Privacy Policy

 

Overview

 

This Privacy Policy applies to anyone whose Personal Data is provided to us. It sets out how and why we collect, store, use and share your Personal Data. It also tells you about your privacy rights and how the law protects you. It tells you how you can contact us if you have any suggestions, questions or concerns about how we handle your Personal Data. 

 

“We” or “us” means Abu Dhabi Global Market (ADGM) and/or (depending on the context) each of the four Authorities that sit within ADGM being:

1. a) the Registration Authority (RA);
2. b) the Financial Services Regulatory Authority (FSRA);
3. c) the ADGM Courts; and 
4. d) the ADGM Authority,

each an Authority and together the Authorities. More information about ADGM and its Authorities can be found on our website www.adgm.com.

The entity (ADGM or an Authority) that you deal with when providing your Personal Data will usually be the Controller in relation to the Processing of your Personal Data. It should be clear to you from your dealings with us which entity that is – if it is not, you can contact us for more information. 

 

We may sometimes Process Personal Data as a joint Controller, for example where we make joint decisions about Processing Personal Data with other authorities, or as a separate Controller, for example where we share Personal Data with other authorities. Where this happens we will, if necessary, notify or redirect individuals to the other authority or Controller, in relation to exercising their individual rights.

 

Certain terms used in this Privacy Policy are explained in the Glossary. To make it easier to read, we may still use or define terms that are defined in the Glossary in full, in the body of this Privacy Policy as well.

 

The Data Protection Regulations 2021 (DP Regulations) apply to how we approach data privacy. In certain circumstances, other laws may apply to Personal Data we Process. 

 

Contents

 

1. 1.How we collect Personal Data
2. 2. What personal information we collect
3. 3. How we use your Personal Data
   1. a. General
      1. i. Website
      2. ii. Communications and Events
      3. iii. Recruitment
      4. iv. Consultation
      5. v. Sharing information with other agencies or authorities:International Data Processing
      6. vi. Complaints
   2. b. Registration Authority
      1. i. The Register of Companies
      2. ii. Immigration Services
      3. iii. Enforcement and Monitoring
   3. c. Financial Services Regulatory Authority
      1. i. Authorisation and Supervision
      2. ii. Markets
      3. iii. Enforcement
      4. iv. Confidentiality
      5. v. The Financial Services Regulatory Authority Public Register
   4. d. ADGM Courts
4. 4. Lawful basis for Processing
5. 5. Sharing Personal Data
6. 6. Where we store your Personal Data
7. 7. Data Security
8. 8. Data retention
9. 9. Cookies and Third-Party Websites
10. 10. Your rights
11. 11. Our Data Protection Officer and how you can contact us
12. 12. Changes to our Privacy Policy
13. 13. Glossary
14. 14. ADGM Cookie Policy

1.         How we collect Personal Data

We collect Personal Data from individuals or their authorised representatives. There are several ways in which we collect this data, including through:

 

1. a) email and telephone contact with us;
2. b) web-based conference or video calls with us;
3. c) onsite visits or other meetings that take place with us in person;
4. d) use of our website, including applications, surveys, online forms and systems available on our website; 
5. e) other online applications we make available including our online registry solution, ACESSADGM, ADGM eCourts platform and Electronic Prudential Reporting System; 
6. f) in connection with recruitment or employment;
7. g) correspondence and other documents (hand delivered or sent to us by post or courier);
8. h) engagement with governments, regulators, official bodies, authorities and organisations;
9. i) ADGM or Authority outreach and information sessions;
10. j) visitor sign-in at any of our offices;
11. k) security cameras; 
12. l) Wi-Fi sign-in; and
13. m) subscriptions (for example, alerts, media releases, consultation papers, discussion papers, publications, changes in legal framework, dear SEO letters and human resources systems and updates).

 

We may receive Personal Data from entities in connection with their registration or licensing in ADGM or by any Authority, including in relation to officers, directors and approved individuals. Entities may also share Personal Data with us in connection with visa and immigration services. We expect anyone who provides us with Personal Data to do so in compliance with all applicable laws including the DP Regulations.

 

In some circumstances we may collect Personal Data about individuals from third parties in the course of:

1. a) preparing or receiving reports of suspected misconduct or other complaints;
2. b) receiving claims that are filed with the Courts;
3. c) carrying out our supervisory oversight or investigative functions and activities;
4. d) carrying out our authorisation, registration and other statutory functions;
5. e) receiving information from or co-operating with other governmental, regulatory or law enforcement agencies or public bodies;
6. f) receiving other documents (such as tender documents that contain Personal Data); and
7. g) recruiting our employees and engaging contractors or service providers.

 

Where we collect your Personal Data from third parties, we do so on the legal bases set out in sections 3 and 4 of this Policy. 

 

2.         What personal information we collect

 

The Personal Data that we collect depends on how or why you are interacting with us, what services we are providing, or what supervisory or regulatory functions we are carrying out. 

