject shall have the right to obtain from the controller the rectification of personal data which are incorrect and to request that incomplete personal data be completed.

Right to Erasure (Right to be forgotten)

The data subject has the right to obtain the erasure of personal data, provided that there are no other valid grounds which justify, under the Law, the conservation of such data, and whenever:

  1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; 
  2. the processing of personal data is based on the consent of the data subject, and the data subject withdraws this consent, there being no other legal grounds for the processing;
  3. the data subject exercises his/her right to object to the further processing of his/her personal data and no other legal ground justifies the continued processing of the personal data; 
  4. personal data has been unlawfully processed.

Right to restriction of processing

The data subject shall have the right to obtain from DIF BROKER the restriction of the processing of personal data or the suspension of processing activities where one of the following situations arises: 

  1. The accuracy and correctness of personal data is challenged by the data subject, requiring data processing activities to be suspended for the period necessary for DIF BROKER to confirm the accuracy of such data; 
  2. The processing of personal data is unlawful, and the data subject requests the restriction of the data processing instead of requesting the erasure of the data. 

Right to data portability

The data subject shall have the right to receive the personal data provided to DIF BROKER in a digital format for common use and automatic reading, as well as the right to request the direct transmission of his/her data to any other data controller.

Right to object

The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to processing of personal data concerning him or her, in particular where his or her data are processed for the purposes of direct marketing.

Right not to be subject to automated decisions

The data subject shall have the right not to be subject to a decision taken solely on the basis of automated processing of his or her personal data, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

Without prejudice to the provisions of personal data protection legislation, the data subject may exercise any of their rights, directly or by written request, to DIF BROKER through the following means and contacts:

  • By email: RGPD@difbroker.com
  • By post: DIF BROKER SA, Avenida 24 Julho, nº 74 a 76,1200 – 869 LISBOA, Portugal
  • By phone: +351 211 201 595

Right to lodge a complaint

If the User or the Client considers that the processing of their personal data is carried out in breach of the legal provisions regulating data processing, they have the right to lodge a complaint under the terms of articles 77 and 79 of the General Data Protection Regulation.

Notwithstanding the possibility of lodging complaints directly with DIF BROKER through the contacts provided for such purpose, the User or the Client may lodge a complaint with the Control Authority, the National Commission for Data Protection (CNPD), using the contacts provided by that entity for such purpose.

DIF BROKER Contacts:

  • By email: RGPD@difbroker.com
  • By post: DIF BROKER SA, Av. da Liberdade Nº 244-4º, 1250-149, Lisbon
  • By phone: +351 211 201 595

16. Processing of special categories of personal data 

On the forms made available by DIF BROKER on which the respective fields may be freely filled, the insertion of personal data revealing ethnic or racial origin, political opinions, religious or philosophical beliefs or trade union membership and the processing of genetic data, biometric data for the purpose of uniquely identifying an individual, health data or data relating to an individual’s sex life or sexual orientation, as well as personal data relating to criminal convictions and offences, are expressly prohibited. Should the User or potential Client enter any information regarding the aforementioned aspects into any of our forms or via email, such data will be immediately deleted from our information systems, as they are neither necessary nor relevant for the purposes described under the terms of this data protection policy. 

17. Redirection to other websites 

Any redirection or hyperlinks from the DIF BROKER website to third-party websites are beyond our control. Accordingly, DIF BROKER shall not be liable for any problems arising from the use of third-party websites, in particular for the purposes of processing personal data. DIF BROKER therefore recommends that you consult the privacy policy and terms and conditions of each website to which the User or potential Client is redirected. 

18. Quality of personal data 

The personal data provided by the User and the potential Client must be correct, up to date, accurate and factual and correspond solely to their person, except when a third party is lawfully and regularly able to legally represent the User or potential Client. 

In the event that third-party personal data is supplied, or false, fictitious, or non-existent data is provided, DIF BROKER reserves the right not to process such data, or to delete or otherwise destroy it. 

In compliance with the principle of minimization of personal data, provided for in the provisions of Article 5.1 c) of the GDPR, the personal data requested from the User or potential Client, indicated with an asterisk (*), shall be strictly necessary for the fulfilment of the respective purposes. In no event shall the fact that the User or potential Client does not provide more data than strictly necessary for the fulfilment of the respective purposes have any consequence whatsoever, nor shall it affect the quality of the service provided. 

19. Incapacitated persons and minors 

The supply of services made available by DIF Broker is expressly prohibited to persons under 18 years of age and to persons declared incapable under civil law. 

DIF BROKER may request additional information or documentation for the purpose of verifying the age or capacity of the prospective Client.

20. Social networks, digital channels, and multiplatform applications 

DIF BROKER operates different social media accounts as well as fan pages on different social networks operated by different social media providers (individually: Facebook, Twitter, Instagram, and LinkedIn).

Click here, to learn more about our Social Media Data Protection Policy. 

21. Lead supervisory authority 

Comissão Nacional de Proteção de Dados (CNPD) is the national supervisory authority with powers to monitor compliance with the existing legal provisions on the protection of personal data, in order to defend and enforce the rights, freedoms and guarantees of individuals with regard to the processing of personal data.

Any data subject has the right to lodge a complaint with the National Commission for Data Protection regarding the data processing to which they are subject.

Comissão Nacional de Proteção de Dados (CNPD)

D. Carlos I, 134 – 1o, 1200-651 Lisbon

Tel: +351 213928400 – Fax: +351 213976832

E-mail: geral@cnpd.pt Website: www.cnpd.pt

22.Data protection policy updates 

DIF BROKER reserves the right to amend or modify this Personal Information Protection Policy at any time, such amendments to be duly announced in the various communication channels available through DIF BROKER.

 

Lisbon, Jan.2023