Privacy Policy

Last Updated: May 18, 2021

Introduction
 
Digital Token Identifier Foundation (the DTIF), is committed to compliance with data protection laws and this policy (Privacy Policy) sets out our personal information gathering and sharing practices for the DTIF Service which means the provision of online digital token identifiers and includes https://dtif.org/ (The DTIF GUI).
 
By submitting your information to us, you acknowledge the processing set out in this Privacy Policy. Further notices highlighting certain uses we wish to make of your personal information together with the ability to opt in or out of selected uses may also be provided to you when we collect personal information from you.
 
Please note that if you do not provide your personal information to us, we may be limited in how we are able to provide our services to you.
 
DTIF websites may contain links to other third-party websites. If you follow a link to any of those thirdparty websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your personal information. Please check these policies before you submit any personal information to such third-party websites.
 
 
Objectives
 
This Privacy Policy is intended to explain our privacy practices and covers the following areas:
 
1. Information We May Collect About You
2. How We May Use Your Information and Legal Basis
3. Disclosure to Third Parties
4. Legal Bases
5. Transmission, Storage and Security of Your Personal Information
6. Your Rights
7. Contacting Us
8. Cookies
9. Changes to Our Privacy Policy and/or Cookies Policy
 
 
  1.  Information We May Collect About You

    (a) Information you provide to us ► personal information that you provide to us, such as during the subscription to our newsletter or registering your interest, including your name, address, other contact details;

    (b) Our correspondence ► if you contact us, we may keep a record of that correspondence;

    (c) Device Information ► such as information about your operating system, browser, software applications, IP address, geolocation, security status and other device information in order to improve your experience, to protect against fraud and manage risk;

    (d) Survey information ► we may also ask you to complete surveys that we use for research purpose. In such circumstances we shall collect the information provided in the completed survey;

    (e) Site and communication usage ► details of your visits to the DTIF website and information collected through cookies and other tracking technologies including, but not limited to, your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access.

    (f) Call recordings and CCTV ► We may monitor or record our incoming or outgoing telephone calls with you to ensure accuracy, security, service quality, for training purposes and to establish a record of our communications. If you do not wish to have your call recorded, you have other options to conduct business with us such as online, or by contacting us in writing. We may record CCTV footage in and around our premises and other locations for the safety of our clients and employees, and to protect against theft, property damage and fraud./


  2.  How We Use Your Information and Legal Bases

    We may use your personal information in the following ways. Use of personal information under EU and the United Kingdom (UK)’s data protection laws must be justified under one of a number of legal bases, and we are required to set out the legal bases in respect of each use in this policy. An explanation of the scope of the legal bases available can be found at paragraph 4 below. For each use, we note the legal bases that we rely on:

    (a) To provide our services effectively to you ► to administer our services, including to carry out our obligations arising from any agreements entered into between you and us, or to notify you about changes to our services and products.
    Legal bases: contract performance, legitimate interests (to enable us to perform our obligations and provide services to you);

    (b) To comply with legal or regulatory requirements, or as otherwise permitted by law ► we may process your personal information to comply with our regulatory requirements or dialogue with our regulators or defend or prosecute claims as applicable which may include disclosing your personal information to third parties, the court service and/or regulators or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world. Where permitted, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime.
    Legal bases: legal obligations, legitimate interests (to cooperate with law enforcement and regulatory authorities). With respect to special categories of personal information, we will usually rely on legal claims, substantial public interests (processing for the prevention and detection of fraud/crime) or very rarely where necessary, explicit consent;

    (c) To monitor certain activities ► to monitor queries, complaints and transactions to ensure service quality (including for training), compliance with procedures and to combat fraud.
    Legal bases: legal obligations, legitimate interests (to ensure that the quality and legality of our services). With respect to special categories of personal information, we will usually rely on legal claims, substantial public interests (processing for the prevention and detection of fraud/crime) or very rarely where necessary, explicit consent;

    (d) To provide marketing materials to you ► to provide you with updates and offers, where you have chosen to receive these. We may use your information for marketing our own and selected business partners’ services to you by email, post and telephone and, where required by law, we will ask for your consent at the time we collect your data to conduct any of these types of marketing. We will provide an option to unsubscribe or opt-out of further communication on any electronic marketing communication sent to you or you may opt out by contacting us as set out in paragraph 6 below.
    Use justification: consent (which can be withdrawn at any time – please see paragraph 4 below), legitimate interest where are not required to rely on consent (to keep you updated with news in relation to our products and services);