 

In many cases it will be mandatory for you to provide Personal Data to ADGM to enable us to provide services and/or to fulfil our statutory functions, such as to incorporate, maintain and dissolve a company, to supervise regulated financial activities, to receive claims at the Courts and/or to obtain immigration services. If you do not provide us with the requested Personal Data in these instances, we will not be able to provide you with the relevant services. 

 

The types of personal information we may collect include:

 

•  • Names,  and contact details such as current and previous email addresses, postal addresses, residential addresses, phone numbers and other contact information; 
•  • Nationality, residency, date and place of birth, passport numbers and other information available on copies of identification documents such as passports and ID cards;
•  • Education, professional history and employment history;
•  • Criminal records, complaints and allegations, personal opinions and reports;
•  • Communication records, government records and health information;

•  • Records of correspondence including email communications;

•  • Payment information such as credit or debit card numbers and bank account details;
•  • Device information such as your IP address as well as browsing history; 
•  • CCTV footage if you visit ADGM’s offices;
•  • Special Categories of Personal Data such as criminal records, where permitted. 

 

Minors (i.e. individuals under the age of 18) should not provide us with their Personal Data – it should be provided via their parent or guardian. Where we receive Personal Data relating to a minor, we will assume it has been appropriately provided.

 

3.         Ways we use your Personal Data

 

Some of the ways we may use your Personal Data are set out below. 

 

General

 

Website Use

 

We may use Personal Data which you provide to us or we collect from you to maintain and improve our website services as well as to develop new features to improve customer experience and support, authenticate users and send administrative messages. We may conduct data analysis, testing, and research and to monitor and analyse usage and activity trends. 

 

Communications and Events

 

When you sign up with us to receive news or information relating to an event or updates to our website(s) (for example: alerts, media releases, discussion papers, publications, changes to our legal framework and SEO letters), we will collect and Process your Personal Data to use in providing that news or information service to you. If you would like to withdraw your consent to receiving these communications, you can contact us at any time. 

 

We also collect and Process the Personal Data of individuals acting in their capacity as representatives of their organisations during their professional engagement with us. We may do this via online surveys or submissions, emails, general enquiries via our website(s) or verbal communications with us. Where you have asked to receive news or information relating to an event from us, we will use the contact details you provide, such as your name and email address, for that purpose. 

 

We will sometimes use the contact details of those with whom we have a relationship in their capacity as representatives of their organisation, to invite them to events or to provide them with information relevant to their relationship with us. We will also use the Personal Data you provide to us for the above purpose to ensure any of our information sessions and events are carried out in an appropriate and safe manner, and in accordance with agreed contracts and applicable law and regulations. 

 

We regularly arrange and host events. Photography and videography may take place at these events and may be published on our website and social media channels. If you attend an event and do not wish to be photographed, please speak to a member of staff so that suitable arrangements can be made, as far as possible.

 

Recruitment

 

As part of any recruitment Process we will collect and Process the Personal Data of candidates at various stages. This includes personal details, family details, resume information and interview records. The legal basis for Processing this Personal Data is our legitimate interest in screening and evaluating candidates to work at ADGM or one of the Authorities, as well as for the purposes of entering into a contract prospectively in due course. Information collected as part of the recruitment Process will be shared with external parties on a ‘need to know’ basis – which includes but is not limited to governmental national security agencies for obtaining security clearances; immigration department for Processing visas; and medical entities conducting medical checks on prospective staff.

 

Consultation 

 

Various functions across ADGM and its Authorities are involved in strategic planning which covers several areas of activity, including agreement on strategic themes and the setting of regulatory priorities. This includes working with Abu Dhabi and federal government bodies as well as international public authorities. We also engage with international standard setting bodies, working groups and committees on changes in international standards and the need to regulate appropriately new business models and types of financial services activity. 

 

In carrying out the above responsibilities, we regularly consult with bodies and individuals who are affected by or are interested in the legislation we administer, and receive information as a result. We may receive this information in the form of submissions in response to a consultation or discussion paper we have published or through less formal processes, such as meetings, telephone calls or written correspondence. We use this information for the purpose of reviewing and determining our policies. The information provided to us during consultation may include Personal Data, such as the contact details of the individual giving us the information or Personal Data relating to the conduct of their regulated activities. We may publish the results of our consultations (for example, in a feedback statement).

 

Sharing information with other agencies or authorities: International Data Processing

 

To achieve our various objectives including as a global financial centre and a financial services regulator, we need to work with other regulatory agencies and official bodies and authorities within Abu Dhabi and the UAE, as well as with international regulators and organisations (Official Agencies and Authorities). 

