Diabos GDPR Policy
In the trailing para paragraphs, we would like to give you an overview of how we will process your data and of your rights according to the General Data Protection Regulation (GDPR). The details with respect to what data will be processed and which method will be used depend significantly on the services applied for or agreed upon.
Sources and Categories of Personal Data Concerned
We process personal data that we obtain from our clients only in the context of our business relationship.
We may process the following categories of personal data
Personal data: Name, address, e-mail id, contact number(s), date of birth, gender, nationality, location, purchase and payment details, signatures, personal identification number, and passport number.
Special categories: We do not seek to collect or otherwise Process your Sensitive Personal Information. Where we need to Process your Sensitive Personal Information for legitimate purposes, we do so in accordance with applicable laws. The Services are not intended for use by children.
We do not collect or otherwise Process Personal Information about race, religion, sexual orientation or health or any other information that may be deemed to be sensitive under GDPR (collectively, “Sensitive Personal Information”) in the ordinary course of our business.
Children: The DA Services are not intended for the use by Children below the age of 18 years.
Purpose of processing your data and Legal Basis of Processing Data
DIABOS utilizes personal data only for the purpose of delivering contracted products and services to the customer.
Legal Basis for processing your data
Processing personal data is dependent on the purpose for processing and may vary as described and applicable to the contracted product or services. In general, we process personal data under the following legal basis
Performance of the contract
Personal data to perform our obligations under the Service Terms as inscribed in contracts applicable to the product or service use, provided by us or our customers.
Customer consent
We process personal data if the data subject/data controller have consented to the processing activity. Data subjects may revoke their consent at any time. Doing so will bar us from further processing of data subject’s personal data based on received consent but will not impact the lawfulness of processing based on consent before it was withdrawn. Some of the features of our products and services might be only available based on consent.
Legal obligations
We process the data subject’s personal data as needed to comply with laws and regulations.
Legitimate interests
We do not process data subject’s personal data to further our legitimate interests, such as in connection with managing, developing, testing, securing, and in limited circumstances marketing, advertising, and making recommendations regarding our products and services.
Recipients of Data
| Organization/Institution Name | Purpose of transferring the data |
| Ebury, UK | International payments |
| JM Baxi Technologies Pvt. Ltd., Boxco Logistics India Pvt. Ltd. |
Contract and service, back-office processing |
Transfer of Personal Data Abroad
DIABOS Global Fze will pass on your personal data to third parties mentioned below
| Third country (Non-EU) / international organization | Purpose of sharing the data | Safeguard in place to protect your data |
| Organization name and location | ||
| Boxco Logistics India Pvt. Ltd., Mumbai, India | DA processing, back office support and cash management | The personal data in e-form is on cloud and only be accessed by authentic users by using username with valid passwords. The periodic backups are taken and stored in the encrypted form. The data can only be accessed by lawful personnel of the organization to substantiate the data availability and restoration activity with prior consent from DIABOS Global FZE. |
| The organization is in contract with a renowned information management service provider to manage the information existed in hard form. The personal data can be accessed by the lawful personnel with prior consent from DIABOS Global FZE. | ||
| The personal information is stored and safeguarded in both hard form and e-form till the directives for removal of information is not received from DIABOS Global FZE. |
Please contact us if you would like to request to see a copy of the specific safeguards applied to the export of your information
Further processing
If DIABOS wishes to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior explicit consent to the new processing.
To What Extent Is There Automated Decision-Making?
In establishing and carrying out a business relationship, we generally do not use any automated decision-making pursuant to Article 22 of the GDPR. If we use this procedure in individual cases, we will inform you of this separately, as long as this is a legal requirement.
Will Profiling Take Place?
We process some of your data automatically, with the goal of assessing certain personal aspects (profiling). We use profiling for the following cases, for instance
- auto-notifications,
- auto-emails
How long do we keep your data?
DIABOS keeps your personal data depending upon the regulations which articulates the minimum period for storing physical documents for audits. The personal data stored in the e-form will remain for indefinite time with DIABOS which will only be removed based on the request received from the data subjects (Principle /Agents /Operators/Service providers/Charterers’/brokers’). The data other than personal information like complete port call details, payments, contract details will not be removed and retained by DIABOS.
Your rights and your personal data
You have the following rights with respect to your personal data
- The right to request a copy of your personal data which DIABOS holds about you;
- The right to request (Right to Rectification) that DIABOS corrects any personal data if it is found to be inaccurate or out of date;
- The right to request your personal data is erased (Right to Erasure) where it is no longer necessary for DIABOS to retain such data; DIABOS does retain the personal data available in any form for the purpose of audit and for fulfilling the legal obligations. The personal data will be erased based on the request of the data subject only if it is no longer required in legal viewpoint.
- [The right to withdraw your consent to the processing at any time] [Only insert if consent is relied upon as a processing condition]; DIABOS only collects the personal information which is legitimate to contract requirements hence DIABOS removes the personal data on request only if the contract is over or the information is no longer required for fulfilling any legal obligations.
- The right to request that the DIABOS provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), The DIABOS business model is governed by the contracts and does not port or transmit the personal data to other data controller.
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
- The right to object to the processing of personal data is subject to contract and legal obligation. Data subject can object to the processing of personal data in case of unlawful dispensation or divergence from the contract terms or objective of the collection of personal data.
Contact Details of Controller and Data Protection Officer
You can contact ‘Rajesh Palshetkar’ representative of DIABOS on +91-22-49716692 or via email at [email protected] or at the address: Godrej Coliseum, 801-C wing, Behind Everard Nagar, Sion (E), Mumbai - 400 022, INDIA
