Terms of Use and Data Covered

Our Company’s Data Protection Policy extends to all personal data currently held or processed by our entities or to be acquired in the future. This includes:

  • Personnel of the company, including senior management, staff, and agents.
  • Customers, contractors, and suppliers of the company.
  • Third-party consultants, business partners, or associates assisting the company in transactions.

Personal Data Coverage

Personal data includes information about individuals (referred to as “Data Subjects”) directly or indirectly identifiable through parameters such as:

  • Names of individuals or legal entities.
  • Nationality.
  • Date and place of birth.
  • Correspondence address.
  • Contact details: Email IDs and contact numbers.
  • Identity card details (e.g., PAN, or any national ID card).
  • Identification details of close family and associates.

Data Protection

Processing personal data includes various operations like collecting, recording, evaluating, organizing, altering, and transmitting data to third parties for compliance or providing agreed services. This also involves data retention, deletion, or destruction.

Key Principles for Data Protection

Our Company is dedicated to upholding privacy and data protection rights for employees, customers, suppliers, and stakeholders. Our approach aligns with data protection guidelines and ADGM’s Data Protection Regulations. Core principles include:

Fairness and Lawfulness Processing:

  • Data processing ensures protection of data subjects’ rights, employing fair and legal methods.
  • Only relevant data necessary for business transactions is obtained and processed.
  • Data collection and processing occur only with lawful consent of the concerned individuals.

Purpose Limitation:

  • Personal data collection is specific, explicit, and legitimate, with purposes communicated to data subjects beforehand.
  • Companies refrain from further processing data inconsistent with the predetermined purpose.

Adequate Data Collection:

  • Only necessary and relevant personal data for intended processing purposes is collected, following strict data collection processes.

Accuracy and Timeliness:

  • Ensuring data accuracy is crucial, with prompt addressal of any inaccuracies.
  • Expired information is promptly updated with valid data to maintain relevance and regulatory compliance.

Transparency:

  • Personal data is directly obtained from data subjects in compliance with regulatory requirements.
  • Data subjects are informed about data collection purposes and handling procedures, including possible data transfers to third parties.

Data Retention and Deletion:

  • Personal data is retained for regulatory compliance purposes, with obsolete data handled through secure deletion, anonymization, or encryption.
  • Transparent data inventory maintenance ensures alignment with purposes and duration of data retention.

Data Security:

  • All personal data is handled with confidentiality to prevent unauthorized or unlawful processing, as well as accidental loss or destruction.

Rights of Data Subjects and Handling Data Requests

Our Company ensures individuals are aware of their data processing and usage.

Data subjects are entitled to:

  • Request information about their personal data, including how it was collected and intended purposes.
  • Know about potential data transmission to third parties and the reasons behind it.
  • Request correction or deletion of incorrect or incomplete personal data.
  • Demand deletion of personal data if no longer required for legal compliance.
  • Object or restrict personal data processing when necessary to protect their interests.
  • Receive a justifiable reason if their data access request is rejected, with the right to complain.

Providing Information to Data Subjects

  • Data subjects can request personal data or related information by emailing the Data Protection Officer.
  • The Data Protection Officer verifies data access requests against the requester’s valid identity document before granting access.
  • Prompt handling of data access requests is ensured.
  • Transmission of Personal Data
  • Transmission of personal data to internal stakeholders or third parties (data recipients) requires the data subject’s voluntary consent.
  • Data recipients are bound by a Service Level Agreement to use personal data only for defined purposes and comply with data protection standards.
  • Agreements are unnecessary for data transmission requests from regulatory authorities, permitting disclosure of personal data to law enforcement agencies under legal obligations.

Data Retention

The Company organizes personal data records with purpose logs for at least six (6) years.

Violation and Reporting

Non-compliance with data protection principles is not tolerated, leading to investigations and appropriate actions against involved parties.

Depending on the violation’s severity and impact, employment arrangements may be suspended or business relationships terminated.

Staff and external stakeholders are encouraged to report suspected non-compliance with data protection requirements, escalating matters to the Group’s Data Protection Officer.