Last updated on 15 August 2021
Thank you for choosing to avail our Services!
It is important that you read this Policy in full, so that you are fully aware of how and why we are using your personal information. If there are any terms in this Policy that you do not agree with, please discontinue use of our Platform immediately.
From time to time, we may revise, amend or supplement this Policy to reflect necessary changes in law, our personal information collection and usage practices, our Services or Platforms, or certain advances in technology. If any material changes are made to this Policy, the changes may be prominently posted on the Platform. However, this is not obligatory for us; the onus is on you to occasionally familiarize yourself with the contents of this Policy, for your own information; and particularly to do so every time you access our Platform.
Changes to this Policy are effective when they are published.
Data processing principles followed
Your personal information is collected and processed in accordance with the global best data processing principles, including: lawfulness, fairness and transparency; purpose limitation; data minimisation; accuracy; storage limitation; integrity and confidentiality (security) and accountability; with all relevant laws and regulations considered; and however applicable.
Since the Company is based in the DIFC, it would qualify as a data â€˜controller's under the Data Protection Law, DFIC Law No. 5 of 2020 (Data Protection Law). Accordingly, this Policy has been drafted according to the Data Protection Law.
CONSENT FOR LEGAL OBLIGATIONS AND LEGITIMATE INTERESTS
You provide consent to your personal information (whether provided directly by you, whether collected by us, or received by us from third parties or otherwise) being processed to satisfy all legal obligations arising from any contracts entered into/ with/ involving you or to deliver any Services to you; or to take steps at your request prior to entering into a contract with you; or for our vital interests to protect our property, rights or safety of either the Company, its users, customers, clients, other persons or other entities.
PERSONAL INFORMATION THAT WE COLLECT
We collect, use, disclose, transfer, and otherwise process personal information about you, including legal representatives that you provide to us (Associated Persons) in accordance with this Policy.
The personal information that we collect or may collect include:
personal contact data including name, telephone number, email address, residential address and correspondence address;
occupation, education and income levels;
identification documentation information, such as Emirates ID or passport number, date of birth, place of birth and other information for the verification of identity;
financial and banking information (e.g. information on net assets, income, expenses, credit history, bank account and banking transactions);
images and voice recordings of our conversations with you;
tax and insurance information;
Mailing address, billing address;
Financial information such as debit/credit card number, wallet identification details, wire payment identification details, payment instrument number; data related to the transactions you undertake on the Platform, security code associated with your payment instruments etc.;
information about your risk profile, investments, investment objectives, knowledge and experience and/or business interests and assets;
personal opinions made known to us (e.g. your feedback, responses to any surveys, marketing or communication preferences);
browsing history, patterns or other unique information;
your operating system information, browser, browser type and version, browser plug-in types and versions, internet protocol address and information associated with such address;
Personal information supplied by third-party entities (including governmental authorized entities, mandated entities, or other users) and service providers/ agents in the outsourcing of Services, including, but not limited to third party identity verification sources and services;
any other personal information reasonably required for us to provide the Services requested by you; and
any other personal information permitted by or required to comply with any applicable local or foreign laws, rules, acts, regulations, subsidiary legislation notices, notifications, circulars, licensee conditions, directions, requests, requirements, guidelines, directives, codes, information papers, practice notes, demands, guidance and/or decisions of any national, state or local government, any agency, exchange, regulatory or self-regulatory body, law enforcement body, court, central bank or tax revenue authority or any other authority whether in the DIFC, United States of America or elsewhere, whether having the force of law or not (including any intergovernmental agreement between the governments or regulatory authorities of two or more jurisdictions or otherwise), as may be amended from time to time and our internal control and compliance policies.
SOURCES OF YOUR personal INFORMATION
The personal information has/ or will be obtained from the following sources, where applicable, or such other sources which we may see fit from time to time:
information provided or submitted by you directly, through among others, your Instructions, dealings and agreements with us, which includes information provided when registering as a user, creating your Profile with us, providing information regarding the Account which you open with us, providing answers to security questions, completing any confirmations, declarations or forms, or through your utilization of any of our Services, accessing or viewing our Platform;
as applicable, publicly available or publicly accessible information; and
such other written, electronic or verbal communications or documents delivered to us prior to and during the course of our contractual or pre-contractual dealings with you.
