Terms of use

Set of Data Covered

The Company’s Data Protection Policy applies to all sets of personal data currently held or handled by the companies or to be obtained in the future, which includes the following:

  • Company’s personnel, including senior management, staff, agents,
  • Any of the companies’ customers, contractors, suppliers,
  • Third-party consultants, business partners, or business associates assisting the Company companies in executing the transactions.

Personal Data

The personal data will cover the information relating to a person (also known as “Data Subject”) who is or can be identified, directly or indirectly, by reference to any of the following parameters:

  • Names of individuals or the legal person
  • Nationality
  • Date and place of birth
  • Correspondence Address
  • Contact details – Email ID and contact number
  • Identity Card details (such as Passport number, Emirates ID number, or any other national ID card)
  • Identification details of the close family and associates

Data Protection

Processing personal data means any operations performed about personal data, such as collecting, recording, evaluating and organizing, altering, and transmitting to third- party for compliance or providing the agreed services, including data retention, deletion, or destruction.

Key Principles for Data Protection

The Company firmly commits to preserving privacy and upholding the data protection rights of the employees, customers, suppliers, and other stakeholders. The Company’s approach to processing personal data is guided by principles that align closely with the data protection guidelines and the ADGM’s Data Protection Regulations. The Company shall adhere to the following core principles of data protection:

Fairness And Lawfulness Processing:

  • While processing personal data, the companies shall ensure that the rights of the data subjects are protected. Personal data shall be obtained and processed using the utmost fair and legal approach.
  • The Company shall ensure that only the relevant data necessary to carry out a business transaction is obtained and processed..
  • The data shall be collected and processed only upon lawful consent of the person concerned.

The Data Protection Officer ensures compliance with the data protection requirements, provides internal notices, establishes procedures, and educates employees to handle the data carefully in alignment with these principles.

Purpose Limitation:

Collecting personal data is always for specific, explicit, and legitimate purposes, as intimated to the data subject before obtaining the data. The companies shall not indulge in any further processing of the data inconsistent with the pre-determined purpose.

Adequate Data Collection:

The company collects the necessary and relevant personal data required for the intended processing purposes, strictly following the data collection process, with periodic review of the data obtained and processed.

Accuracy And Timeliness:

Ensuring the accuracy of the personal data is of paramount significance. Any inaccuracies in the data are promptly addressed. Further, any expiry of the information is immediately discussed with the data subject, and valid data is obtained to ensure the data’s relevance and regulatory compliance.

The companies must take necessary measures to ensure that the inaccuracy or incompleteness of the data is corrected, updated, or deleted.


The company shall ensure that the personal data is directly obtained from the data subject in compliance with the regulatory requirements.. Further, the data subject shall be informed about the purpose for which the data is collected and how the same will be handled. The companies shall clarify the data subject about the possible data transfer to a third party and the reason thereof.

Data Retention and Deletion:

The company shall retain the personal data for such period as necessary to fulfill the regulatory data processing requirements. Any historical data with no more use or significance for compliance shall be handled optimally using the following methods:

  • Secure and permanent deletion
  • Anonymization, pseudonymization, or encryption
  • Where secure deletion or encryption is not possible, the data shall be archived to restrict the further processing or usage of the data.

Thecompany shall maintain a transparent data inventory aligned with the purpose and data maintenance duration.

Data Security:

The companies shall ensure the security of all personal data, which shall be handled with confidentiality. These measures aim to prevent any unauthorized or unlawful processing and accidental loss or destruction of the data.

The company is dedicated to conducting responsible and ethical personal data processing practices by adhering unwaveringly to these principles.

Rights of Data Subjects and Handling the Data Requests

The Company aims to ensure that individuals know that their data is being processed and how it is being used.
All the persons whose personal data has been obtained, processed, or handled by the Company are entitled to the following:

  • The data subject can request the Company to furnish the information relating to the personal data in possession of the Company, how the data was collected, and the intended purpose of such data.
  • If the personal data is expected to be transmitted to third parties, the data subject has the right to know about this possibility and the expected third parties to whom the data may be transmitted.
  • If the personal data available with the Company is incorrect or incomplete, the data subject has the right to demand its correction or deletion.
  • The data subject can request the Compaany to delete the personal data if the Company no longer requires such data for legal compliance.
  • The data subject can object or restrict the processing of the personal data if such restriction is necessary to protect the person’s interest as compared to the Company’s requirement to process the data. Such restrictions towards data processing cannot be imposed in cases where it is backed by regulatory compliance.
  • In case the Company or any of the companies reject the data subject’s request to access the personal data or obtain any information about the purposes for which the data has been used, the Company shall offer a justifiable reason for such denial. The data subject has the right to complain about the rejection.

Providing The Information To Data Subject

The data subjects can request personal data or any related information by addressing an email to the Data Protection Officer at [email protected].

The Data Protection Officer shall verify the data access request against the requestor’s valid identity document before allowing access to personal data.

The Company shall ensure that the person’s request for data access is handled promptly.

The Company understands the need to protect the data subject’s rights and follow clear rules regarding communicating with individuals about their personal data.

Transmission of Personal Data

Transmission of personal data to the Company’s internal stakeholders or the third party (data recipients) is subject to the data

subject’s voluntary consent, authorizing the processing of the personal data.

The companies shall enter into a Service Level Agreement with such data recipients binding them to use the personal data only for the defined purposes. Further, the third-party recipient shall be subject to strict compliance with the data protection standards of this Policy.

Such agreement shall not be required when the transmission data request is from the regulatory authorities governing the data subject or any of the companies. This policy permits the Company to disclose the personal data of the individuals, based on a legal obligation, to law enforcement agencies, without the data subject’s consent. The Company’s Data Protection Officer shall authorize such data transmission after validating the legitimacy of the legal request for personal data.

Data Retention

The Company will keep the personal data records organized along with the log of the purpose for which such data has been used or is expected to be used for a minimum of six (6) years.

Violation and Reporting

The Company shall not tolerate non-compliance with the data protection principles laid down in this policy, and an appropriate investigation shall be launched against the concerned parties.

Depending on the seriousness of the violation and the impact it has caused, the Company shall suspend the employment arrangement with the internal personnel or terminate the business relationship with the stakeholder.

The Company encourages its staff and external stakeholders to report any suspected non-compliance with the data protection requirements involving any companies’ employees, customers, suppliers, third parties, or business associates. Such matter must be immediately escalated to the Group’s Data Protection Officer by:

Writing an email at [email protected].

Our newsletter

Sign up for our weekly newsletter for market updates!