Legal
-
Privacy and Data Protection Policy
- Your privacy and safety are very important to DIF BROKER FINANCEIRA DE
CORRETAGEM S.A. (Hereinafter “DIF BROKER”)..Therefore this policy contains the
practices regarding the personal data processing on the websites owned by DIF BROKER, namely the database with the collected data and its processing, use and
disclosure.
This policy explains your rights and how and for which purposes your data is collected.
This policy applies to all customers and users that use the mobile applications or have access to the DIF Broker’s websites, or that interact with DIF Broker through any other mean (for instance, social networks).
This policy defines our firm compromise to protect your personal data, thus we recommend the reading and acceptance of our privacy and data protection policy before continuing to navigate on the DIF Broker’s websites.
This privacy policy was updated on October, 2 2019
1. Identification of the social entity responsible for the file
According to the provisions on REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND COUNCIL of 27 April 2016 on the protection of physical individuals regarding the personal data processing and free movement of data (hereinafter GDPR), we inform that the personal data collected or sent to DIF Broker shall be processed by the following Data Processing Officer:
Name: DIF BROKER – SOCIEDADE FINANCEIRA DE CORRETAGEM S.A
Registered office: Rua António Cardoso, no. 601-613, Lj 8, 4150-083 Oporto
Country: Portugal
Telephone: +351 211 201 595
E-mail: RGPD@difbroker.com
Address (office): Av. da Liberdade No. 244- 4º 1250-149 – Lisbon N.C.P.I: 504.767.640
Object: Financial Intermediation and auxiliary services Registries in Portugal: CMVM No. 276, Bank of Portugal No. 225.Who is the Data Protection Officer of DIF BROKER, and how is it possible to contact them?
The Data Protection Officer is the individual responsible for protecting the fundamental right to the personal data protection on DIF BROKER, who undertakes the regulatory compliance of data protection. You may contact the Data Protection Officer of DIF BROKER through the following email address: Contact of the Data Protection Officer: RGPD@difbroker.com
2. General privacy principles
When we collect and process your personal data, the following practical principles are applied:
When we collect and process your personal data, the following practical principles are applied:
The personal data is processed fairly, legally and transparently.
The personal data is collected for specific, explicit and legitimate purposes and is not processed through an incompatible way to such purposes.
The personal data is adequate, relevant and limited to the necessary concerning the purposes for which it is processed.
The personal data must be accurate and updated. The inaccurate data shall be updated or deleted.
The personal data must remain on an identifiable format until no longer necessary.
The personal data is safely stored through the adequate and efficient technical and organizational measures against non-authorized or illegal processing and against its loss, destruction or accidental damage, through the application of adequate technical or organizational measures (“integrity and confidentiality”).
We undertake the data protection principles of the images or others collected.3. How your personal data is collected and used.
Directly provided by you:You may visit our website without identifying yourself or revealing any personal data about you. Nevertheless, to offer you a complete service, the most frequent action is to collect personal data. For instance, we collect data about you when you carry out a consultation of information through the contact forms or when we grant you access to an account. This type of data collected may include your email address, name and surnames, address and phone number.
From cookies: We may also collect data from the “cookies” stored on your computer or mobile device. The cookies are small files stored on the hard disk or memory of your electronic device. To learn more about the use and purpose of the cookies we use, you may consult the cookies policy at www.difbroker.com. Nevertheless, you may alter the options on your web browser to stop accepting cookies or to be asked before accepting cookies on the websites you visit. However, if you do not accept cookies, it is possible that you may not use all our services.
From the Registries: We may register some data and store it on our registry files when you interact with our Services. This data may include the Internet Protocol (IP) or other device addresses or identification numbers, as well as the type of browser, Internet services supplier, etc.4. When may we request your personal data
4.1 When you request information about our products and services.
4.2 When you carry out consultations through the contact form.
4.3 When you carry out consultations through the Chat service.
4.4 When you attend seminars, events or courses organized by DIF Broker.
4.5 When any services and/or products offered by DIF Broker are requested
5. Purposes for which we process your personal data .
At DIF BROKER we process the necessary data to manage and optimize our Services and commercial relationships with our customers and users. Besides, we shall also use this information to send you advertisings that may interest you, regarding the products, news, offers and discounts.
The data collected shall be processed with the following purposes:
5.1 Processing purpose of contractual or pre-contractual data
1. Customer Service
To manage the products and services the User holds, requests or hires with DIF BROKER implies the customer service through the administrative requests, invoicing, commissions control management and any other necessary to maintain the relationship with the customer.