As the accuracy of your personal information depends largely on the information you provide to us, you should inform us as soon as practicable if there are any errors in the personal information or if there have been any changes to the personal information. Any errors or incomplete personal information may prevent us from providing access to the Platform to you or providing Services to you.
PURPOSE OF COLLECTING, USING AND DISCLOSING YOUR PERSONAL INFORMATION
We may use your personal information for our business purposes, including the provision and continuing operation of the Platform and the Services provided to you. This includes, the following purposes:
provision of the Services as requested by you;
carrying out any transactions on your behalf contemplated on the Platform and the Services thereto;
assessing and processing applications, Instructions or requests from you;
communicating with you, including providing you with updates on changes to our Services;
to verify your identity for the purposes of providing Services to you;
conducting due diligence checks, screenings or credit checks as may be required by any Applicable Laws or our internal policies and procedures;
for the specific purpose for which it was volunteered or provided to us;
to detect and protect us or any third parties against negligence, fraud, theft and other illegal activities;
to understand your needs and preferences;
improving the content, appearance and utility of the Platform;
to manage and develop infrastructure and business operations;
to administer the Account which you open with us;
to process payments;
to comply with our internal policies and procedures;
to respond to queries or feedback;
to facilitate necessary agreements/ partnerships with third party providers to continue providing the Services;
We will inform you if any of your personal information will be used for the purposes of direct marketing, whether by us or via a third party, and you will be offered the option of objecting to any such direct marketing. You may also, at any time, object to receive marketing information from us. If you wish to do so, please click on the â€œUnsubscribeâ€� option available on all marketing/newsletter emails that you may receive from us or contact our Data Protection Officer (see the contact details in section 20 of this Policy below)
You undertake that all personal information provided to us by you is true, complete, and accurate and you must notify us of any changes to such personal information.
We process and use Aggregated, anonymised and de-identified data
We may also create, process, collect, use and share aggregated, anonymised or de-identified data such as statistical or demographic data for any purpose. Such information will then no longer identify you as an individual person, despite being derived from your personal information. We may also use this information to comply with legal or regulatory obligations.
We may share your personal information with members of our group, service providers and our key partners. Some of these third parties may be in a jurisdiction outside the laws stated in this Policy, in which case we will take all necessary steps to ensure that your personal information is treated securely and that such transfers are permitted under the applicable data protection laws.
Your refusal, failure, inability to provide us with necessary personal information
If you fail, neglect and/ or refuse to, or are unable to provide us any personal information which we necessarily need to provide you with the Services or which we need to collect by law, we may not be able to perform the Services. In this case, we have the right to discontinue your use of the Platform and/ or may or disapprove your Service requests. In such a situation, we will notify you of our inability to provide you the Service at the earliest.
We do not collect personal information of minors
We do not knowingly collect data from, or market to, children below the legal age as established under their relevant domestic laws, but in no event from children below the age of 18 years. By using the Platform, you represent that you are at least 18 years or that you are the parent or guardian of such a minor and consent to such minor dependent's use of the Platform. If we learn that personal information from users who are less than 18 years of age has been collected, we will deactivate the Account and take reasonable measures to promptly delete such personal information from our records.
We collect your data for Market research and promotional information; you may opt out from this
We provide you with choices regarding the personal information we use, particularly concerning any market research and/ or subsequent marketing, advertising and promotion. Towards this, we have established these personal information control mechanisms:
Promotional offers from us: You may choose to allow us to use your personal information for receiving promotional offers, marketing, advertisements from us. We may use your personal information to determine what may be of interest to you. This is how we decide which new and future products, services, and offers may be relevant and of interest to you. We may communicate with you by e-mail, fax or telephone.
Opting out: You can ask us or third parties to stop sending you marketing related material and/ or communications at any time by following the opt-out links on any marketing message sent to you or by contacting us email@example.com.
