Privacy Policy
MyDiamondLab and its affiliates (collectively “MyDiamondLab”, “we” and “us”) take your data and privacy very seriously.
This Data & Privacy Policy describes the types of Personal Data we collect through our platform (“Platform”), including our website mydiamondlab.com. This policy also describes how we use Personal Data, with whom we share it and your rights and choices.
We have appointed a data protection officer (“DPO”). Our DPO has a number of important responsibilities including: monitoring MyDiamondLab’s compliance with the GDPR and other data protection laws, raising awareness of data protection issues, training MyDiamondLab staff and conducting internal audits, and cooperating with supervisory authorities such as the ICO on our behalf. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact us.
Complaints
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the Cyprus supervisory authority for data protection issues (www.dataprotection.gov.cy). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Personal Data We Collect
A. Personal Data that we collect about you
- To access the Platform you need to have an Account. When you register an account at MyDiamondLab you provide us with the following information:
- Your Full Name
- Your Email Address
- Your Phone Number
- Your chosen Password (note: we store an encrypted version of your password and are never able to see your plaintext password)
- (optional) Your Profile Image
- In order to register your Business on the Platform you provide us with the following information:
- Registered Company Address, including Country, Postal Code and City
- Website
- Company Registration information, including Registration Number, Registration Date and Entity Type
- Applicable Tax Number (e.g. VAT number)
- To comply with our AML and KYC policy you provide us with the following information:
- List of Directors
- Identity Proof of Directors
- Address Proof of Directors
- Certificate of Incorporation
- Business Address Proof
- For each additional Office you register to the Platform you provide us with the following information:
- Registered Address, including country, postal code and city
- Office Email Address
- Business Address Proof
- (optional) Office Website
- When you add your Bank Account to the Platform you provide us with the following information:
- Bank Account Number
- Bank Account Holder
- BIC or SWIFT number
- When you make purchases on the Platform we store information about each order, including:
- Date and Time
- Delivery Office
- Delivery Deadline
- Amount
B. Information that we collect automatically
- The Platform uses cookies and other technologies to function effectively. These technologies record information about your use of the Platform, including:
- Browser and Device Data
- IP address, device type, operating system and Internet browser type, screen resolution, operating system name and version, device manufacturer and model and language.
- Usage Data
- Time spent on the Platform, pages visited, links clicked, language and Account preferences, and the pages that led or referred you to the Platform.
How We Use Personal Data
A. Our Platform
- We rely upon a number of legal grounds to ensure that our use of your Personal Data is compliant with applicable law. We use Personal Data to facilitate use of the Platform, to comply with our financial regulatory and other legal obligations and to pursue our legitimate business interests. We also use Personal Data to complete Transactions and to provide payment-related services.
- Use of the Platform
- Allowing you to do the following (but not limited to): Register an Account, Access the Platform, Search for Goods, Manage Account Settings, Make and Manage Purchases, Send and Manage Transactions, Exchange Currencies, Manage Bank Accounts.
- Legal and Regulatory Compliance
- We use Personal Data to verify the identity of our Users in order to comply with fraud monitoring, prevention and detection obligations, laws associated with the identification and reporting of illegal and illicit activity, such as AML (Anti-Money Laundering) and KYC (Know-Your-Customer) obligations, and financial reporting obligations. For example, we may be required to record and verify a User’s identity for the purpose of compliance with legislation intended to prevent money laundering and financial crimes. These obligations are imposed on us by the operation of law, industry standards, and by our financial partners, and may require us to report our compliance to third parties, and to submit to third party verification audits.
- Legitimate Business Interests
- We rely on our legitimate business interests to process Personal Data. The following list sets out the purposes that we have identified as legitimate. We:
- Monitor, prevent and detect fraud and unauthorized Transactions
- Mitigate financial loss, claims, liabilities or other harm to Users and MyDiamondLab
- Respond to queries, send Platform notices and provide support
- Promote, analyze, modify and improve our Platform, systems and tools, and develop new features and tools
- Monitor, operate and improve the performance of the Platform by understanding their effectiveness
- Analyze and advertise our Platform
- Conduct aggregate analysis and develop business intelligence that enables us to operate, protect, make decisions and report on the performance of our business
- Share Personal Data with Third Party service providers that provide services on our behalf
- Ensure Security throughout MyDiamondLab
B. Marketing and events-related communication
- We may send you communications through email about MyDiamondLab’s Platform or new features and/or products, invite you to participate in Events or Surveys, or other Marketing purposes in accordance with the consent requirements imposed by applicable law.