To Proceed and register of users on the DIF BROKER www.difbroker.com, to allow the access to the user’s account, namely to the DIF Freedom negotiation platform to carry out financial transactions.
For Digital signature of contract documentation (including the issuance of certificate) and verification of the identity of potential Customers using a qualified trust service provider pursuant to Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014. (Regulation (EU) No 910/2014). As part of the online account opening process, DIF BROKER allows potential Clients to digitally sign contractual documentation.
The legal basis of the processing is the execution of a provision of financial intermediation services agreement which covers: broking, non-independent financial consulting or portfolio management, accordingly to the terms and conditions established on the agreement entered between the parties.
The data is necessary for the provision of services, otherwise they may not be provided.
2. Support and captation of Potential Customers
The data shall be processed to send information concerning the service or product requested by the DIF BROKER’s, potential customer. If the offer presented is accepted, your data shall be processed for the establishment of a contractual relationship as a new DIF BROKER’s customer.
5.2 Data processing purpose based on the pre-contractual consente
Newsletter or news report management aiming to carry out regular commercial communications on the news, publications, events and other information concerning DIF BROKER’s activities for the interested non-customers. Nonetheless, to ensure that the users receive the communications which are best adapted to their preferences, we proceed to the elaboration of commercial and marketing profiles, aiming to adequate the commercial communications to the above-mentioned preferences and needs.
The legal basis of processing this data is the consent requested, but in no case the withdrawal of this consent will conditionate the execution of a future contract.
5.3 Purpose based on the legal obligations.
Call recording. The telephone call recording aims to maintain the service quality and their registry to verify the communications carried out through this mean. The legal basis of the processing is the compliance with the legal obligations under the provisions on the following European standards:
Directive 2006/73/CE (MiFID I)
DIRECTIVE 2014/65/UE (MiFID II)
DELEGATED REGULATION (UE) 2017/565 (MiFIR)
5.4 Purpose based on the legitimate interest
1. Assist and answer the communications or requests through email or contact form of the website www.difbroker.com. The legitimate interest is grounded on the existence basis of an interest shown by the concerned party to be contacted in order to receive our information, with a reduced intrusion on their privacy and limitation of data use (contact data).
2. Record the telephone calls aiming to maintain the service quality and their registry to verify the communications carried out through this mean. The prevalent legitimate interest of the telephone calls aims to ensure and keep an evidence of the veracity and integrity of the data provided by the User through this mean. As the reception, transmission and execution of customers’ orders are usually established through this mean, there is a need to store these records to keep the integrity of the information bound to a specific date, avoiding mistakes and misunderstandings that may prejudice any of the parties. Therefore, the legitimate interest is based on the need to prove a conversation on a legal procedure or to be used as a mean of proof on a dispute between the parties.
3. Newsletter or news report management aiming to carry out regular commercial communications on the news, publications, events and other information concerning DIF BROKER’s activities for the interested customers. Nonetheless, to ensure that the users receive the communications which are best adapted to their preferences and needs, DIF BROKER proceeds to the elaboration of commercial and marketing profiles, aiming to adequate the commercial communications to the above-mentioned preferences and needs.
The Legitimate Interest is grounded and based on:
– The existence of a previous contractual relationship with the concerned party;
– The reasonable expectation by the concerned party to receive these communications;
– The elaboration of a Marketing profile with a light detail and completeness level which does not cause legal effects on the concerned party or is not significantly affected similarly;
– The system of voluntary exclusion of the above-mentioned communications, simple to use and where you may exercise it on every communication;
4. Proceed to provide information by Chat to the questions asked by the Users. The legitimate interest is grounded on the existence basis of an interest shown by the concerned party to contact us through the online chat, where there is a reduced intrusion on their privacy and limitation of data use (contact data).
5. Communicate the data with other companies of the DIF BROKER Group. The company has a legitimate interest in transmitting your personal data within their business group with internal administrative purposes that allows to optimize the Group resources.
6. Data Procesing
6.1 Data processing of Customer Users
• Identification Data
• Economic, financial and insurances
• Commercial data
• Transaction of goods and services
• Personal characteristics
• Academic and professional
• Profession and employment details
• Social circumstances
• Interest and preferences data
• Economic profile data6.2 Data Processing of Potential Clients
• Identification Data
• Commercial data
• Personal characteristics
• Interest and preferences data7. Personal data storage criteria
1. The data shall be stored even after the termination of the contractual relationship. Generally, the personal data shall be stored and duly blocked for 10 years due to the Directive of Money Laundering and Terrorism Funding and to the prescription terms of the legal obligations or during the prescription of the legal or judicial actions applicable. When the legal prescription terms end, your data shall be permanently deleted and destroyed.