 

We have statutory authority to exercise various powers at the request of, and on behalf of, other governmental, regulatory and law enforcement agencies both inside and outside the ADGM and the UAE. We are a signatory to international cooperation agreements with several Official Agencies and Authorities. During our engagement with Official Agencies and Authorities, we may obtain confidential information, including Personal Data on their behalf and share that information with them to assist with their official duties and functions. We may also receive confidential information, including Personal Data, from Official Agencies and Authorities to assist with our regulatory functions and duties. The information we obtain on behalf of Official Agencies and Authorities and share with them will depend upon the nature of the request they have made but may include Personal Data and Special Categories of Personal Data relating to the individual from whom we obtain the information or relating to other third parties. When considering whether to comply with a request made by an official agency or authority, we will assess whether there are legitimate reasons for the request and whether the authority making the request has the appropriate standards in place to deal with any confidential information, including Personal Data, we provide to it. 

 

Complaints

 

We collect Personal Data for the purposes of receiving and assessing complaints made against us. We have in place procedures to receive, assess and seek to resolve any formal complaints made in respect of the actions of the ADGM, any of its Authorities or any of our employees in a regulatory matter. While we try to minimise the Personal Data that we collect and Process for this purpose, we are often required to collect a wide range of information to consider and investigate complaints we receive. That information will include Personal Data relating to the complainant and will often include Personal Data of third parties, such as other individuals involved in the matters giving rise to the complaint. Where you make a complaint to us regarding one of our employees, it may be necessary for the person handling the complaint to contact the employee in question. Although we do not explicitly ask for Special Categories of Personal Data in our complaints form, it is possible that such information may be included in the details of the complaint by the complainant.

 

The Registration Authority 

 

The Register of Companies

 

The RA maintains the register of all ADGM legal persons including limited companies and partnerships. There are various degrees of transparency in respect of their affairs that are required of different legal persons registered in ADGM. For example, to incorporate a company, you must provide to the Registrar Personal Data of the directors, shareholders and beneficial owners. The Registrar is required to maintain a Register of Companies with certain information available to the public. Personal information on the public record includes the details of past and present directors and shareholders. 

 

The RA may also Process Personal Data when carrying out the monitoring of compliance, and where necessary taking enforcement action, in relation to ADGM’s commercial rules and regulations. 

 

Immigration Services 

 

We provide immigration services, such as facilitating UAE residency visas for employees of ADGM registered legal entities. To arrange these immigration services, ADGM will collect and transfer your personal information outside ADGM to certain third parties, including but not limited to, Abu Dhabi Ministry of Interior, visa screening centres, Emirates Identity Authority and health insurance providers. By submitting the required form, you are giving your consent to the collection and transfer of your Personal Data. ADGM will not use the information that you provide in relation to these services for any other purpose without your consent. 

 

Enforcement and Monitoring

 

The Financial Services Regulatory Authority

 

The FSRA mainly Processes Personal Data when carrying out its regulatory functions including authorisation, supervision, market oversight and enforcement. We have set out further information on when and why this happens below. For further information on our approach to authorisation and supervision, markets and enforcement see our Guidance and Policies manual here. 

 

A.          Authorisation and Supervision

 

The FSRA’s powers and functions under the legislation it administers include assessing and deciding upon applications to be authorised or approved to carry on certain financial and ancillary activities or functions in the ADGM. 

 

Applicants include individuals seeking approval to carry out certain functions within an authorised firm, who are required to meet certain standards relating to their experience, knowledge and qualifications. That means it is necessary for us to collect and Process Personal Data (including some Special Categories of Personal Data) relating to those individuals. 

 

The FSRA’s powers and functions also include supervision and oversight of firms whose activities are regulated by us (Regulated Entities), the individuals we approve to undertake certain functions, and the markets we regulate. One of the reasons this is required is to monitor compliance with various legislation we administer, including legislation relating to international taxation compliance and anti-money laundering. It is necessary for us to collect and Process Personal Data to exercise those powers and functions. This includes information relating to the employees, officers, directors, clients and customers of Regulated Entities to help us make informed judgements on whether they are operating properly and/or whether their customers or other market participants are experiencing harm. Sometimes includes Special Categories of Personal Data. We expect anyone who provides us with Personal Data about individuals to do so in accordance with applicable laws.

 

B.           Markets

 

Our powers and functions under the legislation we administer include licensing and supervising recognised bodies including certain kinds of exchange and clearing house. We also recognise those financial markets that operate an exchange or clearing house outside the ADGM without having a physical presence in the ADGM but that make their services available to persons in the ADGM. We also recognise trading and clearing members of a recognised body who operate in a jurisdiction other than the ADGM and do not have a physical presence in the ADGM. We oversee offers of securities in or from the ADGM and supervise reporting entities by monitoring their on-going market disclosures and compliance with relevant regulations and rules. 

