DTOS GROUP – DATA PRIVACY NOTICE
This Data Privacy Notice (‘Notice’) has been prepared in accordance with the prevailing data protection laws (including the EU General Data Protection Regulation) and adapted to such legal requirements provided therein.
DTOS Group, comprising of entities operating in Mauritius, Kenya, Uganda and UAE (jointly referred as ‘DTOS’), hereby informs you as data subject(s) on its commitment towards ensuring compliance with the provisions under the applicable data protection laws. Security in terms of data handling and safeguarding remain one of the critical aspects of operation onto which DTOS management is putting much emphasis.
Consequently, this Notice is being circulated, providing details on your respective rights and the qualifying measures in line with the governing data privacy laws.
1.2 Information Processing Activities
Pursuant to the legal provisions under the applicable laws and as per its mandate in capacity as a service provider, DTOS is required to perform due diligence checks on its clients. For this exercise, you are requested to provide specific documents and personal information to DTOS for processing purposes, which may include the application for a licence, opening of a bank account and also the recommended process of ongoing monitoring in view of updating existing records.
By this virtue, the data processing activities at DTOS are regarded as lawful processing and thus there is no need for prior consent. On an objection to processing or complaint in relation to DTOS data processing activities, we have an internal system in place where such issues are to be entertained in a timely manner.
1.3 Source of Information
As a DTOS client, you are required to provide specific due diligence documents for the purpose of completing the ‘Know Your Client’ process. While the documents provided are to be used to complete the checklist of documents, we also rely on renowned reference databases for conducting independent profile checks. Since the independent review is performed internally, we confirm that none of your personal data are transmitted to third party service provider(s).
1.4 Transfer of information
As regard to the handling of your personal data maintained at DTOS, it is ensured that same are to be used strictly for such intended purposes and under such agreed terms. However, where specific derogations shall apply, you will be informed accordingly on the data transfer.
Binded by the legal obligation to preserve confidentiality on such data records being maintained and processed at its level, DTOS has defined and adopted a set of internal control and risk management policies. These policies, adapted to the corporate governance principles and prevailing laws have been duly implemented and are strictly adhered to by DTOS staff.
To ensure compliance with the requirements as provided under the data protection laws, specific data security measures have been taken, with qualified persons being designated for the enforcement of the data protection framework.
For any breach of confidentiality by DTOS staff, DTOS management has provided for disciplinary sanctions while any breach at the client or data subject’s level shall entail in the termination of the business relationship.
1.6 Rights of Data Subjects
As per the provisions under the applicable data protection legislations, you as the data subject have the following rights which have been considered by DTOS in the designing of the applicable data protection process:
- Right to access: For information provided to DTOS, you are allowed to make written request for an update or any specific information required at your end and same will be entertained by DTOS. However, the process of entertaining such request includes an assessment of the type of information requested, rationale and recipient. DTOS shall only execute the transfer in the event where it is satisfied with its observations. A fee may be charged under specific circumstances;
- Right to rectify : Since it is a shared responsibility to ensure that records are kept up to date, you may advise DTOS to amend your personal details, as and when the need be. Any non-disclosure of amended particulars may be considered as a breach and necessary actions can be initiated by DTOS;
- Right to erase, restrict processing, object: Pursuant to the provisions under the data protection laws, these rights have been assigned to you as data subject. While being in conformance with our legal obligations, we will attend to your request and shall provide you with our comments, as and where applicable.
Any request to access your personal data maintained at DTOS will be assessed individually and shall not be subject to a charge. However, in the event that such requests are exhaustive in terms of processing, a fee may be charged. Additionally, where DTOS, as a responsible data processor is not satisfied with the rationale for data transfer or as a result of being unfounded, it will not entertain the request. Each request will therefore be assessed individually.
1.8 Data Retention Policy
Your data and information gathered by DTOS are to be used solely for such intended purpose and are to be recorded in both physical and electronic format at DTOS. For this purpose, a secured filing cabinet and an efficient database system has been put in place.
Except for excepted cases, DTOS shall keep in its records your data and information till the engagement has been terminated. We however warrant that all the security measures will be applied during that period of retention.
We have a secure Information Technology platform with a proper back up and disaster recovery system. Our database management system meets the recommend criteria in terms of risk management and to ensure consistency, it is serviced and maintained in a timely manner.
Additionally, specific policies and procedures are in place to ensure an effective use of the tools and infrastructure made available to staff for the handling and processing of your data.
1.10 Contact Us
DTOS Group – Head Office
10th Floor, Standard Chartered Tower
19 Cybercity, Ebène
Tel: (+230) 404 6000
Fax: (+230) 468 1600