2. The data processed for direct marketing purposes shall be indefinitely stored until the user decides on the voluntary exclusion of the sending of advertisements.
3. The chat tickets data of the website shall be automatically stored for 120 days after the date of closure.
8. To which recipients shall your data be communicated?
DIF BROKER does not undertake the selling of your personal data. We consider your data a vital part of our commercial bond. However, in certain circumstances, we may be obliged to share your personal data with third parties, namely:
8.1 Recipients established within the EU
– – Banks, savings banks and rural banks: for the provision of services to the customers.
– Tax authority (TA): for the compliance with the TA obligations, inclusively retention
agents and simple information.– Administrative and consulting services of the company: services provider hired by DIF BROKER.
– IT Consulting Services: services provider hired by DIF BROKER.
– Negotiation platforms of financial markets: services provider hired by DIF BROKER.
– Transferable Securities Market Committee (“CMVM”): on the performance of their inspection and supervision functions.
– Other companies of the DIF Broker group located on the EU: DIE BROKER has a legitimate interest in transmitting your personal data within their business group with internal administrative purposes.
– Housing Services: services provider hired by DIF BROKER.
– On sale, merge, purchase or similar transactions: If DIF Broker is fully or partially involved on these procedures, the customer or user shall be notified via email and/or warning on our website about the transfer and any decision that may impact their data.
– The exercise or defence of claims or when the courts act on their legal function: in certain circumstances, the disclosure of personal data may be mandatory as it is subject to a legal request, order or citation.
– Non-Identifiable Aggregated Data: we may share aggregated or other non-personal data which does not directly identify you to third parties to improve your general experience concerning our services’ offer.
– Qualified trust service provider in accordance with the Regulation (EU) No. 910/2014) for the purpose of digital signing of contractual documentation (including the issuance of the respective certificate) and ID verification of potential clients under the process of contractual formalization.
8.2 Interantional Data Transfers
1. For the management and customer service outside the usual days and working hours in Portugal, Spain and in specific situations when it is necessary to assist our customers, the data shall be communicated to our branch in Uruguay: DIF Markets Agente de Valores S.A., which standard applicable to the data protection is equivalent to the EU accordingly to the Decision 2012/484/EU of the Commission on 21 August 2012..
2. Platform for the management of marketing emails, Mailchimp: to carry out the sending of advertising and service promotion information, we inform that the contact data provided by you shall be transferred outside of the EU to the Mainchimp servers (provider of the marketing communication by email management platform) belonging to Compañia Rocket Science Group. This company is covered by the Privacy Shield agreement between the EU and the USA, ensuring the safety of your personal data. To learn more, click on the following link: www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active
3. Fort the management of the website’s chat, the data shall be transferred to the company Zendesk where DIF BROKER hires their virtual infrastructure which contemplates the online chat management accordingly to the “computer on the cloud” model through the Zendesk services belonging to Organización Zendesk, Inc., under the binding corporative standards (BCR), accordingly to article 47 of the Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016, approved and known as Zendesk Binding Corporative Rules (“Zendesk BCR”), which establish the adequate protection of the personal data and are legally binding for the entire Zendesk Group. To learn more https://www.privacyshield.gov/participant?id=a2zt0000000TOJbAAO&status=Active%20id=a2zt0000000TOJbAAO&status=Active
4. For the management and service rendering to clients and potential clients, the controller contracts a virtual infrastructure that includes the management of a CRM (Client Relationship Management) technology platform according to a “Cloud” model through services belonging to the Zoho Corporation, provided as per the EU-US Privacy Shield – whose information is available https://www.privacyshield.gov/participant?id=a2zt0000000TOJbAAO&status=Active%20id=a2zt0000000TOJbAAO&status=Active
9. Sending and registry of personal data
The sending of personal data is mandatory accordingly to the purposes provided on number 5. If you do not provide the personal data requested or do not accept this data protection policy, it implies the impossibility to subscribe, sign in or receive information of the products and services offered by DIF BROKER.
10. Safety measures adopted regarding personal data processing
DIF BROKER. informs the Users and Customers that it implements and applies adequate technical and organizational safety mechanisms and measures to ensure an appropriate risk level on the personal data processing.
To do so, DIF BROKER. is based on an objective assessment, having identified, analysed and assessed the probability and impact risks for the individuals’ rights and freedoms (risk assessment phase) and, subsequently, DIF BROKER. on the risk processing phase, applied the adequate and efficient safety mechanisms and measures to eliminate or mitigate the risks identified on the risk assessment phase. Appropriate and efficient technical and organizational measures were indeed adopted to mitigate the risks concerning the destruction, loss or accidental/illegal alteration of the personal data transferred, stored or processed in any other way, or the non-authorized access to such personal data.