 

The FSRA’s powers and functions also involve market surveillance to monitor compliance with the legislation we administer and to detect irregularities, including disclosure of inside information, market abuse and other market related misconduct. To undertake our licensing, supervision and surveillance work, we are often required to collect a wide range of information and may request information to help us make informed judgements on whether persons operating under our oversight are conducting their activities in accordance with applicable legislation, whether investors or other market participants are experiencing harm, and the integrity of the markets we regulate. This information may include Personal Data (including Special Categories of Personal Data) relating to individuals, such as directors, Controllers, employees, investors, shareholders and ultimate beneficial owners. 

 

C.           Enforcement

 

The primary function of the enforcement functions in the RA and FSRA is to prevent, detect and restrain conduct that causes or may cause damage to the reputation of the ADGM or the financial services industry in the ADGM. 

 

The RA and FSRA are empowered to conduct investigations into suspected contraventions of the legislation they each administer, and may exercise their powers to obtain information, conduct inspections, compulsorily obtain books and records, or require individuals to participate in interviews under oath or affirmation. Court proceedings may be initiated, or penalties or other sanctions may be imposed where we are satisfied that contraventions have occurred, which may involve communicating to the public the basis on which we have taken action and our reasons for doing so. We may also refer any conduct which could constitute a breach of criminal law to relevant local, federal or international authorities. 

 

It is necessary for us to collect and use Personal Data for the above purposes to meet our statutory obligations. We are often required to collect and Process a wide range of information relevant to suspected contraventions from a wide variety of sources. We may, for example, collect information from individuals who report suspected misconduct, potential witnesses, the firms or individuals who are the subject of our investigations or from other governmental, regulatory or law enforcement agencies. This information will usually include Personal Data (including Special Categories of Personal Data) relating to the subject(s) of our investigation or other actions, or to other individuals, such as the directors, Controllers, employees or customers of the subject(s) of our investigation, potential witnesses or the individuals who have made a complaint or raised concerns of misconduct. 

 

For further information on our approach to enforcement, for the RA please refer to its Decision Procedures, Disqualification and Enforcement Manual here and for the FSRA the Guidance and Policies manual here . 

 

Confidentiality

 

Personal Data held by the FSRA will often be confidential information that the FSRA has received while carrying out its functions and activities as the regulator of financial services in the ADGM. The legal obligations in relation to FSRA’s use and disclosure of such confidential information can be found in Sections 198 and 199 of the Financial Services and Markets Regulations 2015. In certain circumstances, these obligations of confidentiality may mean the FSRA is unable to provide access to Personal Data it holds when requests are made under the DP Regulations 2021. This is consistent with the law. 

 

The Financial Services Regulatory Authority Public Register

 

The FSRA Public Register is a public record of both firms and individuals that are, or have been, regulated by the FSRA. Most of the information on the FSRA Public Register is about the firm’s business, such as what it does and how it can be contacted, but some Personal Data about the firm’s employees and former employees who are or were required to be approved by us is also included (these are called Approved Persons). 

We are required by law to make this information publicly available. We Process this Personal Data under Article 5(1)(e) of the DP Regulations.

 

The ADGM Courts

 

Personal Data Processed by the Courts 

 

The Courts Process a broad range of Personal Data necessary for the administration of justice and other civil justice services.   This may include the types of personal information set out in section 2 of this Policy including highly sensitive information (i.e. Special Categories of Personal Data).  The categories of Personal Data Processed by the Courts depend on the nature of the proceedings concerned and the nature of the services provided (i.e. in addition to Personal Data Processed in connection with the judicial services of the Courts, Personal Data may be Processed under the auspices of the Courts pro bono scheme, notary public services and Wills office or court-annexed mediation scheme).     Personal Data is predominantly Processed by the Courts using the eCourts platform where data is stored on the cloud. 

 

Purpose of Processing and legal basis

 

Personal Data is Processed for the performance by the Courts of their judicial and related functions.  Connected with this is the Personal Data that is Processed by the Courts Registry to facilitate the administration of justice and the efficient management and operation of the Courts.  The legal basis for the Processing of Personal Data by the Courts is provided for by statute or otherwise by the operation of law.  The Courts do so as this is necessary in the public interest or in the exercise of official authority vested in them.  The public interest is the administration of justice.  In recognition of this, the DP Regulations contain certain exceptions that uniquely apply to the Courts Processing of Personal Data.  Personal Data may also be Processed for other purposes including statistical analysis and, where appropriate, direct promotion of court-related news, developments or events.

 

Sharing and publication of Personal Data

 

Open justice is an overarching feature of the Courts.  Accordingly, court hearings, during which Personal Data may be disclosed, are (with limited exceptions) required to be held in public. Personal Data contained within a judgment or decision of the Courts, or a list or calendar of proceedings or hearings, is usually made accessible to the public by publication on the Courts website.  Personal Data that is contained in court records can be made available to persons that are entitled or permitted to access those records (which may include non-parties and members of the press).

