How we protect and manage your personal
The purpose of this Privacy Notice is to explain how Dimtech collect and use personal information in connection with our business. “Personal information” means information about a living individual who can be identified from that information (either by itself or when it is combined with other information). We may update our Privacy Notice from time to time, by communicating changes to you and publishing the updated Privacy Notice on our website.
We would encourage you to visit our website regularly to stay informed of the purposes for which we process your information and your rights to control how we process it. The information we process Depending on the services you have ordered, or you are interested in, we collect and process different kinds of personal data. We will limit the collection and processing of information to information necessary to achieve one or more legitimate purposes as identified in this notice. Personal information may include:
- basic personal information, including name and address, date of birth, KYC documents (including a copy of your national identity card or passport), phone number and contact details;
- financial information, including account and transactional information and history;
- professional information about you, such as your job title and work experience;
- your knowledge of and experience in investment matters;
- any records of phone calls between you and Dimtech;
- where applicable, details of your nomination of a mandate;
- identifiers we assign to you, such as your client or broker account number, including for accounting purposes; In some cases, we collect this information from public registers (which, depending on the product or service you receive, may include beneficial ownership and other registers), public administration or other third-party sources, such as wealth screening services, credit reference agencies and fraud prevention agencies.
Once you have given us your consent you can withdraw it at any time, unless there is another legal reason under Data Protection Laws that allows us to process your information. Please note that if you withdraw your consent, we might not be able to provide you with specific services or products. You can withdraw your consent at any time by getting in touch with us using the contact details at the end of this notice.
Sharing with third parties
We will not share your information with anyone outside of Dimtech except:
- where we have your (or your agent’s) express or implied permission;
- where required for your product or service;
- where we are required to by law or by law enforcement agencies, judicial bodies, government entities, tax authorities or regulatory bodies around the world;
- with third parties providing services to us, such as market analysis and benchmarking, correspondent banking, and agents and subcontractors acting on our behalf, such as the companies which print any account statements;
- with other firms to help trace funds where you are a victim of suspected financial crime and you have agreed for us to do so, or where we suspect funds have entered your account as a result of a financial crime;
- with credit reference and fraud prevention agencies;
- with third party guarantors or other companies that provide you with benefits or services (such as insurance cover) associated with your product or service;
- where required for a proposed sale, reorganisation, transfer, financial arrangement, asset disposal or other transaction relating to our business and/or assets held by our business;
- in anonymised form as part of statistics or other aggregated data shared with third parties; or
- To meet our duties to regulators, we may allow authorised people to see our records (which may include information about you) for reporting, compliance and auditing purposes. For the same reason, we will also hold the information about you when you are no longer a customer.
Transferring information overseas
We may transfer your information to organisations in other countries provided that the organisation to whom we pass it protects it in the same way we would and in accordance with applicable regulations which shall include Financial Conduct Authority (“FCA”) and Prudential Regulation Authority (“PRA”)
Rules, the rules of any other relevant regulatory authority or exchange and any applicable laws, rules, procedures, guidance, codes, standards and regulations (including, without limitation, accounting rules and anti-money laundering and sanctions legislation) in force from time to time (“Applicable Regulations”). In the event that we transfer information to countries outside of the EEA (which consists of countries in the European Union as well as Iceland, Liechtenstein and Norway), we will only do so where:
- the European Commission has decided that the country or the organisation we are sharing your information with will protect your information adequately; or
- the transfer has been authorised by a relevant data protection authority; or
- we have entered into a contract with the organisation with which we are sharing your information (on terms approved by the European Commission) to ensure your information is dequately protected.
Communication about your account
If you are a customer of ours or act on behalf of a customer of ours, we will contact you with information relevant to the operation and maintenance of your account or the account of our customer with whom you are associated (including updated information about how we process your personal information), by a variety of means including post and/or telephone or other electronic communication approved by our communications policy. If you change your contact details at any point in the future, you should tell us promptly about those changes. Electronic communications and telephone conversations between us and you may be monitored and/ or recorded for training purposes, internal investigations, to check instructions, for legal reasons or to meet Applicable Regulations. Those recordings may be used by us in evidence in the event of a dispute with you or our customer with whom you are associated. A copy of the recordings of such conversations and communications between us and you will be available to you upon request for a period of five years and in some cases, where requested by the FCA or another relevant regulatory authority, for a period of up to seven years.
Fraud prevention agencies
We may access and use information from fraud prevention agencies at the start of our relationship with a customer and periodically to:
- prevent criminal activity, fraud and money laundering;
- check the identity of the customer and its representatives and owners and verify the accuracy of the information you provide to us; If false or inaccurate information is provided and/or fraud is identified or suspected, details will be passed to fraud prevention agencies. Law enforcement agencies and other organisations may access and use this information.
A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. Fraud prevention agencies can hold your information for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years. When fraud prevention agencies process your information, they do so on the basis that they have a legitimate interest in preventing fraud and money laundering, to verify identity and in order to protect their business and/or to comply with laws that apply to them.
Our legal basis for using your personal information
We only use your personal information where that is permitted by the laws that protect your privacy rights. We only use personal information where:
- we have your consent (if consent is needed);
- we need to use the information to comply with our legal obligations;
- we need to use the information to perform a contract with you; and/or
- it is fair to use the personal information either in our interests or someone else’s interests, where there is no disadvantage to you – this can include where it is in our interests to contact you about products or services, market to you, or collaborate with others to improve our services. Where we have your consent, you have the right to withdraw it. We will let you know how to do that at the time we gather your consent. Special protection is given to certain kinds of personal information that is particularly sensitive. This is information about your health status, racial or ethnic origin, political views, religious or similar beliefs, sex life or sexual orientation, genetic or biometric identifiers, trade union membership or criminal convictions or allegations.
We will only use this kind of personal information where:
- we have a legal obligation to do so (for example to protect vulnerable people);
- it is necessary for us to do so to protect your vital interests (for example if you have a severe and immediate medical need whilst on our premises);
- it is in the substantial public interest;
- it is necessary for the prevention or detection of crime;
- it is necessary for insurance purposes; or
- you have specifically given us explicit consent to use the information.
How long we keep your information
By providing you with products or services, we create records that contain your information, such as customer account records, and activity records. Records can be held on a variety of media (physical or electronic) and in different formats. We manage our records to help us to serve our customers well (for example for operational reasons, such as dealing with any queries relating to your account) and to comply with legal and regulatory requirements. Records help us demonstrate that we are meeting our responsibilities and serve as evidence of our business activities. Retention periods for records are determined based on the type of record, the nature of the activity, product or service and Applicable Regulations. We normally keep customer account records for a defined period after your relationship with Dimtech. Retention periods may be changed from time to time based on business or legal and regulatory requirements. We may, on exception, retain your information for longer periods, particularly where we need to withhold destruction or disposal based on an order from the courts or an investigation by law enforcement agencies or our regulators. Security Dimtech takes your privacy seriously and takes every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place. Data is held in the United Kingdom using different (multiple) cloud-based servers. Dimtech does not store personal data outside the EEA. Data Protection Officer We have appointed a Data Protection Officer to advise us about our data protection obligations and to monitor compliance.