Likewise, DIF BROKER. ensures to the user the compliance with the duty of professional secrecy, confidentiality and respect for the users’ personal data, as well as with the right to be duly saved.
11. Rights of the concerned party
On all our operational transactions regarding your privacy, DIF Broker endeavours to comply with the current standards. The following table lists the important rights of the concerned party:
My rights What does it mean? Right to Information The User is entitled to receive clear, concise, transparent and easy to understand information on how their personal data is used. This information is provided on number 5 of this policy Right of Access The User is entitled to access their personal data (with certain limits).
The clearly unfounded, excessive or repetitive requests may be refused.
To exercise this right, you must contact us through any of the below mentioned means.
Right to Correction You are entitled to the correct of your personal data when it is inaccurate, no longer valid or incomplete.
To exercise this right, you must contact us through any of the below mentioned means. If you already have an account, you may easily alter your data.
Right to be Forgotten On certain cases, you may request that your personal data is deleted or eliminated. It should be mentioned that this is not an absolute right as, due to legal or legitimate reasons, they may stored.
If you want your personal data to be deleted, contact us through any of the below mentioned means.
Right of opposition to direct marketing, included on the profile elaboration You may request the cancellation of the subscription to our marketing communications at any moment.
The simplest way to request the cancellation is to click at “unsubscribe” (cancel the subscription). Otherwise, you may send an email to the email address: RGPD@difbroker.com or call +351 211 201 595 To oppose to the profile elaboration, contact us through any of the below mentioned means.
Right to withdraw the consent at any moment when the data processing is based on consent If you have given your consent for some of the purposes informed and established on the above-mentioned processes, we inform that you are entitled to withdraw your consent at any moment, without affecting the processing
lawfulness, as it was based on a previous consent. To be informed about what type of processing are refer to,we suggest the revision of number 5 on this policy. If you want to withdraw your consent, contact us through any of the below mentioned means.
Right of opposition to the processing based on the satisfaction of legitimate interests The user may, at any moment, oppose to the processing of their data, when based on the satisfaction of a legitimate interest. To learn more about which consents are based on legitimate interest, we suggest the reading of number 5 of this policy.
If you want to exercise this right, contact us through any of the below mentioned means.Right to file a claim to a data control authority We inform you that if your rights or way to exercise them were not satisfied, you may file a claim before the Data Control Authority. To learn more about the rights and how to exercise them, you may go to the Portuguese Data Protection Agency and obtain the necessary information on the following website: www.cnpd.pt .
Please contact us through the below mentioned means before filing your claim to the competent authority on data protection matters. Our complaints department may assist you.
Right to data portability The user is entitled to receive the personal data which are charged to them and already provided to us, on a structured format, of common use and mechanical reading, so that it may be transferred to another entity responsible for the processing, whenever the processing is based on the execution of a contract or consent and carried out by automatized means. To learn more about which processing are included on the consent, we suggest the reading of number 5 of this policy.
To get more information, contact us through any of the below mentioned means..
Right of processing limitation authority The user is entitled to request the limitation of their data processing. If this right is exercised, the processing of your data are subject to certain limitations, therefore we may store them, but we may not use or process them
This right may only be exercised on specific circumstances, defined by the GDPR, such as:
• That the concerned party contests the accuracy of their personal data, during the term which allows the responsible to check its accuracy;
• That the processing is illegal or the concerned party opposes to the suppression of personal data and requests its use limitation.
• Opposes the suppression of personal data and instead requests its use limitation;
• That the responsible entity does not need the personal data for processing purposes, but the concerned party needs it for the defence of claims.
• That the concerned party has opposed to the processing due to article 21, paragraph 1), whenever the legitimate reasons of the responsible entity prevail over the concerned party’s interests.If you want to exercise this right, contact us through any of the below mentioned means.
Right to desactivate cookies At any moment, the User may deactivate the Cookies. As a rule, the setting of Internet browsers is available, by default, to accept the use of Cookies. Nonetheless, they may be easily deactivated through the alteration of the browser’s settings. Most cookies are used to improve the functionality of the websites and, for this reason, if they are deactivated, you may not fully or partially use the services offered through our web and may encounter some problems on the website use or login.
If you want to limit or block all the cookies established by our webs (which may prevent you from using certain parts of the web) or by other webs/applications, you may do so through your browser’s settings.
How can you exercise your data protection rights?
