Privacy

Diona

Protecting personal data is a priority for everyone. This policy tells you the types of information we collect when you visit our website (www.diona.com) (“Website”), make enquiries of us and/or use our services and products, how we use that information and when we may share that information.  This policy may change from time to time so please check it every so often.  

This Privacy Policy relates to the data we collect from you which includes “personal data” (being any information which identifies a person or which allows that person to be identified when combined with other information) and data which is otherwise recognised as sensitive data. 

 

Who are we?

We are Diona.  We are an international organisation with companies in different countries.  The parent company is Diona DAC (a company incorporated in Ireland). Our subsidiary companies and their addresses are listed on the Website.  We are the controller of personal data for the purposes of this Privacy Policy. 

If you have any questions about this Privacy Policy, including requests to exercise your legal rights, please contact us using the details set out below: 

Attn: Chief Data Security Officer 
Diona DAC 
Charlemont Exchange, 
Charlemont Street, 
Dublin,  DO2 VN88 
Ireland  

Email: info@diona.com 

 

What Data do we collect from you? 

We collect and use data relevant to your use of our services and products, and your contact with us via the Website or through other means.  In respect of this personal data, we are the Controller. 

If you are enquiring about using our products, signing up to receive information from us, entering into a contract with us or if you are enquiring about employment opportunities, it may be necessary for you to provide certain data to us.   

The data you provide or may provide is listed below.  

If you are passing data to us that belongs to someone else you must ensure you are lawfully permitted to transfer such data to us. 

We may collect, use, store and transfer different kinds of personal data as follows: 

  • Identity Data includes your name, email address, username, title, date of birth, gender, CCTV footage or similar identifier. 

  • Contact Data includes billing address, delivery address, email address and telephone numbers. 

  • Financial Data includes bank account and payment card details. 

  • Transaction Data includes details about payments to and from you and other details of any payments made by you whilst using our services or purchasing services or goods from us. 

  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting, location, browser plug-in types and versions, operating system and platform, screen resolution and other technical characteristics of your device, your use of our services and applications and connection to the Website, (as applicable to the device you are using). 

  • Profile Data includes your username and password, your user ID and preferences and feedback. 

  • Usage Data includes information about your visit, including the website that referred you to the Website (if applicable), the path that you take through and from the Website (including date and time); pages that you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page. 

  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences. 

We also collect, use and share Aggregated Data, such as statistical or demographic data, for any purpose. Aggregated Data may be derived from your data but is not considered personal data as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy. 

We do not collect any Special Categories of personal dataabout you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences. 

 

How do we collect Data? 

We use different methods to collect data from you including as follows: 

Enquiring about our products or services 
If you contact us to ask about our products or services or about us generally, either through the Website or otherwise, we will collect and process Identity, Contact and Financial Data. 

Buying our products or services 
If you enter into a contract for the supply of our products or services, we will collect and process Identity, Contact, Financial, Transaction, Technical, and Profile Data. 

Correspondence 
If you correspond with us using our contact form or through our ‘contact us’ or help features, we will collect and process Identity and Contact Data. 

Marketing 
If you elect to receive marketing information from us, we will collect and process Identity and Contact Data. 

Browsing 
We collect some Technical and Usage Data. 

Candidates applying for a role at Diona 
We will collect your Identity, Contact Data and Profile Data and information relating to your employment history. 

We will also collect data about you during telephone calls, in emails, during face to face or online interviews and from recruitment companies, head-hunters and social sites. 

We would always like to keep in touch with excellent candidates regarding any future vacancies and as a result, your consent also includes the ability for Diona to retain your personal details. 

 

How do we use Data collected from you? 

We will only use your data when the law allows us to. Most commonly, we use it in the following circumstances:  

  • Where we need to perform the contract we are about to, or have, entered into with you. 

  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests). 

  • Where we need to comply with a legal or regulatory obligation. 

Generally, we only rely on consent as a legal basis for processing your data where we need to obtain the consent to provide you with our products or services or to send you third party direct marketing communications to via email or text message.  You have the right to withdraw your consent at any time. 

We have set out below the ways we use data and the legal basis for doing so.  We have also identified what our legitimate interest is, where appropriate.  

 

Purpose/Activity 


To register you as a new customer 

Type of Data 


(a) Identity 
(b) Contact 

Lawful basis for processing including basis of legitimate interest 

(a) Performance of a contract with you 
(b) Necessary for our legitimate interest (for running our business and provide you with services) 

To perform the contract and provide you with product or services services: 
(a) Manage payments, fees and charges 
(b) Collect and recover money owed to us 

(a) Identity 
(b) Contact 
(c) Financial 
(d) Transaction 
(e) Technical 
(f)  Marketing and Communications 

(a) Performance of a contract with you 
(b) Necessary for our legitimate interests (to recover debts due to us) 

To process a job application and keep you informed of employment opportunities

(a) Identity 
(b) Contact 
(c) Financial 
(d) Profile 

(a) Performance of a contract with you 
(b) Necessary to comply with a legal obligation 
(c) Necessary for our legitimate interests (to recruit good candidates for our business

To manage our relationship with you which will include: 
(a) Notifying you about changes to our terms or privacy policy 
(b) Asking you to provide feedback on our products and services 

(a) Identity 
(b) Contact 
(c) Profile 
(d) Marketing and Communications 

(a) Performance of a contract with you 
(b) Necessary to comply with a legal obligation 
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products and services) 

To administer and protect our business and the Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

(a) Identity 
(b) Contact 
(c) Technical 

(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) 
(b) Necessary to comply with a legal obligation 

