Privacy Policy
DCIC S.A., as Data Controller (in the following also called "DCIC", "we" or "us"), ensures the greatest attention to confidentiality, protection and security of personal data of the people it comes into contact with. The following information is intended to provide you with an overview of the processing of your personal data by DCIC and your rights under data protection legislation. Specifically, what information is processed and how it is used depends substantially on the services requested and/or agreed upon.
The user of this website is encouraged to read in advance all of the sections of this document, where the website's management procedures related to the processing of users' personal data are described. This also constitutes a privacy notice pursuant to EU Regulation 679/2016 (GDPR) provided to everyone who is interacting with DCIC's web services accessible through the internet at the following address: https://www.decash.com. This privacy notice applies only to DCIC's website and not to any other website the user could land on through links found on DCIC's website.
Personal data DCIC might have access to are exclusively those provided by you while surfing the website through the optional, explicit and voluntary sending of the modules found on this website or of e-mails to the addresses on this website. Failure to provide the data might determine the impossibility for DCIC to provide the requested service. The processing of your personal data may be carried out through manual and telematic tools.
Data Controller
The Data Controller is DCIC S.A, with registered office in Bloc Office Hub, Fifth Floor, Santa Maria Business District, Panama City, Republic of Panama.
E-mail address: info@decash.com
What Information We Collect and Use
We process personal data that we obtain from our customers as part of our business relationship. This data protection notice also applies to persons who do not have any business relationship with DCIC but whose information is processed by DCIC for other reasons (e.g., people who write to us or otherwise contact us, visitors to our websites, recipients of information and marketing communications, contact persons for our suppliers, buyers and other business partners, participants in contests, competitions and customer events, visitors to our locations).
| Data | Acquisition Mode | Purpose | Legal Basis | Retention |
|---|---|---|---|---|
| Technical data (IP address, browser type, language, plug-ins, etc.) | Automatic during platform visit | Managing relationships; improving products, services and technologies; analysis and statistics | Overriding private interest | 30 days maximum |
| Identity information (name, address, company name, photograph, email, phone, occupation, etc.) | Entered by user via contact forms | Risk management; fulfilment of legal obligations; negotiation and stipulation of contracts | Fulfilment of contractual and legal obligations (anti-money laundering) | Up to 10 years after termination of the contractual relationship |
| Email, phone number, name, address | Entered by user | Managing relationships; information and direct marketing; events | Your consent / Preponderant private interest | Until request of cancellation |
| Data obtained from third parties (public databases or paid services) | Reception by third party | Managing risk; fulfilment of legal obligations | Fulfilment of contractual and legal obligations (anti-money laundering) | Up to 10 years after termination of the contractual relationship |
Why Do We Process Your Data?
We always process your personal data for a specific purpose and only to the extent necessary to achieve that purpose. The main purposes are:
Negotiations and Contracts
To confirm your identity and evaluate your application (including any need for personal guarantees or other collateral) and to perform compliance checks for legislative or regulatory requirements (e.g., compliance with anti-money laundering and fraud laws and regulations).
Managing Risk
Processing of data to meet DCIC's internal operational requirements for risk management, system or product development, and planning, insurance, audit, and administrative purposes. Processing of data to provide payment products and services and to ensure their proper functioning, e.g. by conducting appropriate identity checks and making deposits to and withdrawals from your account in accordance with your instructions and the terms of the product in question.
Managing Our Relationship With You
To deal with customer service issues and complaints regarding products and services provided by us and our business partners, to clarify where you are located if we can no longer reach you.
Measures to Improve Our Products, Services and Technologies
Checking and updating our systems and processes, for market research purposes, to find out how we can improve our existing products and services or what other products and services we might offer.
Information & Direct Marketing
We process personal information to send you information and advertisements, including through push notifications, about products and services that we think may be of interest to you, including products and services offered by us or our business partners.
Events
We also process personal data when we hold events for clients. Such data may include first and last names of participants and/or prospects, their mailing address and/or email address, and possibly other information. Each customer may opt out of receiving information or revoke any previous consent given to the processing of data by sending DCIC a written request to this effect, including by e-mail.
