Last Updated: May 18, 2021
(a) Information you provide to us ► personal information that you provide to us, such as during the subscription to our newsletter or registering your interest, including your name, address, other contact details;
(b) Our correspondence ► if you contact us, we may keep a record of that correspondence;
(c) Device Information ► such as information about your operating system, browser, software applications, IP address, geolocation, security status and other device information in order to improve your experience, to protect against fraud and manage risk;
(d) Survey information ► we may also ask you to complete surveys that we use for research purpose. In such circumstances we shall collect the information provided in the completed survey;
(e) Site and communication usage ► details of your visits to the DTIF website and information collected through cookies and other tracking technologies including, but not limited to, your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access.
(f) Call recordings and CCTV ► We may monitor or record our incoming or outgoing telephone calls with you to ensure accuracy, security, service quality, for training purposes and to establish a record of our communications. If you do not wish to have your call recorded, you have other options to conduct business with us such as online, or by contacting us in writing. We may record CCTV footage in and around our premises and other locations for the safety of our clients and employees, and to protect against theft, property damage and fraud./
We may use your personal information in the following ways. Use of personal information under EU and the United Kingdom (UK)’s data protection laws must be justified under one of a number of legal bases, and we are required to set out the legal bases in respect of each use in this policy. An explanation of the scope of the legal bases available can be found at paragraph 4 below. For each use, we note the legal bases that we rely on:
(a) To provide our services effectively to you ► to administer our services, including to carry out our obligations arising from any agreements entered into between you and us, or to notify you about changes to our services and products.
Legal bases: contract performance, legitimate interests (to enable us to perform our obligations and provide services to you);
(b) To comply with legal or regulatory requirements, or as otherwise permitted by law ► we may process your personal information to comply with our regulatory requirements or dialogue with our regulators or defend or prosecute claims as applicable which may include disclosing your personal information to third parties, the court service and/or regulators or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world. Where permitted, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime.
Legal bases: legal obligations, legitimate interests (to cooperate with law enforcement and regulatory authorities). With respect to special categories of personal information, we will usually rely on legal claims, substantial public interests (processing for the prevention and detection of fraud/crime) or very rarely where necessary, explicit consent;
(c) To monitor certain activities ► to monitor queries, complaints and transactions to ensure service quality (including for training), compliance with procedures and to combat fraud.
Legal bases: legal obligations, legitimate interests (to ensure that the quality and legality of our services). With respect to special categories of personal information, we will usually rely on legal claims, substantial public interests (processing for the prevention and detection of fraud/crime) or very rarely where necessary, explicit consent;
(d) To provide marketing materials to you ► to provide you with updates and offers, where you have chosen to receive these. We may use your information for marketing our own and selected business partners’ services to you by email, post and telephone and, where required by law, we will ask for your consent at the time we collect your data to conduct any of these types of marketing. We will provide an option to unsubscribe or opt-out of further communication on any electronic marketing communication sent to you or you may opt out by contacting us as set out in paragraph 6 below.
Use justification: consent (which can be withdrawn at any time – please see paragraph 4 below), legitimate interest where are not required to rely on consent (to keep you updated with news in relation to our products and services);
(e) To understand our customers and to develop and tailor our products and services ► we may analyze the personal information we hold in order to better understand our clients’ services and marketing requirements, to better understand our business and develop our products and services.
Use justification: legitimate interests (to allow us to improve our services);
(f) To inform you of changes ► to notify you about changes to our service.
Use justification: contract performance, legitimate interests (to allow us to continuously develop our services); and
(g) To reorganize or make changes to our business ► in the event that we (i) are subject to negotiations for the sale of our business or part thereof to a third party, (ii) are sold to a third party or (iii) undergo a reorganization, we may need to transfer some or all of your personal information to the relevant third party (or its advisors) as part of any due diligence process for the purpose of analyzing any proposed sale or reorganization. We may also need to transfer your personal information to that reorganised entity or third party after the sale or reorganisation for them to use for the same purposes as set out in this policy.
Use justifications: legitimate interests (in order to allow us to change our business).
We may transfer your personal information to third parties for the purposes set out below and in accordance with the lawful bases set out at paragraph 2 above:
(a) To comply with our legal obligations to law enforcement, regulators and the court service ► We may disclose your personal information to third parties, the court service and/or regulators or law enforcement agencies in connection with proceedings or investigations anywhere in the world where compelled to do so. Where permitted, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime.
We note the legal bases we use to justify each use of your personal information next to the use in paragraph 2 above.
A more detailed explanation of the legal bases is set out below:
Consent: where you have consented to our use of your information (you will have been
presented with a consent form in relation to any such use. You are free to withdraw your consent by contacting us using the details set out in the “Contacting us” section below. If you
do so, we may be unable to provide a service that requires the use of such information
Contract performance: where your information is necessary to enter into or perform our
contract with you.
Legal obligation: where we need to use your information to comply with our legal obligation.
Legitimate interests: where we use your information to achieve a legitimate interest and our
reasons for using it outweigh any prejudice to your data protection rights.
These are the principal legal grounds that justify our use of your special categories of personal
Legal claims: where we are required to process your personal information to establish, defend,
prosecute or make a claim against you, us or a third party.