 

The Courts also require the assistance of third parties in order to operate which may include hearing and transcription service providers, interpreters and IT support.  These third parties will have access to Personal Data that is Processed by the Courts in the provision of their services.    Your Personal Data may also be shared with other courts, regulatory authorities and public authorities where this is necessary to further the administration of justice or to comply with, or to fulfil, legal obligations.

 

The ADGM Arbitration Centre

 

In its role as a hearing centre for arbitrations and mediations, the ADGM Arbitration Centre (“ADGMAC”) will also Process Personal Data.  Unlike court hearings, arbitration and mediation hearings are to be conducted in strict confidence.  Accordingly, ADGMAC will only disclose Personal Data provided to it in discrete circumstances with the consent of the parties and only for the purpose for which the parties’ consent has been provided; usually this occurs in the context of ADGMAC facilitating an arbitration hearing (i.e. if the parties to an arbitration request transcription or other hearing-related services which require the involvement of a third party).      

 

ADGMAC also Processes Personal Data for other purposes including in relation to its arbitrators and mediators’ panels which are publicly accessible on ADGMAC’s website (any disclosure of Personal Data is only made with the consent of the persons concerned).   ADGMAC may also Processes Personal Data for the direct promotion of arbitration or mediation related news, developments or events (but not hearings).  An example of this is where an ‘email distribution list’ is used by ADGMAC to promote an upcoming seminar, the release of a publication or some other arbitration or mediation related event. 

 

4.         Lawful basis for collection and Processing of Personal Data

 

We collect Personal Data only where it is relevant to and necessary for specified, explicit and legitimate purposes determined at the time of collection. 

 

Generally, we Process Personal Data on one or more of the following grounds set out in Section 5 of the DP Regulations:

1. a) in the exercise of ADGM’s or an Authority’s functions (Section 5(1)(e) of the DP Regulations);
2. b) for the performance of a task carried out by ADGM or an Authority  in the interests of ADGM (Section 5(1)(e) of the DP Regulations);
3. c) in the exercise of official authority by ADGM or an Authority under applicable laws (Section 5(1)(e) of the DP Regulations);
4. d) for the performance of a contract to which an individual is a party or to take steps at the request of an individual before entering into such contract (Section 5(1)(b) of the DP Regulations); 
5. e) where Processing is necessary for ADGM and/or an Authority to comply with applicable laws (Section 5(1)(c) of the DP Regulations); and
6. f) in certain circumstances, we may rely upon the consent of an individual given for specific purposes in accordance with the DP Regulations (Section 5(1)(a) of the DP Regulations).

 

The legislation published and/or administered by ADGM and its Authorities can be found here: ADGM laws and regulations.

 

If we collect Personal Data while exercising one of our powers or functions (for example, receiving a report of suspected misconduct or when conducting an investigation) and that Personal Data is relevant to exercising one of our other powers or functions (for example, determining an application for authorisation), we will, in general, use that Personal Data for that other purpose.

 

We do not usually ask for any Special Categories of Personal Data from individuals, except in the following circumstances:

1. a) in relation to matters concerning the integrity of individuals as provided for under RA and FSRA administered law, regulations and rulebooks;
2. b) in relation to the issuance of visas and facilitation of immigration services; and
3. c) hiring employees and engaging with our employees.

 

The DP Regulations identify certain Personal Data Processing which leads to a high risk to the rights and freedoms of individuals by virtue of the nature, scope, context and purposes of the Processing of their Personal Data and imposes specific requirements concerning such activities. We do not ordinarily undertake any of the high-risk Processing activities as described in the DP Regulations.

 

Unless we explicitly tell you on a case by case basis, we do not engage in automated decision-making when Processing Personal Data.

 

5.         Sharing Personal Data

 

We may share Personal Data between the ADGM and the Authorities.

 

We may share Personal Data in the following circumstances:

 

1. a) to our third-party professional advisors, service providers, agents, subcontractors and other organisations for the purposes of providing services to us or to you on our behalf, who are under a duty of confidentiality with ADGM; 
2. b) professional advisors and service providers to the extent that they need access to such information for the purpose of or in connection with Processing your application(s) or facilitating or issuing your ADGM permit(s);
3. c) any court, tribunal, or regulatory, supervisory, law enforcement, governmental or quasi-governmental authority. This includes disclosure to other regulators, official bodies and authorities and law enforcement agencies both inside and outside ADGM and the UAE in the context of our various regulatory roles including supervision of various anti-money laundering and counter-terrorist financing requirements;
4. d) parties involved in investigations (such as firms, individuals and their legal advisers); 
5. e) local and international company registrars; 
6. f) any person to whom information is required or requested to be disclosed by any governmental, taxation or other regulatory authority or similar body or pursuant to any applicable law or regulation; and 
7. g) third parties in an aggregated and/or anonymized form which cannot reasonably be used to identify you. 

 

We may also share your Personal Data with our subsidiaries for internal reasons, primarily for business and operational purposes. 

