Last updated: 28 February, 2019
Welcome to DQR-OTC
DQR-OTC Limited (“DQR-OTC”) actively seeks to protect your privacy. This policy describes what personally identifiable data (“Personal Data”) we collect, with whom we may share it and why, in which jurisdictions personal data is held and processed, and what measures we have taken to protect your online privacy – both technically and legally.
We have worked hard to make this policy fair and easy to read. Please feel free to contact us if you have any questions or suggestions.
- we need to ensure your identity before we can release, change or remove information;
- law, regulation and compliance may affect what we are allowed to do or not;
- being anonymous does not equate to being unaccountable.
Updates to this policy are indicated by a newer effective date – older versions will be archived and remain accessible here to older versions page.
Table of Contents
- Personal data we collect
a. Personal data that we collect directly from you
b. Information that we collect automatically
- How we use personal data
a. Our services
b. Service-related communication and marketing
c. Compliance and protection
d. Service providers
e. Business partners
f. Corporate reorganisation
g. Compliance and legal requirements
- Your rights
a. Opting out of receiving electronic communications from us
b. Seeing and/or changing personal data
c. The process for exercising your rights
d. Your formal rights under EU GDPR
- Security, retention and breaches
- Links to other companies and websites
- Contact us
We (DQR-OTC) obtain personal data about you from various sources to provide, manage, protect and improve our services and the information we provide to you. You may be a visitor to one of our websites, a user of our services or someone who has contacted us.
We actively seek to minimise the amount of personal data we collect, process and/or retain. Where this is unavoidable for technical, legal or protective reasons, we have implemented measures to ensure we explain clearly at the point of collection what information we collect, why we require it and ensure your consent is gained explicitly before we use the provided information.
Your information is only accessed, used and maintained by authorised staff for the purpose expressed at the time of collection, and is erased where permitted by law and regulation as soon as it is no longer required.
In general, we seek to exceed the EU/EC 2016/679 General Data Protection Regulation (“GDPR”) demands and actively assist our providers and partners in maintaining the same standards.
2. Personal data we collect
2.a. Personal data that we collect directly from you
The personal data that you provide directly to us through our services will be collected in compliance with EU law. In particular:
- When you register for a DQR-OTC account, we are required to collect certain personal information to perform “Know your Customer” (KYC) and Anti Money Laundering (AML) screening;
- When you fill in an online form to contact our sales team, we collect your name and contact details so we can reply. We also log the IP address of your request to assist site security;
- If you contact us by phone, we may request and retain a phone number to call you back;
- When you provide contact details, we may offer you the option to opt-in for marketing or surveys;
- When you respond to DQR-OTC emails or surveys, we will retain your email address, name and any other information you have opted to share with us;
- If you contact us as a DQR-OTC user, we may require personal information to confirm your identity before we are able to assist;
- We retain transaction and trading activity information for reasons of compliance;
- Our security and fraud prevention measures will, separately, collect data such as IP addresses, time of access and activity. These logs are retained and analysed for security and fraud and are not accessible to anyone but security staff and/or partners we use for this specific purpose. In case of abuse, we reserve the right to correlate such data with personal information and may even be legally compelled to do so.
We believe in informed choice. When we ask for personal information, we will always inform you why we require the information, what we will do with it, ask your permission to retain it and offer information about your rights and options in relation to our retention and handling of information.
2.b. Information that we collect automatically
- Browser and device data, such as IP address, device type, operating system and Internet browser type, screen resolution, operating system name and version, device manufacturer and model, language, plug-ins, and add-ons;
- Usage data, such as time spent on the services, pages visited, links clicked, language preferences, and the pages that led or referred you to our services.
We use Matomo (formerly “Piwik”) for website statistics, which anonymises traffic and respects browser “Do Not Track” settings – when detected, only our separate security facilities will retain information about your visit and activities.
3. How we use personal data
DQR-OTC does not sell personal data and will only share personal information (with your permission) with partners when required or permitted by law. We use personal data only as outlined below.
3.a. Our services
In order to access our services, you will need to subscribe. We will require your personal details for KYC/AML screening, and will monitor trade activities with their associated ID reference to fulfil our legal and regulatory obligations. Backups, long term storage and archive facilities for personal data deploy encryption to prevent unauthorised access. Information and statistics can be shared in anonymised form with third parties and partners we trust. Under no circumstances will personally identifiable information be shared or used for any other purpose than indicated at the time of collection without permission of the user concerned.
