Data protection is a matter of trust and your privacy is important to us. Therefore, we collect only that information which are required to provide you our services and relevant to our dealings with you. We keep your information for as long as we are either required to by law or as is relevant for the purposes for which the data was collected. We do not share your personal information with third parties. Information is only shared with your consent and/or if required by applicable laws. Please read this policy carefully. It gives you important information about how we handle your personal information.
Dahabshiil reserves the right to change, amend and update this policy at any time.
Data that we collect:
We collect, store, record, process and use your data for sending and receiving money through our company, to respond to any potential claims, and to provide you with our services. We may collect your personal information, both in electronic form and manual filing system, including but not limited to,
- date of birth,
- email address,
- mailing address,
- telephone number/mobile number,
- payment details,
- payment card details
- bank account details,
- photo ID (passport/driving license),
- residence permit,
- annual report (for companies),
- tax documents,
- CVR number, and
- personal detail of recipient.
Use of Data:
Our primary purpose to collect your data is to provide you a safe, efficient and smooth services. We use the information for the legitimate business purposes. Specifically, for the following activities –
- to process the transactions under your instructions – sending and receiving money;
- to verify and carry out financial transactions in relation to payments you make;
- to execute business processes, internal management, reporting activities, internal and external audits, investigation and business control;
- to ensure legal compliance with domestic and regional data protection laws, AML and other relevel laws;
- to improve our products and services.
- Personal data shall be used only for the purposes for which they were originally collected (Original Purpose).
- Information collected for KYC under Danish AML will not be used for other purposes. KYC information shall be stored for 5 years.
Processing of your personal data are based on a legal ground permitted by the relevant Data Protection Law and EU General Data Protection Regulation (GDPR). Our legal bases include –
- necessary for the purposes of the legitimate interests that we pursue, which are:
- to run and administer our business;
- to prevent fraud;
- to provide you with our services;
- to evaluate, develop or improve our services;
- to discharge our legal obligations to store and disclose information where necessary;
- to provide you with an efficient and smooth customer experience;
- necessary for the performance of our contract with you to provide you with our services;
- necessary to comply with a legal obligation to which we are subject; or
- your consent that you have given us.
Subject to your consent and/or as otherwise required by law, we may disclose, share and allow access to your personal information to our parent company (Dahabshiil HQ), partners and agents in order to do the transactions requested by you. We may also disclose your information where disclosure is necessary to comply with any applicable law, regulation, legal process or appropriate government requests and to prevent any fraudulent transaction. We will not make any disclosures of your personal information to any third party without your consent.
Transfer to Third Country:
Your personal data may be transferred to a third country (out of the EU/EEA) and may be processed by our employees and agents out of EU. If the data recipients are outside the EU/EEA, we confirm that they provide an adequate level of protection for your personal data or that the transfer is otherwise permitted under applicable Data Protection Law, by methods including using Standard Contractual Clauses (SCC), Binding Corporate Rules (BCR), registration for the Privacy Shield program, or by relying on a relevant adequacy decision by the European Commission or on other legal grounds.
When the transfer is within same corporate group (Dahabshiil Group), we ensure the compliance with several policies and strategies for data protection and information security, including but not limited to –
- General Information Security Policy;
- Access Control Policy;
- Agreement to comply with security policies;
- HQ physical Security policy;
- Disposal policy;
- User account & passwords policy;
- Non-discloser agreement (3rd Parties);
- Policy on sharing sensitive information and equipment;
- Staff Handbook;
- Online user creation/management policy;
- Wireless Security policy;
- Security Awareness Policy;
- Standalone & Network Security policy;
- Acceptable use policy;
- Employment term and conditions;
- Dahabshiil email policy;
- Dahabshiil Internet acceptable policy;
- Software Security policy.
In addition to that, we are preparing Binding Corporate Rules (BCR) to regulate data transfer within the group.
We are committed to ensure that your information is secure. In order to prevent unauthorized access or disclosure we have put in place suitable technical, physical, electronic and administrative procedures to safeguard and secure the information that we collect. Our appropriate technical and security measures prevent any unauthorized or unlawful access or accidental loss or destruction or damage to your personal information.
When we collect your data, we store them on a secure server and we use firewalls on our servers. We follow generally accepted industry standards to protect the personal information, both during transmission and once we receive it. We conduct penetration test both internally and externally to fix any vulnerability of our security system. The printed copy of your personal information is kept a safe locker with limited access. We encrypt your personal inform when we send them to our partners, agents and HQ. We take preventative measures to restrict access to your sensitive data. Only authorised persons are granted access to such personal information.
The transmission of information through the internet (i.e by emails, text messages etc.) may not be completely secure. Although we will take appropriate measures to protect your personal data, we cannot guarantee the security of your data transmitted to us; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to protect your data.
If you are concerned about your personal data, you can exercise following rights to protect them -
- To be informed about how your personal data is stored and being used.
- To be informed about what type of data we hold on you and how it is accessed. Please download this Data Subjects Access Request Form (DSAR Form) and send it to us after filling in it to have the information about your personal data.
- To request for your personal data to be rectified, amended or corrected.
- To request for your personal data to be deleted or erased from our records (subject to the limitation under other regulatory requirements i.e. AML).
- To ask for your personal data be restricted if it is being held in violation of the law.
- To be informed about the portability of your data explaining means by which your personal data is transferred.
- To be informed about how we obtain this data.
- To validate the authenticity of the personal data we have about you.
- To request for your right to be forgotten by deleting personal data.
- Your right to notification whenever there is a breach.
- The right to complain to the Data Protection Officer and/or Data Protection authority whenever you feel your personal data has been misused.
We do not offer our services to anyone under the age of 18 ("Children"). We do not knowingly collect any personal information from children under 18. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us. If we discover that a child under 18 has provided us with personal information, we will delete such information from our servers.
Phone: +45 22532656