 

In most cases, the laws of ADGM allow us to share this information without the consent of the individual to whom the Personal Data relates. Where we are required to obtain such consent, we ensure that we obtain adequate consent from the relevant individual in accordance with the DP Regulations. In other cases, we may be compelled to disclose Personal Data due to a mandatory legal obligation or by order of a court or other adjudicatory body or tribunal of competent jurisdiction.

 

We may also disclose your Personal Data to the public where it is necessary to do so in the exercise of our regulatory powers or functions. That may include circumstances:

1. a) where we are required to make that information available in a public register (as described above);
2. b) where we consider it necessary or appropriate to publish information to protect investors or potential investors or the public; 
3. c) in the context of publishing information and statements relating to decisions of the RA, FSRA, Appeals Panel or ADGM Courts;
4. d) in the context of publishing information and statements relating to RA and FSRA sanctions; or
5. e) otherwise for the performance of tasks carried out by us in the interests of ADGM.

 

We may share your Personal Data with any other person if we notify you and obtain your consent to the disclosure.

 

Your Personal Data may be processed by us, our subsidiaries and those other parties described above, outside of the ADGM. Where the ADGM Commissioner of Data Protection has not issued an adequacy decision in relation to the jurisdiction where your Personal Data is processed, we will ensure that there are adequate mechanisms in place to protect your personal information in accordance with applicable data protection and privacy law. We will do this through use of data transfer agreements implementing standard data protection clauses. 

 

6.         Where we store your Personal Data

 

The Personal Data that we collect from you may be securely transferred to and securely stored on our databases, located on our secure servers both in ADGM and in backup locations in the United Arab Emirates or abroad. 

 

7.         Data Security

 

We store Personal Data in electronic, digital and paper format. We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only Process your Personal Data on our instructions, and they are subject to a duty of confidentiality.

 

We have put in place procedures to deal with any suspected or actual Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. Where a direct communication to you will involve disproportionate effort, we may instead inform you via a public communication or other similar measures that are equally effective. 

 

Unfortunately, no data transmission over the internet can be guaranteed to be 100% secure. Therefore, ADGM cannot guarantee the security of any Personal Data you transmit to us over the internet, and you do so at your own risk. 

 

If at any point you suspect or become aware of a security incident (e.g. you receive a suspicious communication from someone holding themselves out to be our employee or from a unauthorised website claiming to be affiliated with us), please forward the communication to us or report the incident by email to dpo@adgm.com or in writing to the ADGM at PO Box 111999 Abu Dhabi, UAE, as soon as possible. 

 

8.         Data retention 

 

We Process Personal Data for such periods as is necessary to fulfil our statutory functions and for the purposes set out in this Policy, unless a longer period for the retention of Personal Data is required by law. 

 

We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

 

The Registration Authority and FSRA retain all records of companies for as long as the company is registered. Records of dissolved companies are currently retained for the duration of time that the relevant information is required for legal and statutory purposes, including personal information related to company directors and officers.  

 

Personal Data Processed based on consent will be retained for the period specified in the consent, or where not specified, until you withdraw your consent. 

 

9.         Cookies & Third-Party Websites

 

Our website uses cookies. A cookie is a small piece of data that a website stores on a visitor’s computer or mobile device. 

 Our website may from time to time contain links to and from other websites. This includes websites owned or controlled by independent parties not controlled or authorised by ADGM. If you follow a link to any of these websites, please note that these websites have their own privacy policy, data collection practices and security measures and we do not accept any responsibility or liability for these policies. Please ensure you check these policies before submitting any Personal Data. If you decide to access linked third-party websites, you do so at our own risk. 

 

The ADGM website is protected by reCAPTCHA and the GooglePrivacy Policyand Terms of Servicewill apply to that service.

 

10.       Your rights

 

Under the DP Regulations you have the following rights as an individual which you can exercise in relation to the Personal Data we hold about you. 

 

 

Right	What does this mean?
The right to object to processing	You have the right to object to certain types of processing, including processing for direct marketing (i.e. if you no longer want to be contacted with potential opportunities).
The right to be informed	You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Policy.
The right of access	You have the right to obtain access to your information (if we’re processing it), and certain other information (similar to that provided in this Policy). This is so you’re aware and can check that we’re using your information in accordance with applicable law.
The right to rectification	You are entitled to have your information corrected if it’s inaccurate or incomplete.
The right to erasure	This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
The right to restrict processing	You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for no further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
The right to data portability	You have rights to obtain and reuse your personal information for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.
The right to lodge a complaint	You have the right to lodge a complaint about the way we handle or process your personal information with ADGM Commissioner of Data Protection.
The right to withdraw consent	If you have given your consent to anything we do with your personal information, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal information with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal information for marketing purposes.

