1. Introduction 1.1 This privacy notice (Privacy Notice) sets out the ways in which we, the DiamondTrading Company Limited (we, us, our), collect and use your personal data (your personal information) in connection with the Tracr Community Portal which can be accessed on the following website www.tracr.com/community (the Portal). It also explains what rights you have in relation to your personal data.
2. About Us 2.1 We are company established in the United Kingdom, with our registered address as set out below.
3. Information we may collect about you 3.1 We may collect, use, store and transfer different kinds of personal data about you (depending on the circumstances). We have grouped together these types of personal information as follows: 3.1.1 Identity and contact data: including organisation, title, name, address, email address and phone number. 3.1.2 Survey data: from time to time we might ask if you would be willing to participate in our surveys on the Portal; if you agree, we will collect any information that you provide as part of that survey. 3.1.3 Website analytics data: we will also collect certain information about how you use our Portal and the device that you use to access our Portal. This might include your geographical location, device information (such as your hardware model, mobile network information, unique device identifiers), the data transmitted by your browser (such as your IP address, time zone settings, access status/HTTP status code, volume of data transmitted, browser type and version, language settings, length of visit to the Portal, date and time of the request, operating system and interface), the number of page views and the search queries you make on the Portal and similar information. This information may be collected by a third-party website analytics service provider on our behalf and/or may be collected using cookies or similar technologies. For more information on cookies please read the ‘COOKIES’ section below. 3.1.4 Account data: we will collect information when you make changes to your profile on your Portal account. 3.1.5 Newsletter and marketing preferences: we will receive details of your newsletter and marketing preferences if you sign up to receive our newsletter or marketing via the Portal or social media. 3.1.6 Social media profile information: if you interact with any of our social media profiles, you may provide us with personal information. For example, if you ‘like’ or ‘share’ posts that we have made on a social media platform, if you comment on our profile pages, or if you contact us directly via social media, you may reveal personal information such as details of your social media account name, and other identity and contact data described above. You will also share with us details of the information contained in any comments or correspondence with us. 3.1.7 Any other personal information that you provide to us: for example, any other information that you choose to provide to us in any correspondence.
4. How we collect personal data 4.1 We collect this personal information from you either directly, for example, when you contact us, interact with us on social media, or indirectly, such as your browsing activity while on our Portal (please see the ‘COOKIES’ section below).
4.2 In certain circumstances, we will receive information about from third party sources. For example: 4.2.1 Website and IT support service providers: we may collect personal information from our website developers and IT support providers. 4.2.2 Website security: we will collect information from our website security service partners about any misuse to the Portal, for instance, the introduction of viruses, Trojans, worms, logic bombs, website attacks or any other material or action that is malicious or harmful. 4.2.3 Slack: we will collect information that is shared with us by Slack. For more information about how Slack will process your personal data, please see here: https://slack.com/intl/en-gb/privacy-policy 4.2.4 Website and social media analytics providers: we will collect aggregated information from our website analytics providers, such as statistical or demographic data, in order to assess the effectiveness of our Portal. Aggregated data could be derived from your personal data but will not directly or indirectly reveal your identity. 4.2.5 Social media plugins: we may use social media plugins from service providers such as Facebook, Twitter and LinkedIn. 4.2.6 Other third parties: we might also receive information about you from third parties if you have indicated to such third party that you would like to hear from us.
5.2 Lawful grounds for using non-sensitive personal information We will use your personal information for the purposes listed above on the basis of: 5.2.1 performance of your contract with us; 5.2.2 your consent (where we request it); 5.2.3 your vital interests or the vital interests of another living person; 5.2.4 where we need to comply with a legal or regulatory obligation; or 5.2.5 our legitimate interests. Where we use your information on the basis of our legitimate interests, we make sure that we take into account any potential impact that such use may have on you. Our legitimate interests don’t automatically override yours and we won’t use your information if we believe your interests should override ours unless we have other grounds to do so (such as your consent or a legal obligation). If you have any concerns about our processing please refer to the section titled ‘Your Rights’ below.
6. Lawful grounds for using sensitive personal information 6.1 “Special categories” of particularly sensitive personal information, such as information about your religious or philosophical beliefs, health, racial or ethnic origin, sexual orientation or trade union membership, require additional levels of protection under data protection laws. Whilst we do not actively seek to collect sensitive data there may be occasions where we are provided with this type of information, for example, if you choose to include any sensitive personal information in correspondence with us.
In addition to the lawful grounds listed above, we must have additional lawful grounds to process these types of sensitive personal information. As such, we may process your sensitive personal information: 6.1.1 with your explicit written consent; 6.1.2 on the basis of our legal obligations or the exercise of rights in connection with employment, social security and social protection laws; 6.1.3 on the basis of substantial public interest; 6.1.4 where it is needed in relation to legal claims; 6.1.5 where it is needed to protect your vital interests, or the vital interests of someone else, and you are not capable of giving your consent; 6.1.6 where you have already made the information manifestly public; or 6.1.7 as otherwise legally permitted under data protection laws.
