Last updated: 2 June 2021
We understand the importance of protection of your privacy and personal data and commit a lot of efforts to develop and maintain high standards of inner security measures and technologies to provide you with secure processing and storage of the data we collect from you; and keep your data safe against unauthorized or unlawful processing and against accidental loss, destruction or damage.
to the website/portal features and services provided to you when you visit our websites, portals or our web platform our clients may use on their websites;
when you apply to use and/or use our products and services, as well as when you request changes to the services you are using;
to your use of software including web platform, mobile and desktop applications provided by us; and to email, other electronic messages including SMS, telephone, web chat, website/portal and other communications between you and us.
PERSONAL DATA WE COLLECT AND OBJECTIVE
When registering for an account via Doroex we collect and further process the following categories of data:
Information requested during the registration of the account that identifies you, for example your name, date of birth, citizenship, etc.
Financial information, including your income, source of income / funds, taxation residence information, etc.
Your identity and residency verification documents, for example passport and/or ID card, utility bill, etc.
Contact information, i.e. your phone number, e-mail address, etc.
We are obliged by applicable laws to maintain records of personal data for ten years after the termination of a client relationship, this term may be extended upon request by the local competent authority.
We collect and process the abovementioned data to fulfil our contractual obligations and legitimate interest before you, namely:
provide services, including execution of requested transactions and related maintenance of the services you registered for and manage the account you hold;
provide you with the information about your activities within the account;
inform about any changes and updates to the services you are provided with;
assess and mitigate risks related to anti-money laundering and terrorism financing regulations as well as transaction related risks;
comply with applicable legislation;
maintain actions in relation to legal claims;
provide additional or supportive services, as well as perform Client surveys and statistical analysis;
convey marketing activities;
improve the performance and functionality of our services.
The above list may be extended depending on the development of the services.
The main lawful basis of Personal data processing for these purposes are:
your consent to the personal data processing;
conclusion and performance of the contract with you or your client;
fulfilment of legal obligations under applicable legislation;
our legitimate interests.
PROCESSING OF YOUR PERSONAL DATA
Your personal data may be received and processed:
(a) by Doroex within our inner systems of processing, which complies to technical and organizational measures in a manner that meets applicable requirements of Regulation and security standards; and/or
(b) by 3rd party service providers and processors who access and use the data only to the extent required to perform the obligations subcontracted to them by Doroex (hereinafter – “subprocessors”).
You don’t have to share information about yourself if you don’t want to. But if you don’t, you may not be able to use some (or any) of Our Services.
Those subprocessors perform tasks on our behalf and are contractually obligated not to disclose or use collected information for any other purposes, than storage, help in facilitation of technical aspects of our services or perform functions related to the administration of services (collection and analysis) or other indicated under contractual closes.
If such subprocessors are outside of the European Union or European Economic Area, the processing of personal data is done or will be done in accordance with the applicable laws.
Subprocessors remain fully liable for all obligations subcontracted to, and all acts and omissions of, Doroex is not responsible if the information is disclosed as a result of a breach or security lapse at any such subprocessors, or for such subprocessors’ non-compliance with the foregoing requirements.
DISCLOSURE OF YOUR PERSONAL DATA
members of management bodies, employees, representatives, authorised persons of Doroex;
internet/computer software services providers, companies specializing in IT and marketing services;
IT infrastructure services providers;
customer support services providers and helpdesk services providers;
public institutions, public officials, investigatory authorities, courts, prosecutor’s office, subjects of operational activities, orphans’ courts, notaries, law enforcement officials, judicial and investigatory authorities of other member states and foreign countries, tax authorities, arbitration courts, out-of-court dispute resolution bodies;
financial and payments market participants (global financial messaging infrastructures, correspondent banks, insurance companies, payment systems, payment service providers and technical and non-technical processors, agency companies, business partners of Doroex or clients, financial service intermediaries etc.);
companies that carry out KYC/AML database checks and fraud database checks;
Doroex’s cooperation partners, agents, suppliers and service providers, auditors, financial management and legal advisors;
Video surveillance/security services provider/s;
Other persons connected with the provision of our services.
We may monitor or record telephone calls, emails, web chat or other communications with you for regulatory, security, quality assurance or training purposes. When visiting our offices, video surveillance, access control systems and/or other monitoring systems may be in operation for security reasons and for health and safety and office management purposes.
We may also share your details with people or companies if there’s a corporate restructure, merger, acquisition or takeover.
WHERE WE STORE YOUR PERSONAL DATA
Usually, we do not transfer your Personal data to countries outside the European Economic Area (“EEA”). However, We, our service providers, and other parties with whom we may share your Personal data (as described above) may process your Personal data in territories that are outside the EEA, or otherwise outside of the territory in which you reside. These countries may have data protection standards that are different to (and, in some cases, lower than) those of the territory in which you reside.
the European Commission says the country or organisation has adequate data protection, or
we’ve agreed to standard data protection clauses approved by the European Commission with the organisation.