We may process some of your personal information without your consent
We may collect and process some of your personal information without your knowledge or consent; and only where this is required or permitted by law. We may be compelled to surrender your personal information to legal authorities without your express consent, if presented with a court order or similar legal or administrative order, or as required or permitted by the laws, rules and regulations of any nation, state or other applicable jurisdiction.
We may share your personal information with third parties
We may have to share your personal information with a selected and trusted group of third party/ parties to fulfil our obligations under our contract with you, to meet government, regulatory and law enforcement requests, and to continue providing you with the Services. We will only disclose your personal information to third party service providers under strict terms of confidentiality. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.
We may have to share or transfer your personal information in the specific circumstances listed below:
Merger, acquisition etc.: We may disclose your personal information in connection with, or during negotiations of, any merger, sale of company assets, financing, acquisition of all or a portion of our business to another company, any dissolution transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. In the event of an insolvency, bankruptcy, or receivership, your personal information may also be transferred as a business asset forming part of our good will. If another company acquires us, our business or assets, that company will possess the personal information collected by us and will assume the rights and obligations held by us regarding your personal information, as described in this Policy.
Advertisements: We may disclose your personal information where we use third party advertising companies to serve ads when you visit or use the Platform. These companies may use information about your visits to our Platform and other websites that are contained in web cookies and other tracking technologies in order to provide advertisements about goods and services of interest to you, provided you have consented to the same.
Affiliates: We may share your personal information with our affiliates, in which case we will require those affiliates to honour this Policy. Affiliates include our parent company and any subsidiaries, joint venture partners or other companies that we control or that are under common control with us. We may share your information with our business partners to offer you certain products, services or promotions.
With select third party vendors: In connection with the performance of our Services, we may share your personal information with third-party vendors, service providers, contractors or agents who perform services for us or on our behalf and require access to such information to do that work. Examples of such third parties include payment processing, customer relationship management, data analysis, email delivery, hosting services, customer service, quality assurance testing, technical support, operational support and maintenance services and marketing efforts. We have provided a list of such third-party vendors below.
Links to third-party websites
We specifically recommend that you, as the user (under this Policy) visit, familiarize, understand the below entity policies, as they are our partners in providing services under the facilities to you.
YOU have RIGHTS AS TO YOUR PERSONAL INFORMATION
Under the Data Protection Law, the Office of the Commissioner of Data Protection of the DIFC is responsible for administering the Data Protection Law. You (in so far as these laws have application) broadly have these rights under the Data Protection Law:
Right to be informed: This means that you may ask us to provide you information on what personal information provided by you we are processing, why, and who else the data may be passed/ transferred to or shared with.
Right to withdraw consent: If you wish for us to stop processing your personal information, it is your right to withdraw consent, preventing us from further processing the same personal information.
Right to rectification: If you have provided your personal information to us, you have the right to request that we correct, or rectify your personal information if the same is incorrect, or outdated.
Right of access: This is your right to see what data is held about you by us.
Right to erasure: This is your right, under certain circumstances, whereby you can ask for your personal information to be deleted. This would apply if the personal information is no longer required for the purposes it was collected for, or your consent for the processing of that personal information has been expressly withdrawn, or where personal information has been unlawfully processed. Some exceptions may apply to your exercise of this right.
Right to object to processing: This is your right to object to the further processing of your personal information which is inconsistent with the primary purpose for which it was collected, which includes processing for profiling, automation and direct marketing.
Right to restrict processing: This is your right to ask for a temporary halt or pause in processing of personal information, such as in the case where a dispute or legal case must be concluded, or the information is being corrected.
Right to data portability: This is your right to ask for any of your personal information, which you have provided your consent for us to process, and which we have processed using automated means, to be provided to you in a structured, commonly used, and machine-readable or electronic format.
Rights in relation to automated decision making and profiling: This is your right not to be subject to a decision based solely on automated processing.
Right not to be discriminated against: This is your right not to be discriminated against by us. This right ensures that your personal information will not influence or affect us and you are not denied any of our Services, charged a different rate for the Services, provided with a different quality of Service simply because of your personal information.
If you wish to exercise any of the rights set out above or any other laws concerning personal information (in so far as same is applicable), please contact us at firstname.lastname@example.org.
