This policy explains your rights and how and for which purposes your data is collected.

This policy applies to all customers and users that use the mobile applications or have access to the DIF Broker’s websites, or that interact with DIF Broker through any other mean (for instance, social networks).

This policy defines our firm compromise to protect your personal data, thus we recommend the reading and acceptance of our privacy and data protection policy before continuing to navigate on the DIF Broker’s websites.

This privacy policy was updated on 20 September 2018.

1. Identification of the social entity responsible for the file

Accordingly to the provisions on REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND COUNCIL of 27 April 2016 on the protection of physical individuals regarding the personal data processing and free movement of data (hereinafter GDPR), we inform that the personal data collected or sent to DIF Broker shall be processed by the following Data Processing Officer:

Name: DIF BROKER – SOCIEDADE FINANCEIRA DE CORRETAGEM S.A
Registered office: Rua António Cardoso, no. 601-613, Lj 8, 4150-083 Oporto
Country: Portugal
Telephone: +351 211 201 595
E-mail: RGPD@difbroker.com
Address (office): Av. da Liberdade No. 244- 4º 1250-149 – Lisbon
N.C.P.I: 504.767.640
Object: Financial Intermediation and auxiliary services
Registries in Portugal: CMVM No. 276, Bank of Portugal No. 225.

Who is the Data Protection Officer of DIF BROKER, and how is it possible to contact them?

The Data Protection Officer is the individual responsible for protecting the fundamental right to the personal data protection on DIF BROKER , who undertakes the regulatory compliance of data protection. You may contact the Data Protection Officer of DIF BROKER through the following email address: Contact of the Data Protection Officer: RGPD@Difbroker.com

2. General privacy principles

When we collect and process your personal data, the following practical principles are applied:

The personal data is processed fairly, legally and transparently.
The personal data is collected for specific, explicit and legitimate purposes and is not processed through an incompatible way to such purposes.
The personal data is adequate, relevant and limited to the necessary concerning the purposes for which it is processed.
The personal data must be accurate and updated. The inaccurate data shall be updated or deleted.
The personal data must remain on an identifiable format until no longer necessary.
The personal data is safely stored through the adequate and efficient technical and organizational measures against non-authorized or illegal processing and against its loss, destruction or accidental damage, through the application of adequate technical or organizational measures (“integrity and confidentiality”).
We undertake the data protection principles of the images or others collected.

3. How your personal data is collected and used.

Directly provided by you: You may visit our website without identifying yourself or revealing any personal data about you. Nevertheless, to offer you a complete service, the most frequent action is to collect personal data. For instance, we collect data about you when you carry out a consultation of information through the contact forms or when we grant you access to an account. This type of data collected may include your email address, name and surnames, address and phone number.
From cookies: We may also collect data from the “cookies” stored on your computer or mobile device. The cookies are small files stored on the hard disk or memory of your electronic device. To learn more about the use and purpose of the cookies we use, you may consult the cookies policy at www.difbroker.com Nevertheless, you may alter the options on your web browser to stop accepting cookies or to be asked before accepting cookies on the websites you visit. However, if you do not accept cookies, it is possible that you may not use all our services.
From the Registries: We may register some data and store it on our registry files when you interact with our Services. This data may include the Internet Protocol (IP) or other device addresses or identification numbers, as well as the type of browser, Internet services supplier, etc.

4. When may we request your personal data

1. When you request information about our products and services.

2. When you carry out consultations through the contact form.

3. When you carry out consultations through the Chat service.

4. When you attend seminars, events or courses organized by DIF Broker.

5. When any services and/or products offered by DIF Broker are requested.

Purposes for which we process your personal data

At DIF BROKER, we process the necessary data to manage and optimize our Services and commercial relationships with our customers and users. Besides, we shall also use this information to send you advertisings that may interest you, regarding the products, news, offers and discounts.

The data collected shall be processed with the following purposes:

5.1 Processing purpose of contractual or pre-contractual data

1. Customer Service

To manage the products and services the User holds, requests or hires with DIF BROKER implies the customer service through the administrative, requests, invoicing, commission control management and any other necessary to maintain the relationship with the customer.

Proceed and register of users on the DIF BROKER www.difbroker.com, to allow the access to the user’s account, namely to the DIF Freedom negotiation platform to carry out financial transactions.

