RJ Fleming DIFC Data Privacy Notice
We value your privacy and are committed to protecting it in accordance with applicable data protection laws.
This privacy notice explains what personal data we collect, and how we use and safeguarded it during and after your relationship with us.
1. General information about this privacy notice
This notice relates to R.J. Fleming & Co. (DIFC) Limited (which we refer to as “RJ Fleming DIFC”, or “we”/ “us”/ “our”). Where we refer to "Associates", we mean other entities within our group, details of which you may request by contacting us.
We are incorporated in the Dubai International Financial Centre (“DIFC”) under commercial license number CL2317 and are regulated by the Dubai Financial Services Authority ("DFSA"). We are subject to the Data Protection Law, DIFC Law No. 5 of 2020 (which we refer to as “DIFC Data Law”), for purposes of which RJ Fleming DIFC is the data controller.
Our designated data protection contact is Nofal Tariq Shaikh, who you can contact by email on privacy@rj-fleming.com or by post at Office 421, Index Tower, DIFC, PO Box 507137, Dubai, UAE or by telephone on +971 4327 9999.
2. Personal data that we collect
We collect, store and use your personal data to provide you with our services, administer our business and operations and to meet our legal, statutory and contractual obligations. We will never collect unnecessary personal data from you.
When we refer to “personal data” we mean any information about an individual from which that person can be identified, which we have in our possession or control and when we refer to "process" we mean collect, store, use, disclose or transfer.
The personal data we collect includes information that:
-
you or someone acting on your behalf provides to us or our Associates such as relating to our business dealings with you or that you otherwise provide by communicating with us including giving us your business card;
-
we obtain from other sources such as your organisation, databases that provide integrity or credit check information, public registers, other parties you have dealings with, and regulators and authorities; and
-
we collect or generate about you such as when you attend our seminars, use our services, interact with our website, or sign up for newsletters (please see our Cookie Policy).
Such information may include:
-
contact details such as your name, organisation, home, business and email addresses and telephone numbers;
-
identity documents (and included information e.g. ID numbers, nationality, photograph, date of birth, biometric);
-
reports and information obtained for tax reporting and credit and integrity checks (incl. criminal records);
-
due diligence results and references provided by third parties;
-
professional information such as your membership of a professional association;
-
information about your business, transactions, finances, holdings and relationships to others;
-
bank account and payment data (only if voluntarily provided by you or contained in our bank statements);
-
information about legal proceedings you are connected with (if required for our services or by law or regulation);
-
recordings of telephone calls between you and us (only where we have a specific legal basis);
-
data relating to your preferences where it is relevant to advice or services we provide;
-
details of your visits to our premises;
-
special dietary or health requirements you may have (which we will only use if you provide your consent);
-
data collected by our website or technology systems (please see our Cookie Policy).
3. How we use your personal data and our legal basis for doing so
We take your privacy very seriously and only process your personal data for our legitimate business purposes such as those provided below. We will not use your personal data for taking any automated decisions affecting you or creating profiles other than described below.
-
providing a range of services to our clients and carrying out requests or instructions of clients or potential clients;
-
working on transactions or potential transactions we are involved with;
-
organising and holding meetings and events;
-
conducting compliance and due diligence procedures required under applicable laws and regulations;
-
assessing the suitability of our clients including by obtaining and verifying their financial and business information;
-
keeping records in relation to our business activities and where required under applicable laws and regulations;
-
monitoring and assessing compliance with our policies and business standards (including customer surveys);
-
maintaining our database of clients and business contacts and their respective business interests and activities;
-
seeking and receiving products and services from independent contractors, service providers and suppliers;
-
administering our business relationships including billing, accounting, auditing and making or receiving payments;
-
identifying and preventing fraud other unlawful activity;
-
safeguarding and defending our legal rights and interests, and complying with our legal and regulatory obligations;
-
identifying authorised persons on behalf of our clients, customers, suppliers and/or service providers;
-
providing information and updates to our clients and business contacts with respect to our products, services and activities, latest market developments, announcements, as well as transaction or business opportunities we are involved with (please notify us on the details provided in ‘Section 8: Contacting RJ Fleming DIFC’ if you do not wish to receive such communications);
-
for any purpose related to the above or any other purpose for which your personal data was provided to;
Depending on the purpose, we may process your personal data on one or more of the following legal grounds:
-
performance of a contract - i.e. to enter into a contract with you, or to perform our obligations under a contract with you, or a client to whom you are connected;
-
legitimate interest - i.e. as necessary for our legitimate interests (as explained above), but only if your fundamental rights do not override those interests;
-
compliance with law or regulation - i.e. as necessary to comply with obligations under any laws and regulations that are applicable to us;
-
consent - i.e. we may (but generally do not) need your consent to use your personal data (you can withdraw your consent by notifying us on the details provided in ‘Section 8: Contacting RJ Fleming DIFC’);
4. Disclosure and transfer of your personal data
We do not sell any data and we do not share or disclose your personal data without your consent except as mentioned in this notice or where there is a legal or regulatory requirement.