To exercise your rights, you must send your request to DIF Broker SA, Av. da Liberdade 244-4º 1250-149 – Lisbon – Portugal, or through the following email address: RGPD@difbroker.com where you should indicate the following subject “GPDR DIF Broker. You should specify about which of the rights you need to be clarified, annexing a copy of the Citizen Card or equivalent identification document. If you are acting as an authorized representative, you shall also annex the document which justifies this quality, as well as the representative’s identification document.You may find a minute on:
The website of the Portuguese Data Protection Agency on the following website: https://www.cnpd.pt/
12. Processing of special personal data categories – convictions and legal infringements
On the filling of free text domains, it is prohibited the insertion of personal data which reveal the ethnical or racial origin, the political opinions, the religious or philosophical beliefs or the syndical affiliation, and the generic data processing, biometrical data aimed to clearly identify an individual, data concerning health or sexual life or orientation of an individual, as well as your personal data concerning convictions and legal infringements. If you insert any data concerning the abovementioned aspects on any of our forms or through email, they shall be immediately deleted for our data systems as they are not necessary nor relevant for the purposes established on the data processing.
13. Forwarding to other websites
On certain situations, there are links to other websites, but these websites are not under our control. Therefore, DIF Broker shall not be responsible for any problem arising from the use of your personal data, the website content or the services that might be offered on those websites. Thus, we recommend you consult the privacy policy as well as the terms and conditions of each website you are sent to, in order to check how that supplier shall process your data.
14. Data quality
Aiming to comply with the privacy principles, specially concerning data quality DIF BROKER informs that you should only provide your own personal data and not from someone else, unless you are their legal representative. Therefore, to optimize the data quality, we need you to submit your correct, updated, accurate and true data.
If the data provided are from a third party who you do not represent or if the data provided from you or from a third party you do not represent are deemed false, faulty, not updated or inadequate, you shall be responsible for any direct or indirect damage caused to third parties or to DIF BROKER.
The data provided by the User indicated with an asterisk (*) are the ones strictly necessary to constant the User. The fact you do not provide more data than the strictly necessary never implies a service quality loss.
15. Data of minors or disabled individuals
The use of the Service is not allowed to minors, therefore if you are under 18 years old, we ask you to renounce the use of our web services.
DIF BROKER may also request additional data or documents to verify the potential customer’s age.
16. Data update
The User is the only personal data source, therefore DIF BROKER requests that, aiming to maintain your data updated at any moment, accordingly to the GRPD principles, you communicate to the below indicated address, namely for the rights of access, correction, to be forgotten and opposition, any data alteration with its activity purpose on the entity represented in order to cancel and/or process them.
17. Consent for advertisement sending
DIF BROKER shall not send advertising or promotional communications by email or other equivalent electronic communication mean, which have not been previously requested or expressly authorised by their recipients with their acceptance consent mentioned on this privacy policy or through the authorization methods used by DIF BROKER.
In the case of users with a relationship previous to the entry into force of the GPDR, DIF BROKER is authorized to send commercial communications concerning their products and services similar to the initially agreed by the customer. Anyway, the user may request the voluntary exclusion to not receive commercial information through the Customer Service channels, proving their identity and requesting the withdrawal of their email from the database.
Your personal data shall be stored indefinitely on our data systems to carry out trade campaigns of the company’s products and services, whenever you do not exercise your right of opposition to advertisement sending.
18. Social Media
If the User is a fan, follower or similar of our company on the different social media, within the context of this processing, it must be considered that DIF BROKER may only consult or eliminate your data in a restricted way due to a specific profile. Any data correction or limitation shall be carried out through the confirmation of your own user profile on the social media. As default, the User consents the following:
• The processing of their personal data within the context of the social media and accordingly to their Privacy Policies..
• The DIF BROKER’s access to the data contained on your profile or biography, depending on its setting and privacy on each social shall be more or less broad.
• That the news published on our events or our commentaries may appear on your wall or biography.
• To receive communication on your products/events.
• If you want to stop following us, on your social network, you must click on the “Unfollow” or “Stop Following” option.
19. Alteration of this privacy policy
DIF BROKER reserves the right to alter this policy due to future legal news or jurisprudence, as well as sector practices. We previously inform the users of any alteration to this policy.
The continuous use of DIF BROKER by the User shall be deemed a ratification of this document, with the modifications and alterations added.
For the above-mentioned reasons, DIF BROKER reserves the right to fully or partially alter or interrupt the Service, regardless the sending of a notification to the User. DIF BROKER shall not be responsible before the User of third parties if the right to alter or interrupt the DIF BROKER Service is exercised.