Home » Policies
 

Diabos GDPR Policy

With the following information, we would like to give you an overview of how we will process your data and of your rights according to General Data Protection Regulation (GDPR). The details on what data will be processed and which method will be used depend significantly on the services applied for or agreed upon.

Sources and Categories of Personal Data Concerned

We process personal data that we obtain from our clients in the context of our business relationship.

We process the following categories of personal data

Personal data : Name, address, e-mail id, contact number(s), date of birth, gender, nationality, location, purchase and payment details, signatures, personal identification number, and passport number.

Special categories : We do not seek to collect or otherwise Process your Sensitive Personal Information. Where we need to Process your Sensitive Personal Information for legitimate purpose, we do so in accordance with applicable laws. The Services are not intended for use by children.

We do not collect or otherwise Process Personal Information about race, religion, sexual orientation or health or any other information that may be deemed to be sensitive under GDPR (collectively, “Sensitive Personal Information”) in the ordinary course of our business.

Children: The DA Services are not intended for the use by Children below the age of 18 years.

 

Purpose of processing your data and Legal Basis of Processing Data

DIABOS utilizes personal data for the purpose of delivering contracted products and services to the customer.

 

Legal Basis for processing your data

Processing personal data is dependent on the purpose for processing and may vary as described and applicable to the contracted product or services. In general, we process personal data under the following legal basis

Performance of the contract

Personal data to perform our obligations under the Service Terms as inscribed in contracts applicable to the product or service use, provided by us or our customers.

Customer consent

We process personal data if data subject/data controller have consented to the processing activity. Data subject may revoke their consent at any time. Doing so will bar us from further processing of data subject’s personal data based on received consent but will not impact the lawfulness of processing based on consent before it was withdrawn. Some of the features of our products and services might be only available based on consent.

Legal obligations

We process data subject’s personal data as needed to comply with laws and regulations.

Legitimate interests

We do not process data subject’s personal data to further our legitimate interests, such as in connection with managing, developing, testing, securing, and in limited circumstances marketing, advertising, and making recommendations regarding our products and services.

 

Recipients of Data

Organization/Institution Name Purpose of transferring the data
Ebury, UK International payments
Boxco Logistics India Pvt. Ltd. Contract and service, back office processing
 

Transfer of Personal Data Abroad

DIABOS Global Fze will pass on your personal data to third parties mentioned below

Third country (Non EU) / international organisation Purpose of sharing the data Safeguard in place to protect your data
Organization name and location
Boxco Logistics India Pvt. Ltd., Mumbai, India DA processing, back office support and cash management The personal data in e-form is on cloud and only be accessed by authentic users by using username with valid passwords. The periodic backups are taken and stored in the encrypted form. The data can only be accessed by lawful personnel of the organization to substantiate the data availability and restoration activity with prior consent from DIABOS Global FZE.
The organization is in contract with renowned information management service provider to manage the information existed in hard form. The personal data can be accessed by the lawful personnel with prior consent from DIABOS Global FZE.
The personal information is stored and safeguarded in both hard form and e-form till the directives for removal of information is not received from DIABOS Global FZE.

Please contact us if you would like to request to see a copy of the specific safeguards applied to the export of your information

 

Further processing

If DIABOS wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior explicit consent to the new processing.

 

To What Extent Is There Automated Decision-Making?

In establishing and carrying out a business relationship, we generally do not use any automated decision-making pursuant to Article 22 of the GDPR. If we use this procedure in individual cases, we will inform you of this separately, as long as this is a legal requirement.

 

Will Profiling Take Place?

We process some of your data automatically, with the goal of assessing certain personal aspects (profiling). We use profiling for the following cases, for instance

  • auto-notifications,
  • auto-emails
 

How long do we keep your data?

DIABOS keep your personal data depending upon the regulations which articulates the minimum period for storing physical documents for audits. The personal data stored in the e-form will remain for indefinite time with DIABOS which will only be removed based on the request received from the data subjects (Principle /Agents /Operators/Service providers/Charterers’/brokers’). The data other than personal information like complete port call details, payments, contract details will not be removed and retained by DIABOS.

 

Your rights and your personal data

You have the following rights with respect to your personal data

  • The right to request a copy of your personal data which DIABOS holds about you;
  • The right to request (Right to Rectification) that DIABOS corrects any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased (Right to Erasure) where it is no longer necessary for DIABOS to retain such data; DIABOS does retain the personal data available in any form for the purpose of audit and for fulfilling the legal obligations. The personal data will be erased based on the request of the data subject only if it is no longer required in legal viewpoint.
  • [The right to withdraw your consent to the processing at any time] [Only insert if consent is relied upon as a processing condition]; DIABOS only collects the personal information which is legitimate to contract requirements hence DIABOS removes the personal data on request only if the contract is over or the information is no longer required for fulfilling any legal obligations.
  • The right to request that the DIABOS provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), The DIABOS business model is governed by the contracts and does not port or transmit the personal data to other data controller.
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to object to the processing of personal data is subject to contract and legal obligation. Data subject can object the processing of personal data in case of unlawful dispensation or divergence from the contract terms or objective of the collection of personal data.
 

Contact Details of Controller and Data Protection Officer

You can contact ‘Rajesh Palshetkar’ representative of DIABOS on +91-22-49716692 or via email at dpo@diabos.biz or at the address: Godrej Coliseum, 801-C wing, Behind Everard Nagar, Sion (E), Mumbai - 400 022, INDIA