    (e) To understand our customers and to develop and tailor our products and services ► we may analyze the personal information we hold in order to better understand our clients’ services and marketing requirements, to better understand our business and develop our products and services.
    Use justification: legitimate interests (to allow us to improve our services);

    (f) To inform you of changes ► to notify you about changes to our service.
    Use justification: contract performance, legitimate interests (to allow us to continuously develop our services); and

    (g) To reorganize or make changes to our business ► in the event that we (i) are subject to negotiations for the sale of our business or part thereof to a third party, (ii) are sold to a third party or (iii) undergo a reorganization, we may need to transfer some or all of your personal information to the relevant third party (or its advisors) as part of any due diligence process for the purpose of analyzing any proposed sale or reorganization. We may also need to transfer your personal information to that reorganised entity or third party after the sale or reorganisation for them to use for the same purposes as set out in this policy.
    Use justifications: legitimate interests (in order to allow us to change our business).


  3. Disclosures to Third parties

    We may transfer your personal information to third parties for the purposes set out below and in accordance with the lawful bases set out at paragraph 2 above:

    (a) To comply with our legal obligations to law enforcement, regulators and the court service ► We may disclose your personal information to third parties, the court service and/or regulators or law enforcement agencies in connection with proceedings or investigations anywhere in the world where compelled to do so. Where permitted, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime.


  4. Legal bases

    We note the legal bases we use to justify each use of your personal information next to the use in paragraph 2 above.

    A more detailed explanation of the legal bases is set out below:

    Consent: where you have consented to our use of your information (you will have been
    presented with a consent form in relation to any such use. You are free to withdraw your consent by contacting us using the details set out in the “Contacting us” section below. If you
    do so, we may be unable to provide a service that requires the use of such information

    Contract performance: where your information is necessary to enter into or perform our
    contract with you. 

    Legal obligation: where we need to use your information to comply with our legal obligation.

    Legitimate interests:
    where we use your information to achieve a legitimate interest and our
    reasons for using it outweigh any prejudice to your data protection rights.

    These are the principal legal grounds that justify our use of your special categories of personal
    information:

    Legal claims: where we are required to process your personal information to establish, defend,
    prosecute or make a claim against you, us or a third party.

    In the substantial public interest: the processing is necessary for reasons of substantial public
    interest, on the basis of EU or local law; and

    Explicit consent:
    where you have given explicit consent to the processing of those personal data
    for one or more specified purposes (this will rarely be relied on). You are free to withdraw your
    consent by contacting us using the details set out in the “Contacting us” section below. If you
    do so, we may be unable to provide a service that requires the use of such information.



  5. Transmission, Storage and Security of Your Personal Information

    (1) We use physical, electronic and procedural safeguards to protect against unauthorized use, access, modification, destruction, disclosure, loss or theft of your personal information in our custody or control.

    (2) We have agreements and controls in place with third party service providers requiring that any information we provide to them must be safeguarded and used only for the purpose of providing the service we have requested the company to perform.


    5.1 Security Over the Internet

     

    (3) No data transmission over the Internet or DTIF website can be guaranteed to be secure from intrusion. However, we maintain commercially reasonable physical, electronic and procedural safeguards to protect your personal information in accordance with data protection legislative requirements.

    (4) All personal information you provide to us is stored on our or our subcontractors’ secure servers and accessed and used subject to our security policies and standards. Where we have given you (or where you have chosen) a password which enables you to access certain parts
    of our site, you are responsible for keeping this password confidential and for complying withany other security procedures that we notify you of. We ask you not to share a password with anyone.


    5.2 Export Outside the European Economic Area (EEA) and the UK

     

    (5) Your personal information may be accessed by staff or suppliers in, transferred to, and/or stored at, a destination outside the EEA and the UK in which data protection laws may be of a lower standard than in the EEA. We will, in all circumstances, safeguard personal information as set out in this Privacy Policy.

    (6) Where we transfer personal information from inside the EEA and UK to outside the EEA and UK, we may be required to take specific additional measures to safeguard the relevant personal information. Certain countries outside the EEA and the UK have been approved by the European Commission (and the UK’s ICO) as providing essentially equivalent protections to EEA data protection laws and therefore no additional safeguards are required to export personal information to these jurisdictions. In countries which have not had these approvals (see the full list here http://ec.europa.eu/justice/data-protection/internationaltransfers/adequacy/index_en.htm), we will establish legal grounds justifying such transfer, such as EU Commission-approved model contractual clauses, or other legal grounds permitted by applicable legal requirements.

    (7) Please contact us if you would like to see a copy of the safeguards applied to the export of your personal information.