The legal basis of the processing is the execution of a provision of financial intermediation services agreement which covers: broking, non-independent financial consulting or portfolio management, accordingly to the terms and conditions established on the agreement entered between the parties.

The data is necessary for the provision of services, otherwise they may not be provided.

2. Support and captation of Potential Customers

The data shall be processed to send information concerning the service or product requested by the DIF BROKER’s, potential customer. If the offer presented is accepted, your data shall be processed for the establishment of a contractual relationship as a new DIF BROKER’s customer.

5.2 Data processing purpose based on the pre-contractual consent

1. Newsletter or news report management aiming to carry out regular commercial communications on the news, publications, events and other information concerning DIF BROKER’s activities for the interested non-customers. Nonetheless, to ensure that the users receive the communications which are best adapted to their preferences, we proceed to the elaboration of commercial and marketing profiles, aiming to adequate the commercial communications to the above-mentioned preferences and needs.

5.3 Purpose based on the legal obligations.

1. Call recording. The telephone call recording aims to maintain the service quality and their registry to verify the communications carried out through this mean. The legal basis of the processing is the compliance with the legal obligations under the provisions on the following European standards:

Directive 2006/73/EC (MiFID I)

Directive 2014/65/EU (MiFID II)

Delegated regulation (EU) 2017/565 (miFIR)

5.4 Purpose based on the legitimate interest

1. Assist and answer the communications or requests through email or contact form of the website www.difbroker.com. The legitimate interest is grounded on the existence basis of an interest shown by the concerned party to be contacted in order to receive our information, with a reduced intrusion on their privacy and limitation of data use (contact data).

2. Record the telephone calls aiming to maintain the service quality and their registry to verify the communications carried out through this mean. The prevalent legitimate interest of the telephone calls aims to ensure and keep an evidence of the veracity and integrity of the data provided by the User through this mean. As the reception, transmission and execution of customers’ orders are usually established through this mean, there is a need to store these records to keep the integrity of the information bound to a specific date, avoiding mistakes and misunderstandings that may prejudice any of the parties. Therefore, the legitimate interest is based on the need to prove a conversation on a legal procedure or to be used as a mean of proof on a dispute between the parties.

3. Newsletter or news report management aiming to carry out regular commercial communications on the news, publications, events and other information concerning DIF BROKER’s activities for the interested customers. Nonetheless, to ensure that the users receive the communications which are best adapted to their preferences and needs, DIF BROKER proceeds to the elaboration of commercial and marketing profiles, aiming to adequate the commercial communications to the above-mentioned preferences and needs.

The Legitimate Interest is grounded and based on:

The existence of a previous contractual relationship with the concerned party;

The reasonable expectation by the concerned party to receive these communications;

The elaboration of a Marketing profile with a light detail and completeness level which does not cause legal effects on the concerned party or is not significantly affected similarly;

The system of voluntary exclusion of the above-mentioned communications, simple to use and where you may exercise it on every communication;

4. Proceed to provide information by Chat to the questions asked by the Users. The legitimate interest is grounded on the existence basis of an interest shown by the concerned party to contact us through the online chat, where there is a reduced intrusion on their privacy and limitation of data use (contact data).

5. Communicate the data with other companies of the DIF BROKER Group. The company has a legitimate interest in transmitting your personal data within their business group with internal administrative purposes that allows to optimize the Group resources.

6. Data Processing

6.1 Data processing of Customer Users

6.2 Data Processing of Potential Clients

7. Personal data storage criteria

1. The data shall be stored even after the termination of the contractual relationship. Generally, the personal data shall be stored and duly blocked for 10 years due to the Directive of Money Laundering and Terrorism Funding and to the prescription terms of the legal obligations or during the prescription of the legal or judicial actions applicable. When the legal prescription terms end, your data shall be permanently deleted and destroyed.

2. The data processed for direct marketing purposes shall be indefinitely stored until the user decides on the voluntary exclusion of the sending of advertisements.

3. The chat tickets data of the website shall be automatically stored for 120 days after the date of closure.

8. To which recipients shall your data be communicated?

DIF BROKER does not undertake the selling of your personal data. We consider your data a vital part of our commercial bond. However, in certain circumstances, we may be obliged to share your personal data with third parties, namely:

8.1 Recipients established within the EU

– Banks, savings banks and rural banks: for the provision of services to the customers.

