The protection of privacy and the safeguarding of your Personal Data and financial information [Personal Information] is our highest priority. We respect your privacy rights and are strongly committed to protecting your privacy. In this Policy “we”, “us” and “our” means Global Market Access Holdings (DIFC) Limited [GMA] and “you”, “your”, “the user” means the individual or an authorized representative of a corporate entity who uses this Site. In the course of providing our products and services, we collect and maintain certain information such as name, age, residential address and any other information we may collect when you use our Site, in order to enter into a business relationship with us.
This Policy explains how we collect and protect your Personal Information. We ensure that any Personal Information obtained from you is not used or disclosed unless we have obtained your consent for such disclosure. By using our Site, you give your consent to the collection, use and the disclosure of Personal Information by us in accordance with this Policy and other agreements (if any) you have entered with GMA.
If you are a Customer of GMA and who is a natural person in a European Union country, you will be referred to as “the Data Subject” and you may be protected under the General Data Protection Regulations (GDPR) as applicable.
means a legal entity that controls, is controlled by or is under common control with another legal entity, but only while that control relationship exists. To “control” means the direct or indirect ownership or power to control more than 50% of the issued shares or other securities of an entity or of the voting rights attached to the issued shares or other securities of such entity; or the power to control, directly or indirectly, the appointment of more than 50% of any board of directors or governing body of such entity.
means the products made available to you by GMA and/ or its Affiliates.
mean the services made available to you through our Site.
GDPR related Definitions:
Data Controller: means the entity (legal person, public authority, agency or other body) that determines the purposes, conditions and means for the processing of Personal Data of Data subjects.
Data Processor: means the entity (legal person, public authority, agency or other body) that processes Personal Data on behalf of the Data Controller (excluding the Data Controller’s own employees).
Data Subject: means an identified or identifiable natural person / the Customer who is in a European Union country;
Personal Data: means any information relating to an identified or identifiable natural person” i.e. a Data Subject. This includes but is not limited to any information relating to an identified individual (i.e. making reference to information personal to that individual’s name, surname, etc.), or any information relating to someone who could be identified based on a variety of identifiers (i.e. tax number, online identifier, or any other identifiers).
- Collection and use of Personal Information
We collect some of your Personal Information through our Site when you log in to the Site. You may also provide Personal Information to us when you subscribe for any Products or Services or when you fill in account opening applications (whether written or electronic) or provide information in any other form.
Personal Information we collect may include information required to communicate with you and consist of the following information:
- Your name,
- Your Company,
- Telephone number,
- E-mail address and other identification information,
- Information about your intended business relationship with us and other information,
We may use the information collected from you for the following purposes:
- To establish and verify your identity and contact information,
- To establish and set up your business relationship,
- To check your business activity and contact you with account information,
- To personalize and continually improve the Services,
- To customize your browsing experience and inform you about additional Products, Services or promotions that may be of interest to you.
- How long we keep your information:
We keep your information only so long as we need it to provide services to you and fulfill the purposes described in this policy. This is also the case for anyone with whom we share your information and who carries out services on our behalf.
We may also retain information about you after the completion and closure of our business relationship or if your request for a certain transaction is declined or as long as we require in order to comply with legal and regulatory requirements and for our legitimate business purposes. We will ordinarily retain your information for six (6) years or as otherwise required by DIFC Law.
- Disclosure of Personal Information
We may share your Personal Information with our Affiliates and third parties for the purposes of providing you with Products and Services. For example, we may share your personal information in order to manage and administer your business relationship or we may share your personal information with any of our service providers as required by them enabling them to provide their services to you. Furthermore, these service providers may only use your data in accordance with our mandate.
Our Affiliates will deal with your Personal Information in the same way as described in this privacy statement. GMA may disclose the information to GMA’s agents and sub- contractors as necessary in order to provide the Services to you.
We may be obliged to disclose your Personal Information in certain circumstances for legal or regulatory reasons, including but not limited to instances where we are required to disclose the information in accordance with the laws and regulations of Dubai Financial Services Authority (DFSA) or any other applicable regulation.
We may also disclose your Personal Information as necessary to perform credit checks, collect debts, enforce our legal rights or protect our interests and property.
- Data Security, Safety of Personal Information
We have taken appropriate steps to ensure the security of any Personal Information that we collect and held by us, including limiting the number of people who have physical or network access to our database servers.
A secure http/ communication channel ensures the security of data communications made through our Site. Your information is protected during transmission by using Secure Sockets Layer (SSL) software, which encrypts information transmitted to us. Furthermore, a 128-bit key, the most secure form of commercially available encryption, is used to ensure the security of your transactions.
We assume no responsibility for loss of whatever nature, howsoever arising and/or resulting from computer viruses, trojans, worms or equivalent or similar items which is beyond our control.
Transmission of information via the internet is not completely secure. Although we have implemented systems and processes to protect your Personal Information, no data transmission over the Internet can be guaranteed to be completely secure. Accordingly, transmission of data should be done at your own risk.
We may record and monitor any telephone calls made to us or received by us to maintain our service standards, to check instructions, for compliance purposes and otherwise for your protection and ours.
- Links to other websites
Our Site may contain links to other websites. Please be aware that we are not responsible for the privacy practices of such other websites.
If the use of the websites of other third parties/ service providers is associated with the collecting, processing and use of personal data/personal information, please refer to the data protection notes of the respective third-party websites.
We reserve the right to change this Policy at any-time by posting revisions on this site. Such changes will be effective upon posting. We advise you to check our site frequently to review any changes to this Policy.
- Rights under GDPR
We are committed to fulfilling our obligations concerning the exercise of your rights under GDPR as a Data Controller or sometimes as a Data Processor, if you are a Data Subject/Customer who is a natural person in a European Union country subject to the other terms already specified in this policy. Please be advised that you have the following rights under GDPR (to the extent GDPR applies to your personal data):
- The right to request access to, personal data or restriction of processing or to object to processing, and rectification.
- The Right to erasure (i.e., the right to be forgotten): means that the Data Subject has the right to erasure of his/ her personal data without undue delay, as well as the cease of further data dissemination. To the extent that it is required by the regulatory bodies or under the Governing law, we may continue to store the personal data despite your request to erasure.
- The right to data portability – i.e. the Data Subject has the right to receive their personal data from the Controller and the right to transmit that data to another controller where technically feasible.
- The right to lodge a complaint with a supervisory authority.
- Privacy by Design: i.e. the personal data of the Data Subject will be collected and processed only on a need to know basis and only the necessary data will be collected.
If GMA acts as a Data Processor at any time, GMA will act on the written instructions given by the Data Controller exclusively.
- Contacting Us
Should you have any further queries about this Policy or wish to opt-out of receiving communications relating to additional products, services or promotions that we feel may be of interest to you or need to change and modify any information previously provided to us e-mail us at: email@example.com.
- Governing Law and Jurisdiction
Parties agree that the governing law of this Policy or other agreements entered with GMA is the DIFC law and the Parties submit to the jurisdiction of the DIFC courts, in Dubai, U.A.E.