HOW WE PROTECT YOUR PERSONAL DATA
We comply with its obligations under the applicable data protections laws by:
keeping personal data up to date;
storing and destroying it securely;
not collecting or retaining excessive amounts of data;
protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical and organizational measures are in place to protect personal data.
The transmission of information via the internet is not completely secure. Although we will do our best to protect your Personal data, we cannot guarantee the security of your information transmitted to our site, unless you are communicating with us through a secure channel that we have provided. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
If Doroex becomes aware of any breach of our security leading to the accidental or unlawful destruction, loss, alteration or unauthorized disclosure of, or access to (excluding unsuccessful attempts or activities) personal data of Clients on systems managed or otherwise controlled by us we will notify you promptly and without undue delay and in compliance to the procedure prescribed under respective Regulation.
The notification will be sent to your e-mail address at the discretion of Doroex or by other direct communication channel available to Doroex and allowed by Client (for example, by phone). It is sole responsibility of the Client to provide us with the e-mail address and ensure that this e-mail address is valid and active.
None of Data Incidents notification from Doroex may not be and will not be construed as an acknowledgment of any fault or liability with respect to data incident by us.
CLIENT’S SECURITY COMMITMENTS
Client agrees that without prejudice to our security measures and data incidents that it is Client’s responsibility to make appropriate use of our services to ensure a level of security appropriate to the risk in respect of your personal data and securing your authorization credentials, system and devices which you use to access to our services.
We are not obliged to protect your personal data that you choose to store or transfer outside Doroex and our subprocessors’ systems.
HOW LONG WE KEEP YOUR INFORMATION.
We store Personal data no longer than it is reasonably required for the purposes for which particular Personal data is processed. Personal data storage periods shall be determined based on applicable legal acts or our legitimate interests.
In order to establish how long we keep different categories of data, we consider why we hold it, how sensitive it is, how long the law says we need to keep it for, and what the risks are.
We reserve the right to erase specific information before the expiry of the set period if this is not prohibited by the applicable legal acts.
AUTOMATED DECISION MAKING AND PROFILING
In some instances, our use of your Personal data may result in automated decisions being taken (including profiling) that legally affect you or similarly significantly affect you.
We may process of Personal data by automated means for the purposes of legislation relating to risk management and continuous and periodic monitoring of transactions in order to prevent fraud, money-laundering and terrorist financing events.
If you are using the Doroex Services in the EEA, when we make an automated decision about you, you have the right to contest the decision, to express your point of view, and to require a human review of the decision. You can exercise this right by contacting us at the details below. Privacy laws continue to develop and if you think or are unsure as to whether such right may apply to you, please also contact us, so we can assess and advise.
CLIENT’S RIGHTS IN RESPECT TO HIS/HER PERSONAL DATA
Subject to applicable laws, you may have the right to access information we hold about you. Your right of access can be exercised in accordance with the relevant data protection legislation. If you have any questions in relation to our use of your Personal data, contact us.
Under certain conditions, you may have the right to require us to:
provide you with further details on the use we make of your Personal data;
provide you with a copy of the information that you have provided to us;
correct, or update your Personal data;
delete your Personal data that is no longer necessary, or no longer subject to a legal obligation to which we are subject to. We have legal obligations so it may not be possible to delete your Personal data at the time of request. Once the required time has passed then we will be able to comply with your request;
where processing is based on consent, to withdraw your consent so that we stop that particular processing;
object to its processing or temporarily restrict its processing while exercising your other rights. However, objection to any processing based on the legitimate interests ground may be possible unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights;
request to transfer certain of your Personal data to another service provider;
to opt-out of certain uses of your Personal data, including asking us to limit the sharing of your Personal data with affiliated and non-affiliated third parties.
Your exercise of these rights is subject to certain exemptions to safeguard the public interest, e.g., the prevention or detection of crime, and our interests, e.g., the maintenance of legal privilege. If you exercise any of these rights, we will check your entitlement and respond in most cases within a month.
If you prefer to prohibit the usage of cookies, please use your browser settings. Most browsers give you an ability to manage your cookies or provide you with an “incognito mode” or similar features, which allows you to not record your visits and downloads in your browsing and download histories. In this mode any cookies created during this type of session are deleted after you close all “incognito” windows.
For more details, please check our Cookies Policy available on our website.
All comments, queries and requests relating to our use of your information are welcomed. You may submit your questions, requests and complaints to our data privacy department by email to email@example.com, marked FAO Privacy or by post to Dorofia d.o.o., Ul. Ivana Meštrovića 3510360, Sesvete, Croatia.