Data protection under the ADGM Data Protection Regulations 2021 (“DP Law”). Al Dhabi Capital Limited (“the Firm”, “us”, “we”), as a Data Controller, has an obligation under DP Law to inform data subjects of their rights in relation to data held about them. We are committed to safeguarding and processing Personal Data in line with applicable privacy and DP Law. As part of our commitment to protect your Personal Data in a transparent manner, we want to inform you:
· why and how the Firm collects, treats, and stores your Personal Data;
· the legal basis on which your Personal Data is processed; and
· what your rights and our obligations are in relation to such processing.
1. What does this privacy notice cover?
This notice applies to all forms of use of Personal Data (referred to as “processing”) by the Firm in the ADGM.
2. How do we collect your information?
We collect your information in different ways, specifically:
· Information you give to us. This covers data given by you as well as data provided by people linked to your business service or people working on your behalf.
· Form third party companies (such as referencing agencies or public sources).
3. What information do we hold about you?
Depending on the service that we provide to you, we collect Personal Data about you including:
· Personal details (e.g. name, date of birth or other identification information);
· Identification data and authentication data (e.g. passports, Emirates ID or other government issued ID numbers, sample signature, photographs);
· Contact details (e.g. phone number, email address, postal address or mobile number);
· Financial information (e.g. bank account number, credit or debit card numbers, financial history);
· Data obtained during the fulfillment of our contractual obligations;
· Information about a client's or a Data Subject's financial situation e.g. creditworthiness data, scoring/rating data, origin of assets, source of wealth;
· where relevant, professional information about you, such as your job title and work experience;
· Data related to designation as a Politically Exposed Person (PEP);
· Access requirements (e.g., for event organization purposes);
· Data from interactions with us together with documentation data e.g., file notes or meeting minutes;
· Marketing and sales data;
· your knowledge of and experience in investment matters;
· in some cases (where permitted by law), special categories of Personal Data, such as your biometric information, political opinions or affiliations, religious or philosophical beliefs, and, to the extent legally possible, information relating to criminal convictions or offences.
4. Purpose of Processing
We will always process your Personal Data for a specific reason and only process Personal Data which is relevant to achieve that purpose. We process Personal Data for the following purposes:
· Client Onboarding.
· Client Relation management.
· To undertake checks for the purposes of security, detecting and preventing fraud and money laundering, and to verify your identity before we provide services to you. These checks may reveal political opinions or information about criminal convictions or offences.
· To comply with regulatory and legal obligations to which we are subject and cooperate with regulators and law enforcement bodies.
· To prevent and detect fraud, money laundering and other crimes (such as identity theft).
5. What do we use your information for and what is the legal basis for doing so?
5.1 Legal basis for Processing
The Firm processes Personal Data in accordance with ADGM Laws and Regulations. We are not permitted to process Personal Data if we do not have valid legal grounds. Accordingly, we will only process your Personal Data if one of the following legal basis applies:
· To allow us to perform our contractual obligations towards you or take pre-contractual steps at your request;
· To allow us to comply with our legal or regulatory obligations, for example obtaining proof of identification to meet our AML obligations;
· To allow us to protect the vital interests of the relevant individual or of another natural person;
· Necessary for the legitimate interests of the firm, without unduly affecting your interests or fundamental rights and freedoms and to the extent such Personal Data is strictly necessary for the intended purpose;
· Where we have your consent to do so.
Where required, we process your data beyond the actual fulfillment of the contract for the purposes of the legitimate interests pursued by us or a third party such as:
· Consulting with third party data providers;
· Reviewing and optimizing procedures for needs assessment for the purpose of direct client discussions;
· Marketing unless you have objected to the use of your data;
· Obtaining personal data from publicly available sources;
· Measures for business management and further development of services and products;
· Risk and compliance control;
· Regulatory matters and reporting;
· IT security and IT operation;
· Prevention and investigation of crimes;
· Measures to protect our premises to keep out trespassers and to provide site security (e.g., access controls).
5.2 Your obligations
In the context of our relationship, you must provide all Personal Data that is required for accepting and carrying out a business relationship and fulfilling the accompanying contractual obligations or that we are legally obliged to collect.
In particular, anti-money laundering regulations require us to identify you on the basis of your identification documents before establishing a business relationship and to collect and put on record information which may include name, place and date of birth, nationality, address and identification details for this purpose.
In order for us to be able to comply with these statutory obligations, you must provide us with the necessary information and documents in accordance with applicable anti-money laundering regulations, and to immediately disclose any changes over the course of our relationship. If you do not provide us with the necessary information and documents.
Where the Personal Data we collect from you is needed to comply with our legal or regulatory obligations or enter into an agreement with you, if we cannot collect this Personal Data there is a possibility we may be unable to onboard you as a client or provide our services to you (in which case we will inform you accordingly).