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

(a) Identity 
(b) Contact 
(c) Profile 
(d) Usage 
(e) Marketing and Communications 
(f) Technical 

Necessary for our legitimate interests (to study how customers use our products and services, to develop them, to grow our business and to inform our marketing strategy)

To use data analytics to improve the Website, services, applications, marketing, customer relationships and experiences

(a) Technical 
(b) Usage 

Necessary for our legitimate interests (to define types of customers for our products and services, to keep the Website updated and relevant, to develop our business and to inform our marketing strategy)

To make suggestions and recommendations to you about products and services that may be of interest to you

(a) Identity 
(b) Contact 
(c) Technical 
(d) Usage 
(e) Profile 

Necessary for our legitimate interests (to develop our products/services and grow our business)

 

We may process data for more than one lawful ground depending on the specific purpose for which we are using data.  Please contact us if you want further details about the specific legal ground we are relying on to process your data. 

Where we need to collect data by law, or under the terms of a contract and you do not provide that data when requested, we may not be able to perform the contract.  In this case, we may have to cancel a service you have with us. 

 

Who do we share your Data with?

We may share your data within Diona and the Diona group (i.e. our officers, staff and contractors) and with our service providers; for example, to service your requests or provide you with information.  We may also share your data if a change happens in our business such as a merger or acquisition. If that happens, the new owners may use your data in the same way as set out in this Privacy Policy. 

We may also share your data with service providers who we engage to help us run our business or deliver our services to you, such as our IT suppliers.   

We may also share your data with other organisations or individuals when it is reasonably necessary to: 

  • Meet any applicable law, regulation, legal process or request of a suitable governmental body or public authority e.g. under a relevant court production order. 

  • Enforce applicable legal terms and conditions or our other legal rights, including investigation of potential violations. 

  • Detect, prevent, or otherwise address financial crime. 

  • Protect against or prevent harm to the rights, property or safety of Diona, our customers or the public as required or permitted by law. 

 

Where is the Data stored and processed?

We will process and store your data on the Website servers, email and other servers and equipment that are needed to provide our products and services to you as applicable. 

This might involve international transfers of your data between the Diona Group companies or to our service providers if they are located in a different country.   

Transfers between the Diona Group Companies 
The transmission of personal data between Diona Group Companies is based on the general principles for transfers set out in Article 44 of the EU General Data Protection Regulations; that is on the basis of an adequacy ruling or other appropriate safeguard such as the standard data protection clauses. 

Transfers to our service providers 
Our service providers, such as Microsoft or Google Analytics (Google Inc. and its affiliates), may process your data in the course of providing our email, storage and communications services or analytical information to us about the use of the Website. These service providers may collect and/or transfer your data outside of the UK or European Economic Area. 

For more information on how Microsoft processes personal data can be found at the Microsoft Trust Centre: https://www.microsoft.com/en-gb/trust-center 

For more information on how Google Analytics processes your data you can visit here: https://support.google.com/analytics/answer/6004245?hl=en-GB 

Technical support 
Sometimes we need to engage the assistance of our affiliated companies to provide technical support for your use of our service. The individuals providing the support may be based outside of the UK or European Economic Area and will only have access to your data when they need to in order to provide support. 

 

What Direct Marketing do we conduct?

If you provide your contact details, we might contact you individually in the future if we think that our services may be of interest to you. 

If we think it appropriate, we might also add you to our regular email marketing list. 

You can ask us to remove your personal details from our marketing lists using the contact details listed at the top of this Privacy Policy. 

 

Security of your Data

We have put in place appropriate security measures to prevent data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to data to those of our staff and other third parties who have a business need to know. They will only process data on our instructions and they are subject to a duty of confidentiality. 

We have put in place procedures to deal with any suspected data breach and will notify you and any applicable regulator of any breach where we are legally required to do so. 

 

Data Retention

We will retain data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. 

To determine the appropriate retention period for data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of data, the purposes for which we process data and whether we can achieve those purposes through other means, and the applicable legal requirements. 

For example, if you are a customer, we will generally keep your data for the longer of six years from the date of the last interaction with you or until the applicable statutory limitations period has expired. 

We regularly review the data we hold taking into account the lawful purpose for which we hold it and any data that is deemed no-longer relevant or required is deleted where it is practicable to do so. 

 

Your Legal Rights 

Under certain circumstances, you have rights under data protection laws in relation to your personal data.  

  • Request access to your personal data (commonly known as a "data subject access request"). This enables you to confirm with us whether your personal data is processed and, if it is to receive a copy of the personal data we hold about you. 

  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. 

  • Request erasure of your personal data in certain circumstances. This enables you to ask us to delete or remove personal data where it is no longer necessary for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your personal data unlawfully or where we are required to erase your personal data to comply with applicable law. However, the right to erasure is not an absolute right and we may not always be required to comply with your request for specific legal reasons which will be notified to you, if applicable, at the time of your request. 

  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party). In some cases, we may demonstrate that we have compelling legitimate grounds to process your personal data which override your rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. 

  • Request restriction of processing of your personal data in certain circumstances. This enables you to ask us to suspend the processing of your personal data in the following circumstances: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your personal data when relying on a legitimate interest but we need to verify whether we have overriding legitimate grounds to use it. 

  • Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to personal data processed by automated means which you initially provided consent for us to use or where we used the information to perform a contract with you. 

  • Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. 

  • Right to complain: You also have the right to lodge a complaint with the competent data protection supervisory authority. 

No fee usually required 
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. 

What we may need from you 
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. 

 

 

Contact us
If you have any questions about this Privacy Statement or our use of your information collected through the Online Services, please contact us at onlineservices@diona.com.