Fulfilling Legal Obligations
Compliance with financial, anti-money laundering and tax legislation in relation to the recording and monitoring of communications, disclosure of data to tax, financial regulatory and other supervisory and/or national authorities and for the purposes of crime detection or prevention.
Analyses and Statistics
To perform transaction and statistical analysis and similar analysis. In specific cases, we will ask for your consent to process personal data for certain purposes such as transfer to third parties for their marketing purposes. Such consent must be given to us separately and can be revoked at any time.
Who Will Receive My Data?
We will only disclose your personal information if we are required to do so to comply with our legal or regulatory obligations, for business or administrative reasons, or because you have asked us to do so. This is likely to include disclosure:
- Inside the company
- To third parties who process personal data on our behalf (IT system providers and other service providers)
- To any government, regulatory agency, enforcement or exchange agency, or court that requires it under applicable law or regulation
The list of data processors is available by contacting the data protection officer at: info@decash.com
How Long Will My Data Be Kept?
We retain your personal information as long as it is necessary for the purposes for which we collected it. In the case of contracts, we retain your personal data at least for the duration of our contractual relationship.
We also retain personal data whenever we have a legitimate interest in doing so. This may be the case if we need personal data to exercise rights or defend against claims, for archiving purposes, to ensure IT security or as long as the statute of limitations on contractual or non-contractual claims is still running.
In addition, we retain your personal data for the applicable legal retention period, compliance with retention periods under tax or trade legislation or compliance with the 10-year retention period under money laundering legislation. Upon expiration of these periods, your data will be deleted or anonymized.
Data Subject Rights
In accordance with articles 15 to 21 of Regulation (EU) 679/2016, data subjects may exercise the following rights:
- Right of access — right to obtain confirmation as to whether personal data concerning you are being processed, and access to those data and detailed information on their origin, purposes, categories, and recipients.
- Right to rectification — right to obtain rectification of inaccurate personal data and the right to have incomplete personal data completed.
- Right to erasure ("right to be forgotten") — right to obtain erasure of personal data when they are no longer necessary in relation to the purposes for which they were processed, consent is withdrawn, the data have been unlawfully processed, or erasure is required for compliance with a legal obligation.
- Right to object — right to object at any time to processing based on a legitimate interest of the Controller and/or to processing for marketing purposes, including profiling.
- Right to restriction of processing — right to obtain restriction of processing where the accuracy of the data is contested, the processing is unlawful, or the data subject has objected to processing.
- Right to data portability — right to receive personal data in a structured, commonly used and machine-readable format, and the right to have the data transmitted from one Controller to another where technically feasible.
- Right to lodge a complaint — right to lodge a complaint with the supervisory authority of the member state in which you reside or are established.
- Right not to be subject to entirely automated profiling — where profiling is entirely automated, right to obtain human intervention, express your point of view and contest the decision.
To exercise your rights as a Data Subject, send your request to:
DCIC S.A., Bloc Office Hub, Fifth Floor, Santa Maria Business District, Panama City, Republic of Panama
E-mail: info@decash.com
Am I Required to Provide Information?
In the course of our business relationship, you must provide us with the personal information we need to initiate and conduct our business relationship and to fulfil our contractual obligations, as well as the information we must collect by law. Without such data, we will not be able to enter into or perform the contract.
In particular, before we can enter into a business relationship with you, money laundering legislation requires us to verify your identity through your identification documents and to collect and record your full name, place and date of birth, nationality, address and identification document details.
Security of Data
DCIC adopts technical and organisational measures to ensure the security of the information collected and processed from unlawful access, misuse, loss, falsification and destruction. These measures include:
- Cryptography
- Pseudonymisation
- Logging
- Access control
- Data backup on multiple servers
- Instructions for employees
- Confidentiality agreements
- Regular reviews
Access to your personal information is permitted only to those who need it to perform their duties. It is generally impossible to completely rule out security risks. Since perfect data security cannot be guaranteed for communications via email, instant messaging or similar means, we recommend sending confidential information via particularly secure means such as mail or by agreeing on additional safeguards with our technical staff.
The content of this website — script code, graphics, texts, charts, images, sounds, and any other information — is protected within the meaning of legislation in the field of intellectual works. Software products and informative contents, unless specified otherwise, can be downloaded or used for personal use only, or for non-commercial use citing the source.