3.b. Service-related communication and marketing
In order to keep you up to date on services and facilities, we may occasionally write to you via email. We will inform you of service-relevant information such as changes in legislation or maintenance outages. Upon registration, you were given the opportunity to opt in to Marketing messages signaling new and/or improved features. This low volume communication remains optional and will always contain a link to opt out facilities.
3.c. Compliance and protection
For reasons of compliance and protection, we must retain records of your KYC/AML screening and transaction data.
3.d. Service providers
We share personal data with service providers who assist us in ensuring compliance and protection. Such service providers are only permitted to use your personal data as necessary to perform services on our behalf or comply with legal requirements. We require such service providers to contractually commit to protecting the security and confidentiality of personal data they process on our behalf.
3.e. Business partners
We share personal data with business partners when this is necessary to provide our services to our users. Examples of third parties to whom we may be required to disclose personal data are banks and payment method providers when we provide services interacting with fiat currency.
3.f. Corporate reorganisation
In the event that we enter into, or intend to enter into, a transaction that alters the structure of our business such as a reorganisation, merger, sale, joint venture, assignment, transfer or change of control of all or a portion of our business, assets or stock, we may migrate personal data to this new structure if we can perform this without materially changing the protection of personal data and its permitted use.
3.g. Compliance and legal requirements
We only share personal data as required:
- to comply with applicable law and regulation;
- to enforce our contractual rights;
- to protect the rights, privacy, safety and property of DQR-OTC, you and other users; and when formally and correctly requested by courts, law enforcement agencies, regulators or other public and government authorities.
DQR-OTC strictly adheres to the law, which includes laws explicitly protecting your right to privacy.
4. Your rights
You have choices regarding our use and disclosure of your personal data:
4.a. Opting out of receiving electronic communications from us
If you no longer want to receive marketing communication from us, you may opt out via the unsubscribe link included in such emails. We will try to comply with your request as soon as reasonably practicable. Please note that if you opt out of receiving marketing emails from us, we may still send you important administrative messages that are required to provide you with our services and comply with applicable laws.
4.b. Seeing and/or changing personal data
If you would like to review, correct, or update personal data that you have previously disclosed to us, you may do so by signing in to your DQR-OTC account or by contacting us.
4.c. The process for exercising your rights
In order to exercise your data protection rights, you may contact DQR-OTC as described in the Contact section below. Assuming we indeed hold information about you, we will comply with your request to the extent required by applicable law. For your protection, we may need to verify your identity before responding to your request. For your information, we hereby repeat what rights you have under the GDPR regarding offering personal information to organisations.
4.d. Your formal rights under EU GDPR
As an EU resident or citizen you have the right to:
- Be informed of the fair use of your data;
- Request access to your data at any time;
- Request that your information is corrected;
- Receive your data in a machine-readable format;
- Request that your data is erased;
- Request a restriction on processing of your data;
- Object to processing of your data;
- Not be subjected to automated data profiling.
Please note that your request and regulatory and/or legislative demands may collide.
5. Security, retention and breaches
We make extensive efforts to protect your personal information. We maintain legal, structural, technical and operational measures to protect your personal data within DQR-OTC against unauthorised access, destruction, loss, alteration or misuse.
Please note that regular email is an unsecure medium and we cannot accept responsibility for its privacy or security. To protect your communication, please use our web forms, especially if you request access to your information. If you have a service account with us, we can make our reply accessible to you from within your account.
If you have reason to believe that your account has been breached, please contact us immediately. Please have alternative means of identification ready as we are otherwise unable to assist.
If you are a DQR-OTC user, we retain your personal data as long as we are providing the services to you. We retain personal data after we cease providing services to you to the extent necessary to comply with our legal and regulatory obligations and for the purpose of fraud monitoring, detection and prevention. We also retain personal data where data retention is mandated by the banking and payment methods that we use. Where we retain data, we do so in accordance with applicable law.
When we detect a possible security breach, we will use your personal contact information to notify you as soon as possible. Please note that we are required by law to report security and privacy breaches to regulatory bodies.
6. Links to other companies and websites
Services and information may provide links to other companies and websites. As these operate independently of us, they will have their own privacy and security policies – we cannot accept liability or responsibility for their content, any use of these websites or the privacy practices of the operators of those other companies and websites.
8. Contact us
To facilitate easy management of your personal data, DQR-OTC offers a single contact point. Use the web form to contact us, and include contact details for our reply. The form is secure, so your information will be protected when it is transmitted to us – no information will be retained on the website itself.
Please understand that we cannot act on requests for personal data until we have ensured that these indeed originate from the relevant individual.