Compliance
Whistleblowing
Compliance procedures
Privacy Notice
This privacy policy is aimed at describing the processing of personal data (“Data”) carried out by Dumarey Flybrid Limited (“Company”) through this website.
WHICH PERSONAL DATA WE PROCESS AND FOR WHAT PURPOSE
The data collected through the website and the related purpose of the processing are indicate below.
- Data provided by the user in the contact form (name, surname, job title, phone number and e-mail address), that will be processed by the Company in order to respond to requests of information related to its services, on the basis of article 6 (1) (b) of GDPR and with Chapter 2 section 35 of the UK Data Protection Act 2018.
- Cookies: cookies are small text strings that can be sent and recorded on the user’s computer by the websites visited, to then be retransmitted to the same websites when the user visits them again; this website uses only cookies necessary to allow the user to navigate around the website and use all its features.
PROCESSING PROCEDURES
The data will be processed by automated or electronic means, in compliance with current regulations regarding the processing of personal data.
COMMUNICATION OF DATA TO THIRD PARTIES
The Data may be communicated to third parties operating on behalf of the Company by virtue of a contractual relationship, appointed as data processors where applicable.
The Data may also be sent to third parties, if necessary, to comply with legal obligations, orders from public authorities or to allow the Company to exercise its rights before judicial authorities.
DATA RETENTION
The Data provided by the user in the contact form will be kept for six months. The necessary cookies used by the website will be kept for one year.
DATA CONTROLLER AND DATA PROTECTION OFFICER
The data controller is Dumarey Flybrid Limited with its registered office at Unit 4 Silverstone Park, Silverstone, Northants. NN12 8GX, United Kingdom. You can contact our DPO at the following email address: info@dumarey.com
DATA SUBJECTS’ RIGHTS
Data subjects can exercise the following rights:
- right to access means the right to obtain from the Company whether your Data are being processed and, where applicable, have access to them;
- right to rectification and right to erasure means the right to obtain the rectification of inaccurate and/or incomplete Data, as well as the erasure of Data when the request is legitimate;
- right to restriction of processing means the right to request suspension of the processing when the request is legitimate;
- right to data portability means the right to obtain Data in a structured format, ordinary used and readable, as well as the right to transfer Data to other controllers;
- right to object means the right to object to the processing of Data when the request is legitimate, including when the Data are processed for marketing or profiling, if applicable;
- right to lodge a complaint with a supervisory authority in case of unlawful processing of Data.
Data subjects can exercise the abovementioned rights by writing to the data controller.
SOCIAL MEDIA
The Company has social media pages on Linkedin and Twitter, and may create pages on other social media.
When visiting these pages, the relevant social media site may collect user Data as data controllers. Further information on the processing of Data by the various social media site is available via their respective privacy policies.
The Company only has access to information shared by the user as “public” through the interaction with social media pages. The Company can also view the Data that users of social media pages provide by sending public or private messages; such Data may be used by the Company to provide the information requested by the user.
Social media will send anonymous statistics to the Company on the use of the pages, containing information such as the number of followers, the number of interactions on a post or advertisement or the demographics of users, which will be used to improve the online content of the Company and to better respond to users’ interests.
AMENDMENTS AND UPDATES
This Privacy Policy entered into force on the 8th of August, 2023
The Company reserves the right to amend or updates the Privacy Policy. Any update will be published on this website and it will be effective immediately upon posting
Certifications
TISAX
The Dumarey Group applies TISAX
For the Dumarey Group, confidentiality, availability and integrity of information have great value, therefore we have taken extensive measures to protect sensitive information by following the catalogue of information security questions of the German Automotive Industry Association (VDA ISA).
The assessment was successfully conducted for all companies of the Dumarey Group by a certified audit provider TISAX (Trusted Information Security Assessment Exchange).
Through this assessment, all the Dumarey Group’s companies have demonstrated their commitment to the stringent TISAX VDA ISA security standards.
The group has always prioritised product quality and customer satisfaction. With this TISAX assessment, Dumarey further strengthens its leadership in ensuring data protection and information security.
Paolo Carlo Pomi, CISO of the Dumarey Group, said: ‘We will continue to invest in best practices and technologies to ensure the ongoing security of our customers’ data’.
The result is available exclusively on the ENX portal: https://portal.enx.com/en-US/TISAX/tisaxassessmentresults/.