 

If you wish to exercise any of the rights set out above, please contact dpo@adgm.com

 

Note: your right of access can be exercised in accordance with DP Regulations and other applicable laws. There are circumstances where we may not be able to comply with your request, such as where we have a legal duty to retain Personal Data, or where access to Personal Data would prejudice the proper function of ADGM’s statutory duties. In addition, certain Authorities are required to adhere to certain legal requirements of confidentiality.

 

11.       Our Data Protection Officer and how you can contact us

 

We have appointed a Data Protection Officer (DPO) who oversees data privacy and data protection compliance across ADGM and each of the Authorities and informs and advises us on our data protection obligations. The DPO acts as our contact point with the ADGM Office of Data Protection. 

 

If you have any questions or requests or wish to make a complaint, you can let us know by email to dpo@adgm.com  or in writing to The Data Protection Officer, Abu Dhabi Global Market, PO Box 111999, Abu Dhabi, UAE. 

 

If you want to file a complaint with or contact the data protection authority in ADGM, i.e., the ADGM Office of Data Protection, you may do so by email to data.protection@adgm.com  

 

12.       Changes to our Privacy Policy

 

ADGM may amend this Policy from time to time to meet changes in the regulatory environment, business needs, or to satisfy the needs of our customers and service providers. Any changes we make to this Policy will be posted on our website and date stamped so that you are always aware of the latest update. You should check this page from time to time to ensure you are happy with any changes. 

 

13.       Glossary

 

This glossary sets out various terms we use in the Policy and what they mean. It doesn’t matter if we use them capitalised or not.

 

ADGM	Means Abu Dhabi Global Market. See Overview
Authority	Means any of the four authorities that sit within ADGM being: the Registration Authority; the Financial Services Regulatory Authority; the ADGM Courts; and  the ADGM Authority, each an Authority and together the Authorities. See Overview
Controller	Is defined in the DP Regulations. At the date of and in the context of this Privacy Policy, it means the entity which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.
Courts	Means the ADGM Courts.
Data Subject	Is defined in the DP Regulations. At the date of this Privacy Policy, it means an identified or identifiable living natural person.
DP Regulations	Means the ADGM’s Data Protection Regulations 2021, as amended from time to time.You can find these here
FSRA	Means the Financial Services Regulatory Authority.
Personal Data	Is defined in the DP Regulations. At the date of this Privacy Policy, it means any information relating to a Data Subject.
Process or Processing	Is defined in the DP Regulations. At the date of this Privacy Policy, it broadly means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, such as collection, recording, storage, use, disclosure or destruction.
RA	Means the Registration Authority.
Special Categories of Personal Data	Is defined in the DP Regulations. At the date of this Privacy Policy, it means (a) Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs; (b) Genetic Data, Biometric Data for the purpose of uniquely identifying a natural person, Data Concerning Health or data concerning a natural person's sex life or sexual orientation; and (c) Personal Data relating to criminal convictions and offences or related security measures.
“We” or “us”	Means ADGM and/or (depending on the context) each of the Authorities.

 

14.       ADGM Cookie Policy

 

       1. Overview

 

This Cookie Policy sets out how and why we handle your personal data through the use of cookies. 

 

Abu Dhabi Global Market (“ADGM”) respects the privacy of individuals that it deals with and is committed to protecting it. This Cookie Policy explains the manner in which ADGM uses cookies and how you can disable them if you choose to do so. 

 

This Cookie Policy should be read alongside ADGM’s Privacy Policy. 

 

ADGM wishes to help you make informed decisions, so please take the time to read this policy carefully. 

 

For the purposes of this Cookie Policy, “we”, “our”, and “us” refer to ADGM. 

 

       2. What is a cookie?

 

A cookie is a small piece of data that a website stores on a visitor’s computer or mobile device. The information in this Cookies Policy will explain why we use cookies and the different types of cookies used. 

 

       3. Why do we use cookies?

 

We use different types of cookies on our website for different reasons, but we primarily use cookies for technical reasons to improve the user experience, or for analytics of website traffic. Cookies can improve the user experience, for example, by storing user preferences about our website. 

 

The data we collect using cookies helps us understand our customers better so that we can provide a more focused user experience. By using the knowledge of your previous visits to our website we can enhance your subsequent visits by suggesting content to match your requirements. 

 

       4. First-party and third-party cookies

 

Cookies are classified, on the basis of who creates them, as first-party cookies or third-party cookies. 

 

First-party cookies are created by the host domain and are used to add to the user experience. These cookies contain only the information that you enter on the host website and your IP address. Importantly, the data collected by first-party cookies is only available to the website owner. 

 

Third-party cookies are created by parties other than the website owner. These cookies tend to be more commercial and are used for cross-site tracking, retargeting and ad serving. 

 

We use both first-party cookies and third-party cookies on our website. We use third-party cookies on our website to assist with analytics and communication activities but do not use these cookies for advertising purposes. The third-party cookies used on our website are set out in Annex A to this Cookies Policy. 