    5.3 Storage Limits

    (8) Our retention periods for personal data are based on business needs and legal requirements. We will retain your personal information for as long as is necessary for the processing purpose(s) for which it was collected and any other permitted linked purpose. For example, certain transaction details and correspondence may be retained until the time limit for claims in respect of the transaction has expired or in order to comply with regulatory requirements regarding the retention of such data). When personal information is no longer needed, we either irreversibly anonymise the data (and we may further retain and use the anonymised information) or securely destroy the data.


  6.  Your Rights

    (1) You have the right to ask us not to process your personal information for marketing purposes. We will inform you if we intend to use your information for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your personal information. You can also exercise the right at any time by contacting us as set out in paragraph 7 below.

    (2) In relation to processing of criminal convictions data and politically exposed person data for the purposes of complying with our anti-money laundering obligations and to combat fraud we consider that our processing is permitted by the substantial public interest ground (to prevent or detect crime) but to the extent it is not you give and we rely on your consent to process that type of personal information. Although you have a right to withdraw such consent at any time, as we consider the processing to be necessary for us to provide our services its withdrawal (to the extent the processing cannot be justified on substantial public
    interest grounds) may require us to cease to provide certain services.

    (3) If you have any questions in relation to our use of your personal information, you should first contact us as per the “Contacting us” section below. Under certain conditions, you may have the right to require us to:

    (a) provide you with further details on the use we make of your personal information;

    (b) provide you with a copy of personal information that you have provided to us;

    (c) update any inaccuracies in the personal information we hold;

    (d) delete any personal information that we no longer have a lawful ground to use; and

    (e) restrict how we use your personal information whilst a complaint is being investigated.

    You also have the right to:

    (f) where processing is based on consent, withdraw your consent so that we stop that particular processing;

    (g) object to any processing based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights;
    and

    (h) restrict how we use your personal information whilst a complaint is being investigated.

    (4) Your exercise of these rights is subject to certain exemptions to safeguard the public interest
    (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal
    privilege). If you exercise any of these rights, we will check your entitlement and respond in
    most cases within a month.

    (5) If you are not satisfied with our use of your personal information or our response to any exercise of these rights, you have the right to complain to the Information Commissioner’s Office as follows:

    Information Commissioner’s Office
    Wycliffe House
    Water Lane
    Wilmslow
    Cheshire
    SK9 5AF

    Helpline number: 0303 123 1113

    6.1 Updating Information

    (6) We are committed to maintaining the accuracy of your personal information and ensuring that it is complete and up-to-date. If you discover inaccuracies in our records, or your personal information changes, please notify us immediately so that we can make the necessary changes. Failure to notify us of changes to your personal information may negatively impact the way we communicate or provide services to you. Where appropriate, we will advise others of any material amendments to your personal information that we may have released to them. If we do not agree to make the amendments that you request, you may challenge our decision as described in the “Contacting us” section below.

     

  7. Contacting Us

    (1) Digital Token Identifier Foundation (DTIF) is responsible for and is the “data controller” of your
    personal information processed by us under this Privacy Policy.

    (2) We can be contacted in relation to your rights or any questions you may have in respect of
    this Privacy Policy or our processing of your personal information at the following addresses:

    By email: secretariat@DTIF.org
    By post: Digital Token Identifier Foundation (DTIF), Cannon Place, 78 Cannon Street, London
    EC4N 6HL, United Kingdom

    (3) If you are located in the EEA, pursuant to Article 27 of the General Data Protection Regulation
    (GDPR), Digital Token Foundation (DTIF) has appointed European Data Protection Office
    (EDPO) as its GDPR representative in the EU. You can contact EDPO regarding matters
    pertaining to the GDPR:

    By EDPO’s online request form: https://edpo.com/gdpr-data-request/
    By writing to EDPO at: Avenue Huart Hamoir 71, 1030 Brussels, Belgium


  8. Cookies


    The DTIF uses cookies to distinguish you from other users of the DTIF website. This helps us provide you with a good experience when you browse the DTIF and allows us to improve the DTIF website. For detailed information on the cookies we use and the purposes for which we use them, please see our Cookies Policy.


  9. Change To Our Privacy Policy and/or Cookie Policy


    We may change the content of the DTIF website or services without notice, and consequently our Privacy Policy and/or Cookies Policy may change at any time in the future. We therefore encourage you to review it from time to time to stay informed of how we are using personal information

Register your Interest

Fill in the form below and be the first one to learn about DTIF updates by subscribing to our newsletter.