5.3 Your consent
If you have granted us consent in accordance with the ADGM regulations to process your personal data for certain purposes, this processing is legal on the basis of your consent. Consent given can be withdrawn at any time by notifying us using the contact methods set out under the paragraph 13. Withdrawal of consent does not affect the legality of data processed prior to the withdrawal.
6. How data is processed
Personal data is processed both manually and electronically in accordance with the above-mentioned purposes and, in any case, in order to guarantee data security and data confidentiality in compliance with current regulations. Our Employees and Third-Party processors can access your data. Our Employees and Third-Party processors are appropriately designated and trained to process data only according to the instructions we provide them. All the data will be processed for the duration of this contract and subsequently for the fulfillment of legal obligations.
7. Who has access to Personal Data and who does it get shared with?
7.1 Outside the firm
To the extent permitted under applicable law, we may also transfer Personal Data to Third-Parties outside the Firm, such as:
· Authorities, e.g. regulators, enforcement or exchange body or courts or party to proceedings where we are required to disclose information by applicable law or regulation or at their request, or to safeguard our legitimate interests;
· Other financial service institutions or comparable institutions in order to carry out services required by you.
· To third parties for the purpose of ensuring that we can meet the requirements of applicable law, contractual provisions, market practices and compliance standards in connection with services we provide to you.
· To a natural or legal person, public authority, agency or body for which you have given us your consent to transfer personal data to or for which you have released us from banking confidentiality.
· To service providers and agents such as IT services, logistics, printing services, telecommunications, collection, advice and consulting, and sales and marketing.
We have implemented appropriate organizational and technical safeguards to protect Personal Data for which we act as data controller or processor, including when disclosing such data to third parties or group entities.
7.2 Data transfers to other countries
Your Personal Data may in some cases be processed outside the ADGM. We will only transfer Personal Data outside ADGM, provided:
· The third countries which are considered by the ADGM Commissioner of Data Protection as a jurisdiction providing adequate level of Data Protection;
· In the absence such legislation that provides adequate protection, based on appropriate suitable safeguards (e.g. standard data protection contractual clauses and enforceable data subject rights or statutory exemption provided by local applicable law); or
· You have explicitly consented to the proposed transfer
Please contact us if you would like to request to see a copy of the specific safeguards applied to the processing of your information.
We will process and store clients and Data Subjects Personal Data for as long as it is necessary to fulfill the purpose for which it was collected to comply with legal, regulatory or internal policy requirements.
We will only retain information that enables us to:
· Maintain business records for analysis and/or audit purposes
· Comply with record retention requirements under the law (for example, as required under legislation concerning the prevention, detection and investigation of money laundering and terrorist financing)
· Defend or bring any existing or potential legal claims
· Deal with any future complaints regarding the services we have delivered
· Assist with fraud monitoring
· Legal Hold requirements
We always aim to use our Personal Data in a way that is fair to you. You have a legal right to:
· Request a copy of the personal data we hold about you.
· Inform us to correct or rectify any inaccuracy in the data we hold about you.
· Exercise your right to restrict use of your Personal Data;
· Exercise your right to erase your Personal Data;
· Withdraw your consent where the firm obtained your consent to process Personal Data
· Object to decisions based solely on automated processing including profiling
In addition to the above rights, you have the right to object at any time to:
· the processing of your personal data to the extent permitted
· for direct marketing purposes, and profiling to the extent related to direct marketing
· where your personal data being disclosed to third parties for the purposes of direct marketing.
Your right to exercise these rights are not absolute. They will depend on a number of factors and in some instances, we will not be able to comply with your request as exemptions may be engaged. We will usually, in response to a request, ask you to verify your identity and/or provide information that helps us to understand your request better. If we do not comply with your request, we will explain why.
10.Extent of automated decision making
In establishing and carrying out a business relationship, we generally do not use any fully automated decision-making. If we use this procedure in individual cases, we will inform you of this separately, provided it is a legal requirement to inform you. You have a right to object in certain instances where a decision is taken by us based only on automated decision making and to require such decision to be reviewed manually.
We process some of your data automatically, with the goal of assessing certain personal aspects (profiling). For example, we use profiling for compliance with legal and regulatory requirements particularly, where we are required to combat money laundering, terrorism financing, fraud, and assess risk and offences that pose a danger to us, our clients, or the wider community at large.
12.Exercising your right
Please send your request using the attached form to:
If you feel that we have not complied with applicable data protection and privacy rules, please let us know and we investigate your concern. Please raise any concerns by contacting the Data Protection Office,
Address: 116-B, Damac Park Towers, DIFC, Dubai, UAE
If you feel that we have not complied with applicable data protection and privacy rules, you may lodge a complaint with the Competent Authority.
14.Changes to the privacy notice
This notice explains how the Firm handles your Personal Data and your rights under the DP Law, rather a document that binds the Firm or any other party contractually. A copy of this privacy notice can be requested from us using the contact details set out above. We may modify or update this privacy notice from time to time.
Where changes to this privacy notice will have a fundamental impact on the nature of the processing or otherwise have a substantial impact on you, we will give you sufficient advance notice.