 

       5. What types of cookies do we use?

 

The types of cookies we use fall into one of the categories listed below. Please refer to Annex B of this Cookie Policy for a detailed list of cookies we use and which appear on our website. 

 

Strictly Necessary

 

These cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. They allow you to navigate back and forth between pages without losing your previous actions from the same session. Since these cookies are necessary for the functionality of our website, we do not need to ask for your consent to use them. 

 

Functional

 

These cookies allow a website to remember your site preferences and choices you make on the site including username, region, and language. This allows the website to provide personalized features like local news stories and weather if you share your location and boost your overall user experience on our website. The data collected via these cookies is anonymous and these cookies do not track browsing activity across other websites. Similarly to strictly necessary cookies, we do not need to ask for your consent to use these cookies. 

 

Performance

 

Performance cookies are cookies used specifically for gathering data on how visitors use our website, which pages of our website are visited most often and whether the users get error messages on web pages. These cookies monitor only the performance of the website as the user interacts with it. These cookies do not collect identifiable information on visitors, which means all the data collected is anonymous and only used to improve the functionality of our website. We also use these cookies to gather statistical data on how our website is performing in order to make improvements. Despite the anonymity of the data collected we will seek your consent to the use of these cookies. 

 

Persistent

 

These cookies are stored on your device to help our website remember information, settings, preferences, or sign-on credentials that you have previously saved. This helps us to create a convenient and faster website experience for you. These cookies have an expiration date issued to it by the webserver so, when you close your browser and start it up again, the cookie is still there. Once the expiration date is reached, the cookie is destroyed. Persistent cookies track visitors as they move around our website to figure out what users like about the website to help improve the user experience. We will seek your consent to the use of these cookies. 

 

Session

 

The session cookie is a server-specific cookie that cannot be passed to any machine other than the one that generated the cookie. The session cookie allows the browser to re-identify itself to the single, unique server to which you had previously authenticated. The session key stored in the session cookie contains only a random number identifier that is used to index the server's session cache. There is no other information exposed in the session cookie. We will seek your consent to the use of these cookies. 

 

       6. Do not track function

 

Do not track is a function that allows you to opt out from being tracked by websites for any purpose including the use of analytics activities, advertising networks and social platforms. Do not track function is available in a number of browsers including: 

 

Firefox

 

Chrome

 

Safari

 

Opera

 

If you have enabled the do not track function, you will not be tracked. 

 

       7. Questions?

 

If you have any questions about the use of cookies on our website, or the storage and use of data collected from cookies, please email our Data Protection Officer at: dpo@adgm.com 

 

       8. Changes to our Cookie Policy

 

We may amend this Cookie Policy from time to time due to technology changes, or in order to meet changes in the regulatory environment, business needs, or to satisfy the needs of our customers and service providers. Any changes we make to our Cookie Policy will be posted on our website and date stamped so that you are always aware of the latest update. 

 

Last Updated: 20 September 2022

 

         ANNEX A

 

         THIRD PARTY COOKIES

 

We have third-party cookies on our website to assist with analytics and communication activities. We do not use third-party cookies for advertising purposes. The third-party cookies on our website is set out in the table below.  

 

No.	Cookie Name	Description	Type of cookie (functional, performance, persistent, session or strictly necessary)
1.	_ga	This cookie is used by Google Universal Analytics to track unique visitors.	Persistent
2.	_gid	This cookie Distinguishes users and tracks if they have visited the website.	Persistent
3.	ADRUM	This cookie contains the referral page URL and timing information to assist gathering First Byte Time for some browser types. When the agent loads on the subsequent page, it reads the information and then deletes the cookie. If there is no agent on that page, the cookie is deleted when the browser is closed. For privacy purposes, the URL of the referral page is hashed.	Persistent
4.	ADRUM_BTa	This cookie contains the backend transaction ID as well as timing info and is used to correlates end-user experience with the health of the backend app.	Session
5.	ADRUM_BT[1-5]	This cookie contains the business transaction numbers as well as timing and error info for the first five business transactions, such as ADRUM_BT1, ADRUM_BT2, etc.	Performance
6.	ADRUM_BTs	This cookie contains a link from a browser snapshot to a server snapshot.	Persistent
7.	ADRUM_BTh	This cookie is only written if there was a server-side error.	Functional

 

         ANNEX B

 

         COOKIES USED ON ADGM WEBSITE

 

We use cookies set out in the table below.  

 

No.	Cookie Name	Description	Type of cookie (functional, performance, persistent, session or strictly necessary)
1.	SC_ANALYTICS_GLOBAL_COOKIE	This cookie is used by our platform to identify repeat visits by unique users.	Persistent
2.	ASP.NET_SessionId	This cookie is used to identify the users session on the server.	Session
3.	cookies_popup	This custom cookie is used to hide/show the popup banner.	Functional
4.	cookies_preference _analytics	This custom cookie is used to store the user preference of opt in/opt out.	Functional