We aim to respond to all legitimate requests without undue delay and within one (1) calendar month of receipt of any request from you. Occasionally it may take us longer than one (1) calendar month, if your request is particularly complex, or if you have made duplicated or numerous requests. In this case, we will notify you of receipt of such request(s) and keep you updated as to the status of progress concerning such request(s).
If you wish to exercise any of the rights set out above, please contact us at email@example.com.We may need to request specific information from you to help us confirm your identity. This security measure is to ensure that your personal information is not disclosed to any person who has no right to receive it.
HOW TO UPDATE YOUR INFORMATION
Whenever possible, you can update your personal information, subject to verification by us. If you wish for us to update your personal information, please contact us at firstname.lastname@example.org to make the required changes. We will retain your personal information for as long as your Account has not been closed or as may be needed to provide you access to your Account and/ or Services, and in compliance with the law.
Data retention and records
We retain information on your behalf, including customer data, transactional data and other session data, linked to your Service usage or Account; and all access or use of the Services.
We adhere to all applicable legislative provisions and data protection laws of each jurisdiction we operate in. Should any further information be required, please contact us at email@example.com.
Your personal information will be stored, retained, and processed for no period longer than as required by us for the purposes it was collected for, for the purposes of availing the Services, and for meeting any legal, accounting, reporting, government, regulatory or law enforcement requirements. Unless required for any of the purposes specified above, we will delete personal information related to closed Accounts every twelve (12) calendar months.
To determine the appropriate retention period for your personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
DATA STORAGE AND DATA TRANSFERS
Your personal information is stored and transferred in compliance with the applicable legislation or regulations of DIFC.
We store and process your personal information in data centers within AWS-EU, wherever we have our premises, wherefrom we provide Services or where our third-party service providers are located.
Some of the international organisations and countries to which your personal information may be transferred do not benefit from an appropriate data protection regulatory framework. For such international organisations and countries, we shall transfer your personal information, only upon ensuring that a suitable degree of protection is afforded to it through the implementation of the necessary safeguards, such as an adequacy decision by the relevant authority, adequate binding corporate rules or through the inclusion of standard contractual clauses in our agreements with such organisations and countries. If sought by you, we shall notify you of the specific safeguards we adopt to transfer your personal information to such an international organisation and/or country. Further, in all cases we shall take your explicit consent before we transfer your personal information outside of the country.
A pixel tag, also known as a web beacon, is an invisible tag placed on certain pages of our Platform but not on your computer. Pixel tags are usually used in conjunction with cookies and are used to monitor the behaviour of users visiting a website.
You may set up your Platform to block cookies which will in turn disable the pixel tags from monitoring your Platform visit. You may also remove cookies stored from your mobile device. However, if you do block cookies and pixel tags, you may not be able to use certain features and functions of the Platform.
We may also use analytics programs such as Google Analytics for web analytics purposes to manage and improve the Platform and/or our Services. Features of Google Analytics that we may use include Remarketing with Google Analytics, Google Display Network Impression Reporting, and Google Analytics Demographics and Interest Reporting. Accordingly, your personal information may be collected for reports such as impression reporting, demographic reporting, interest reporting and to assist with tailoring our online advertising to provide you with a better experience. You may refer to https://policies.google.com/technologies/partner-sites for more information about how your personal information is collected through Google Analytics.
We and our third-party vendors, including Google, use first-party cookies (such as the Google Analytics cookie) or other first-party identifiers, and third-party cookies (such as Google advertising cookies) or other third-party identifiers together, to inform, analyse, optimise, and serve custom ads based on your interests, searches and prior usage patterns when visiting our Platform, and for other market research analysis purposes such as impression reporting and to understand how your interactions with these ads are related to visits to the Platform, amongst others. Therefore, third party vendors may show our ads on other websites or mobile applications. We neither support nor endorse the goals, causes or statements of these websites or mobile applications which display our ads.