7. Who we might share your information with 7.1 In connection with the purposes and on the lawful grounds described above, and in addition to the recipients of your information as described above, we may share your personal information when relevant with third parties such as: 7.1.1 Employees of the Diamond Trading Company Limited: for purposes relating to the activities and aims of the Tracr Project and the Diamond Tracing Company Limited. 7.1.2 Partners and collaborators: programme partners with whom we collaborate in order to further the aims and activities of the Tracr programme and the Diamond Trading Company Limited. Our programme partners may be based in various territories across the globe. 7.1.3 Marketing parties: any named or defined third party that you consent to our sharing your information with for marketing purposes. 7.1.4 Our service providers: service providers we work with to manage our Portal and social media accounts, including Slack for the purposes of granting you access to the private Slack channel. 7.1.5 Regulators and governmental bodies: tax authorities, regulators, governmental bodies and other authorities acting as processors or joint controllers who require reporting of processing activities in certain circumstances. 7.1.6 Other third parties (including professional advisers): any other third parties (including legal or other advisors, regulatory authorities, courts, law enforcement agencies and government agencies) where necessary to enable us to enforce our legal rights, or to protect the rights, property or safety of individuals, or where such disclosure may be permitted or required by law.
7.2 We require third parties to maintain appropriate security to protect your information from unauthorised access or processing.
8.3 If you do not wish for cookies to be installed on your device, you can change the settings on your browser or device to reject cookies. For more information about how to reject cookies using your internet browser settings please consult the “Help” section of your internet browser (or alternatively visit http://www.aboutcookies.org.uk). Please note that, if you do set your Internet browser to reject cookies, you may not be able to access all of the functions of the Portal.
9. How long we keep your information for We will retain your information for as long as we reasonably require for the lawful purposes of the Diamond Trading Company Limited and the Tracr programme, such as for the purposes of exercising our legal rights or where we are permitted or required to do so by law.
10. Help keep your information safe 10.1 You can also play a part in keeping your information safe by: 10.1.1 keeping your devices protected by using the latest version of your operating system and maintaining any necessary anti-virus software; and 10.1.2 being vigilant to any fraudulent emails that may appear to be from us
11. International transfers of your information 11.1 The Diamond Trading Company Limited is based in the United Kingdom. 11.2 For individuals based in the European Economic Area (EEA), whenever we transfer your personal data out of the EEA, we ensure that appropriate levels of protection are afforded to it by ensuring at least one of the following data transfer solutions are implemented: 11.2.1 We will transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries; 11.2.2 Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries; and 11.2.3 Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
11.3 Please contact us using the contact details at the top of this Privacy Notice if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
12. Your rights to the information we hold about you 12.1 You have certain rights in respect of the information that we hold about you, including: 12.1.1 the right to be informed of the ways in which we use your information, as we seek to do in this Privacy Notice; 12.1.2 the right to ask us not to process your personal data for marketing purposes; 12.1.3 the right to request access to the information that we hold about you; 12.1.4 the right to request that we correct or rectify any information that we hold about you which is out of date or incorrect; 12.1.5 the right to withdraw your consent for our use of your information, where we have relied on your consent to use your information, which you can do by contacting us using any of the details at the top of this Privacy Notice; 12.1.6 the right to object to our using your information on the basis of our legitimate interests (or the legitimate interests of a third party) and there is something about your particular situation which makes you want to object to processing on this ground; 12.1.7 in certain circumstances, the right to receive a copy of any information we hold about you (or request that we transfer this to another service provider) in a structured, commonly-used, machine readable format; 12.1.8 in certain circumstances, the right to ask us to limit or cease processing or erase information we hold about you; and 12.1.9 the right to lodge a complaint about us to the privacy or data protection authority in your place of work or residence.
12.2 How to exercise your rights 12.2.1 You may exercise your rights above by contacting us using the details in the ‘ABOUT US’ section of this Privacy Notice above, or in the case of preventing processing for marketing activities also by checking certain boxes on forms that we use to collect your data to tell us that you don’t want to be involved in marketing.
12.3 What we need from you to process your requests 12.3.1 We may need to request specific information from you to help us confirm your identity and to enable you to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. 12.3.2 You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We will try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
13. Sharing data directly with third parties 13.1 You might end up providing personal information directly to third parties as a consequence of your interactions with our Portal and social media profiles. For example, you may choose to correspond directly with other social media users when visiting our social media pages. We are not responsible for how such third parties use personal data provided by you. 13.2 Please be responsible with personal information of others when using our Portal and the services available on it. We are not responsible for your misuse of personal information, or for the direct relationship between you and others when takes place outside of the Portal or our services.
14. Third party links The Portal includes links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Portal, we encourage you to read the privacy notice of every website you visit.
15. Changes to this privacy notice and your duty to inform us of changes 15.1 We may make changes to this Privacy Notice from time to time. We will post any changes to our site, or notify you of any material changes by e-mail if we have been provided with your email address. 15.2 It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us by contacting us via the contact details stated at the top of this Privacy Notice.