– Tax authority (TA): for the compliance with the TA obligations, inclusively retention agents and simple information.

– Administrative and consulting services of the company: services provider hired by DIF BROKER.

– IT Consulting Services: services provider hired by DIF BROKER.

– Negotiation platforms of financial markets: services provider hired by DIF BROKER.

– Transferable Securities Market Committee: on the performance of their inspection and supervision functions.

– Other companies of the DIF Broker group located on the EU: DIE BROKER has a legitimate interest in transmitting your personal data within their business group with internal administrative purposes.

– Housing Services: services provider hired by DIF BROKER.

– On sale, merge, purchase or similar transactions: If DIF Broker is fully or partially involved on these procedures, the customer or user shall be notified via email and/or warning on our website about the transfer and any decision that may impact their data.

– The exercise or defence of claims or when the courts act on their legal function: in certain circumstances, the disclosure of personal data may be mandatory as it is subject to a legal request, order or citation.

– Non-Identifiable Aggregated Data: we may share aggregated or other non-personal data which does not directly identify you to third parties to improve your general experience concerning our services’ offer.

8.2 International Data Transfers

1. For the management and customer service outside the usual days and working hours in Portugal, Spain and in specific situations when it is necessary to assist our customers, the data shall be communicated to our branch in Uruguay: DIF Markets Agente de Valores S.A., which standard applicable to the data protection is equivalent to the EU accordingly to the Decision 2012/484/EU of the Commission on 21 August 2012.

2. Platform for the management of marketing emails, Mailchimp: to carry out the sending of advertising and service promotion information, we inform that the contact data provided by you shall be transferred outside of the EU to the Mainchimp servers (provider of the marketing communication by email management platform) belonging to Compañia Rocket Science Group. This company is covered by the Privacy Shield agreement between the EU and the USA, ensuring the safety of your personal data. To learn more, click on the following link: link

3. Fort the management of the website’s chat, the data shall be transferred to the company Zendesk where DIF BROKER hires their virtual infrastructure which contemplates the online chat management accordingly to the “computer on the cloud” model through the Zendesk services belonging to Organización Zendesk, Inc., under the binding corporative standards (BCR), accordingly to article 47 of the Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016, approved and known as Zendesk Binding Corporative Rules (“Zendesk BCR”), which establish the adequate protection of the personal data and are legally binding for the entire Zendesk Group. To learn more here.

9. Sending and registry of personal data

The sending of personal data is mandatory accordingly to the purposes provided on number 5. If you do not provide the personal data requested or do not accept this data protection policy, it implies the impossibility to subscribe, sign in or receive information of the products and services offered by DIF BROKER.

10. Safety measures adopted regarding personal data processing

DIF BROKER informs the Users and Customers that it implements and applies adequate technical and organizational safety mechanisms and measures to ensure an appropriate risk level on the personal data processing.

To do so, DIF BROKER is based on an objective assessment, having identified, analysed and assessed the probability and impact risks for the individuals’ rights and freedoms (risk assessment phase) and, subsequently, DIF BROKER, on the risk processing phase, applied the adequate and efficient safety mechanisms and measures to eliminate or mitigate the risks identified on the risk assessment phase. Appropriate and efficient technical and organizational measures were indeed adopted to mitigate the risks concerning the destruction, loss or accidental/illegal alteration of the personal data transferred, stored or processed in any other way, or the non-authorized access to such personal data.

Likewise, DIE BROKER ensures to the user the compliance with the duty of professional secrecy, confidentiality and respect for the users’ personal data, as well as with the right to be duly saved.

11. Rights of the concerned party

The user may manage and direct their communications and exercise his/her rights (of access, update, correction, opposition, to be forgotten, limitation and portability) accordingly to the requirements imposed by the regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016 on the protection of individuals, personal data processing and free movement of data.

On all our operational transactions regarding your privacy, DIF Broker endeavours to comply with the current standards. The following table lists the important rights of the concerned party:

How can you exercise your data protection rights?