Using the Google Ad Settings, you may control the ads you view, block specific advertisers, learn how ads are selected for you, and opt-out of Google Analytics for Display Advertising. To opt out from any collection or use of information by Google Analytics, please download and install the Google Analytics Opt-Out Browser Add-on available here. By opting out, you will not be subject to online advertising or marketing analysis by Google Analytics and you will no longer receive ads tailored to your browsing patterns and usage preferences.
DATA Privacy OFFICER
We have appointed a Data Privacy Officer (DPO), who is responsible for overseeing any data-related matters, to address any questions in relation to personal information and this Policy. If you have any questions in relation to your personal information and/or this Policy, including requests to exercise your rights related to personal information, please contact us via email on firstname.lastname@example.org.
LEGAL RECOURSE TO RELEVANT AUTHORITIES
You have the right to make a complaint at any time to the Commissioner appointed under the DIFC Data Protection Law. However, we would appreciate the opportunity to address your concerns before you approach any such authority. Please contact us in the first instance so that we may try to resolve your complaint swiftly and satisfactorily. Please contact us via email on email@example.com.
HOW TO CLOSE YOUR USER ACCOUNT
SECURITY PRECAUTIONS AND MEASURES EXERCISED BY us FOR PROTECTION OF YOUR personal information DATA
We are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure we have put in place suitable electronic and managerial procedures to safeguard and secure the information we collect online. We use industry-standard technical mechanisms and ensure that our affiliates or vendor entities use data encryption technology while implementing restrictions related to the storage of and the ability to access your personal information.
Our facilities are scanned on a regular basis for security holes and known vulnerabilities, to best ensure its security.
Your personal information is contained behind secured networks and is only accessible by a limited number of individuals who have special access rights to such systems and are required to keep the information confidential.
Please note that no transmission over the Internet or any method of electronic storage can be guaranteed to be absolutely 100% secure, however, our best endeavours will be made to secure data and the ability to access your personal information.
Without prejudice to our efforts on protection of your personal information, nothing contained in this Policy constitutes a warranty of security of the facilities, and you agree to transmit data at your own risk.
Please note, that we do not guarantee that your personal information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.
Please, always check that any website on which you are asked for financial or payment information in relation to our Services is in fact legitimately owned or operated by us. The risk of impersonating hackers exists and should be taken into account when using our Platform and/or Services.
If you do receive any suspicious communication of any kind or request, do not provide your information and report it us by contacting our offices immediately at firstname.lastname@example.org. Please also immediately notify us at email@example.com if you become aware of any unauthorised access to or use of your Account.
Since we cannot guarantee against any loss, misuse, unauthorised acquisition, or alteration of your personal information, please accept that you play a vital role in protecting your own personal information, including the adoption of sufficient safety measures such as your choosing of an appropriate password of sufficient length and complexity and to not reveal this password to any third-parties.
Furthermore, we cannot ensure and do not warrant the security or confidentiality of data transmitted to us, or sent and received from us by Internet or wireless connection, including email, phone, or SMS, since we have no way of protecting that information once it leaves and until it reaches us. If you have reason to believe that your personal information is no longer secure, please contact our Data Protection Officer.
Lastly, please note that should your personal information be breached, and the security of your rights be at high risk, we shall promptly and immediately communicate to you the nature of the breach which has taken place, the likely consequences of such a breach and shall describe thoroughly the measures we have implemented to address the breach and to mitigate any and all adverse effects to you and your rights. In the unlikely event of a breach occurring, please reach out to us at firstname.lastname@example.org for further information and further advice on mitigating the potential adverse effects of such a breach.
We also aim to conduct all applicable security risk assessments to ensure the availability of risk mitigation controls, to better safeguard the integrity of User data.
In the case of abuse or breach of security, we are not responsible for any breach of security or for any actions of any third parties which receive the information illegally.
We will not distribute customer information to be used in mailing lists, surveys, or any other purpose other than what is required to perform our services.
If you choose to restrict the collection or use of your confidential and personal information, please elect the option stated as Do Not Proceed & Exit Our Website.
If you have any questions about our Policy as outlined above, or if you have any complaints, please contact us email@example.com.
If you have any queries or issues pertaining to your information or our Policy or personal information, then please do write to us at any time by emailing us via firstname.lastname@example.org.