How We Disclose Personal Data
MyDiamondLab does not sell or rent Personal Data to anyone. We share your Personal Data with trusted entities, as outlined below:
Service Providers
- We share Personal Data with a limited number of Service Providers. We have service providers that provide services on our behalf, such as identity verification services, website hosting, data analysis, information technology and related infrastructure, customer service, email delivery, and auditing services. These service providers may need to access Personal Data to perform their services. We authorize such service providers to use or disclose the Personal Data only as necessary to perform services on our behalf or comply with legal requirements. We require such service providers to contractually commit to protect the security and confidentiality of Personal Data they process on our behalf. Our service providers are predominantly located in the European Union and the United States of America.
Business Partners
- We share Personal Data with third party business partners when this is necessary to provide our Platform functionality. Examples of third parties to whom we may disclose Personal Data for this purpose are banks and payment method providers (such as credit card networks) when we provide Transaction processing services.
Compliance and Harm Prevention
- We share Personal Data as we believe necessary: (i) to comply with applicable law, or payment method rules; (ii) to enforce our contractual rights; (iii) to protect the rights, privacy, safety and property of MyDiamondLab, you or others; and (iv) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence.
You have choices regarding your Personal Data:
- Opting out of Electronic Communication
- If you no longer want to receive Marketing-related emails from us, you can tell us by clicking the unsubscribe link provided at the bottom of each email. We may still send you important administrative messages that are required to provide our Platform functionality.
- See or Change your Personal Data
You can see and change your Personal Data by going to the Settings section on the Platform. You can also contact us to inform us of changes.
Data Protection Rights
You have the following rights:
- The right to request confirmation of whether MyDiamondLab processes Personal Data relating to you, and if so a copy of that Personal Data
- The right to request MyDiamondLab to update Personal Data that is incorrect, inaccurate or outdated
- The right to request MyDiamondLab to delete your Personal Data
- The right to request MyDiamondLab to stop processing your Personal Data
- The right to request manual review of automated decisions (including but not limited to KYC checks)
Wherever the processing of your Personal Data is based on your given consent, you have the right to revoke that consent at all times
Security & Data Retention
A. Security
We make reasonable efforts to ensure a level of security appropriate to the risk associated with the processing of Personal Data. We maintain organizational, technical and administrative measures designed to protect Personal Data within our organization against unauthorized access, destruction, loss, alteration or misuse. Your Personal Data is only accessible to a limited number of personnel who need access to the information to perform their duties. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please let us know immediately.
All Personal Data is stored in the European Union, stored on secure servers, and transmitted and encrypted using Secured Sockets Layer technology.
B. Retention
We retain your Personal Data as long as we are providing Platform access to you. We retain Personal Data after we cease providing Platform access to you, even if you close your MyDiamondLab account, to the extent necessary to comply with our legal and regulatory obligations, and for the purpose of fraud monitoring, detection and prevention. We also retain Personal Data to comply with our tax, accounting, and financial reporting obligations, where we are required to retain the data by our contractual commitments to our financial partners, and where data retention is mandated by the payment methods that we support. Where we retain data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law.
C. Data Breach
We will inform the ICO and other relevant local authorities of any occurrence of a Data Breach, and will notify affected users if applicable.
Use By Minors
Access to the Platform is not directed to individuals under the age of thirteen (13) and we request that they not provide Personal Data through the Platform.
Updates to the Data & Privacy Policy
We may change this Policy from time to time to reflect changes in our practices or relevant laws. Any changes are effective when we publish the updated Policy on the Platform. We will provide you with disclosures and alerts regarding the Policy or Personal Data collected by posting them on our website and by contacting you through the Platform and email address of your Account.
Questions
If you have any questions about this policy, please contact us.
| Cookie |
Cookie Name |
Purpose |
| Cookie Consent |
CookieConsent |
This will remember that you are happy to allow cookies on our website. This cookie is set to expire after 90 days if accepted or declined (no other GA Cookies are stored, if this is declined). |
| Google Analytics |
_ga |
Used to distinguish users and expires in 2 years |
| Google Analytics |
_gid |
Used to distinguish users and expires in 24 hours |
| Google Analytics |
_gat |
Used to throttle request rate and expires in 1 minute |
| Google Analytics |
-utma |
This allows Google Analytics to determine unique visitors to our site. The cookie expires 2 years from initial creation or from update of cookie |
| Google Analytics |
-utmb |
This cookie is used to establish and continue a user session on our site. The cookie will expire 30 minutes from initial creation of from update of the cookie |
| Google Analytics |
-utmc |
This is used in conjunction with the -utmb cookie to determine whether or not to establish a new session for the user. This cookie will expire once you have closed your session with our website (once you have closed your browser) |
| Google Analytics |
-utmz |
This cookie is used by google to store where a visitor came from (search engine, search keyword, link). This cookie will expire 6 months from its initial creation or from update of cookie. |