To exercise your rights, you must send your request to DIF Broker SA, Av. da Liberdade 244-4º 1250-149 – Lisbon – Portugal, or through the following email address: RGPD@difbroker.com where you should indicate the following subject “GPDR DIF Broker. You should specify about which of the rights you need to be clarified, annexing a copy of the Citizen Card or equivalent identification document. If you are acting as an authorized representative, you shall also annex the document which justifies this quality, as well as the representative’s identification document.You may find a minute on:

The website of the Portuguese Data Protection Agency on the following website: www.cnpd.pt

DIF Broker: RGPD@difbroker.com

12. Processing of special personal data categories – convictions and legal infringements

On the filling of free text domains, it is prohibited the insertion of personal data which reveal the ethnical or racial origin, the political opinions, the religious or philosophical beliefs or the syndical affiliation, and the generic data processing, biometrical data aimed to clearly identify an individual, data concerning health or sexual life or orientation of an individual, as well as your personal data concerning convictions and legal infringements. If you insert any data concerning the above-mentioned aspects on any of our forms or through email, they shall be immediately deleted for our data systems as they are not necessary nor relevant for the purposes established on the data processing.

13. Forwarding to other websites

On certain situations, there are links to other websites, but these websites are not under our control. Therefore, DIF Broker shall not be responsible for any problem arising from the use of your personal data, the website content or the services that might be offered on those websites. Thus, we recommend you consult the privacy policy as well as the terms and conditions of each website you are sent to, in order to check how that supplier shall process your data.

14. Data quality

Aiming to comply with the privacy principles, specially concerning data quality DIFBROKER informs that you should only provide your own personal data and not from someone else, unless you are their legal representative. Therefore, to optimize the data quality, we need you to submit your correct, updated, accurate and true data.

If the data provided are from a third party who you do not represent or if the data provided from you or from a third party you do not represent are deemed false, faulty, not updated or inadequate, you shall be responsible for any direct or indirect damage caused to third parties or to DIF BROKER.

The data provided by the User indicated with an asterisk (*) are the ones strictly necessary to constant the User. The fact you do not provide more data than the strictly necessary never implies a service quality loss.

15. Data of minors or disabled individuals

The use of the Service is not allowed to minors, therefore if you are under 16 years old, we ask you to renounce the use of our web services.

DIF BROKER may also request additional data or documents to verify the potential customer’s age.

16. Data update

The User is the only personal data source, therefore DIF BROKER requests that, aiming to maintain your data updated at any moment, accordingly to the GRPD principles, you communicate to the below indicated address, namely for the rights of access, correction, to be forgotten and opposition, any data alteration with its activity purpose on the entity represented in order to cancel and/or process them.

17. Consent for advertisement sending

DIF BROKER shall not send advertising or promotional communications by email or other equivalent electronic communication mean, which have not been previously requested or expressly authorised by their recipients with their acceptance consent mentioned on this privacy policy or through the authorization methods used by DIF BROKER.

In the case of users with a relationship previous to the entry into force of the GPDR, DIF BROKER is authorized to send commercial communications concerning their products and services similar to the initially agreed by the customer. Anyway, the user may request the voluntary exclusion to not receive commercial information through the Customer Service channels, proving their identity and requesting the withdrawal of their email from the database.

Your personal data shall be stored indefinitely on our data systems to carry out trade campaigns of the company’s products and services, whenever you do not exercise your right of opposition to advertisement sending.

17. Social Media

If the User is a fan, follower or similar of our company on the different social media, within the context of this processing, it must be considered that DIF BROKER may only consult or eliminate your data in a restricted way due to a specific profile. Any data correction or limitation shall be carried out through the confirmation of your own user profile on the social media. As default, the User consents the following:

a) The processing of their personal data within the context of the social media and accordingly to their Privacy Policies..

b) The DIF BROKER’s access to the data contained on your profile or biography, depending on its setting and privacy on each social shall be more or less broad.

c) That the news published on our events or our commentaries may appear on your wall or biography.

d) To receive communication on your products/events.

If you want to stop following us, on your social network, you must click on the “Unfollow” or “Stop Following” option.

18. Alteration of this privacy policy

DIF BROKER reserves the right to alter this policy due to future legal news or jurisprudence, as well as sector practices. We previously inform the users of any alteration to this policy.

The continuous use of DIF BROKER by the User shall be deemed a ratification of this document, with the modifications and alterations added.

For the above-mentioned reasons, DIF BROKER reserves the right to fully or partially alter or interrupt the Service, regardless the sending of a notification to the User. DIF BROKER shall not be responsible before the User of third parties if the right to alter or interrupt the DIF BROKER Service is exercised.