In the substantial public interest: the processing is necessary for reasons of substantial public
interest, on the basis of EU or local law; and
Explicit consent: where you have given explicit consent to the processing of those personal data
for one or more specified purposes (this will rarely be relied on). You are free to withdraw your
consent by contacting us using the details set out in the “Contacting us” section below. If you
do so, we may be unable to provide a service that requires the use of such information.
(1) We use physical, electronic and procedural safeguards to protect against unauthorized use, access, modification, destruction, disclosure, loss or theft of your personal information in our custody or control.
(2) We have agreements and controls in place with third party service providers requiring that any information we provide to them must be safeguarded and used only for the purpose of providing the service we have requested the company to perform.
(3) No data transmission over the Internet or DTIF website can be guaranteed to be secure from intrusion. However, we maintain commercially reasonable physical, electronic and procedural safeguards to protect your personal information in accordance with data protection legislative requirements.
(4) All personal information you provide to us is stored on our or our subcontractors’ secure servers and accessed and used subject to our security policies and standards. Where we have given you (or where you have chosen) a password which enables you to access certain parts
of our site, you are responsible for keeping this password confidential and for complying withany other security procedures that we notify you of. We ask you not to share a password with anyone.
(6) Where we transfer personal information from inside the EEA and UK to outside the EEA and UK, we may be required to take specific additional measures to safeguard the relevant personal information. Certain countries outside the EEA and the UK have been approved by the European Commission (and the UK’s ICO) as providing essentially equivalent protections to EEA data protection laws and therefore no additional safeguards are required to export personal information to these jurisdictions. In countries which have not had these approvals (see the full list here http://ec.europa.eu/justice/data-protection/internationaltransfers/adequacy/index_en.htm), we will establish legal grounds justifying such transfer, such as EU Commission-approved model contractual clauses, or other legal grounds permitted by applicable legal requirements.
(7) Please contact us if you would like to see a copy of the safeguards applied to the export of your personal information.
(8) Our retention periods for personal data are based on business needs and legal requirements. We will retain your personal information for as long as is necessary for the processing purpose(s) for which it was collected and any other permitted linked purpose. For example, certain transaction details and correspondence may be retained until the time limit for claims in respect of the transaction has expired or in order to comply with regulatory requirements regarding the retention of such data). When personal information is no longer needed, we either irreversibly anonymise the data (and we may further retain and use the anonymised information) or securely destroy the data.
(1) You have the right to ask us not to process your personal information for marketing purposes. We will inform you if we intend to use your information for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your personal information. You can also exercise the right at any time by contacting us as set out in paragraph 7 below.
(2) In relation to processing of criminal convictions data and politically exposed person data for the purposes of complying with our anti-money laundering obligations and to combat fraud we consider that our processing is permitted by the substantial public interest ground (to prevent or detect crime) but to the extent it is not you give and we rely on your consent to process that type of personal information. Although you have a right to withdraw such consent at any time, as we consider the processing to be necessary for us to provide our services its withdrawal (to the extent the processing cannot be justified on substantial public
interest grounds) may require us to cease to provide certain services.
(3) If you have any questions in relation to our use of your personal information, you should first contact us as per the “Contacting us” section below. Under certain conditions, you may have the right to require us to:
(a) provide you with further details on the use we make of your personal information;
(b) provide you with a copy of personal information that you have provided to us;
(c) update any inaccuracies in the personal information we hold;
(d) delete any personal information that we no longer have a lawful ground to use; and
(e) restrict how we use your personal information whilst a complaint is being investigated.
You also have the right to:
(f) where processing is based on consent, withdraw your consent so that we stop that particular processing;
(g) object to any processing based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights;
(h) restrict how we use your personal information whilst a complaint is being investigated.
(4) Your exercise of these rights is subject to certain exemptions to safeguard the public interest
(e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal
privilege). If you exercise any of these rights, we will check your entitlement and respond in
most cases within a month.
(5) If you are not satisfied with our use of your personal information or our response to any exercise of these rights, you have the right to complain to the Information Commissioner’s Office as follows:
Information Commissioner’s Office
Helpline number: 0303 123 1113
(6) We are committed to maintaining the accuracy of your personal information and ensuring that it is complete and up-to-date. If you discover inaccuracies in our records, or your personal information changes, please notify us immediately so that we can make the necessary changes. Failure to notify us of changes to your personal information may negatively impact the way we communicate or provide services to you. Where appropriate, we will advise others of any material amendments to your personal information that we may have released to them. If we do not agree to make the amendments that you request, you may challenge our decision as described in the “Contacting us” section below.
(1) Digital Token Identifier Foundation (DTIF) is responsible for and is the “data controller” of your
(2) We can be contacted in relation to your rights or any questions you may have in respect of
By email: secretariat@DTIF.org
By post: Digital Token Identifier Foundation (DTIF), Cannon Place, 78 Cannon Street, London
EC4N 6HL, United Kingdom
(3) If you are located in the EEA, pursuant to Article 27 of the General Data Protection Regulation
(GDPR), Digital Token Foundation (DTIF) has appointed European Data Protection Office
(EDPO) as its GDPR representative in the EU. You can contact EDPO regarding matters
pertaining to the GDPR:
By EDPO’s online request form: https://edpo.com/gdpr-data-request/
By writing to EDPO at: Avenue Huart Hamoir 71, 1030 Brussels, Belgium
Fill in the form below and be the first one to learn about DTIF updates by subscribing to our newsletter.