We may disclose and share your personal data:
a. within our group including our directors, employees and agents, and those of our Associates:
-
for internal management and administration purposes; and/or
-
to provide services or perform obligations or activities in connection with your or your organisation's contracts, transactions, instructions or requests relating to us.
We take steps to ensure that personal data is accessed only by those persons who need to do so for the purposes described in this notice;
b. with third-parties where we have a legitimate interest or where required by law or regulation, as follows:
-
service providers who perform services or functions relating to the administration and operations of our business (and will only use your personal data for these purposes);
-
independent contractors (e.g. advisers and consultants) who provide services or perform obligations or activities in connection with your or your organisation's contracts, transactions, instructions or requests relating to us;
-
such parties that are relevant to the services outlined in our contract with you or your organisation (e.g. counterparties to transactions, professional advisers, stock exchanges or regulators);
-
companies that provide reports and services to help us carry out our compliance and due diligence procedures and other due diligence on clients such as credit assessments;
-
if we, acting in good faith, consider disclosure to be required under any law, regulation or court order that applies to us (including but not limited to the DFSA and the DIFC Authority);
-
in order to establish, exercise or defend our legal rights, for example if we need to obtain external legal advice or provide personal data in connection with judicial proceedings;
-
to the counterparty or prospective counterparty, if we and/or our Associates restructure or sell any our business (your personal data would only be disclosed to the extent it is required and subject to appropriate data protection).
We take steps to ensure that service providers and independent contractors referred to above to whom we disclose or transfer your personal data will only process it in accordance with our instructions and/or our data protection policies and the DIFC Data Law.
Transfers of data outside of the DIFC
Personal data in the DIFC is protected by the DIFC Data Law however some other countries may not necessarily have the same high standard of protection. For purposes of administration and operation of our business and providing our services, it is sometimes necessary for us to transfer and store your personal data outside the DIFC. For example, where our service providers are based outside of the DIFC or our international teams outside of the DIFC are involved in the services we are providing to a client).
When we transfer your personal data out of the DIFC, we will ensure a similar degree of protection is afforded to it, by ensuring that:
-
personal data is transferred to countries which the DIFC deems to provide an adequate level data protection (for further details see DIFC: Adequate Data Protection Regimes at https://www.difc.ae/business/operating/data-protection/adequate-data-protection-regimes/; or
-
recipients of personal data have entered a contractual agreement which provides similar protections as in the DIFC (generally based on the ‘Standard Data Protection Clauses’ approved for use by the DIFC)
In other circumstances the law may permit or require us to otherwise transfer personal data outside the DIFC. In all cases, however, we will ensure that any transfer of personal data is compliant with the DIFC Data Law.
You can request further details of the protection given to your personal data when it is transferred outside the DIFC by contacting us on the details provided in ‘Section 8: Contacting RJ Fleming DIFC”).
5. Data security
We have put in place appropriate measures to protect the security of your personal information.
Third parties will only process your personal information where they have agreed to treat the personal information confidentially and to keep it secure.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to access it. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
6. Retention of personal data
The time period for which we retain your personal data will be determined by various criteria including the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data, and the applicable legal requirements.
In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.
7. Your rights in relation to personal data
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.
Under certain circumstances, under the DIFC Data Law you have the right to:
-
request access to or information about the personal data we hold about you or its processing, which also includes your right to receive a copy of the personal data that you have provided to RJ Fleming DIFC or request for it to be transferred to a third party to the extent it is feasible
-
request rectification or correction to the personal data that we hold about you, if it is inaccurate or incomplete
-
request erasure of the personal data we hold about you (please note that there may be certain circumstances where you request erasure but we are entitled or required to retain it pursuant to applicable law or regulation)
-
object to processing or request restriction of processing of the personal data we hold about you (please note that there may be certain circumstances where you object or request restrictions but we are entitled or required to continue processing your personal data and / or to refuse that request pursuant to applicable law or regulation)
-
withdraw your consent provided in relation to processing of the personal data we hold about you (please note that in certain circumstances it may be lawful for us to continue processing your data where we have another legitimate reason (other than consent) for doing so, and that we generally do not rely on your consent in order to process your personal data for the purposes and in the manner set out in this privacy notice)
-
complaint with the office of the DIFC Commissioner of Data Protection if you think that any of your rights have been infringed by us;
-
data portability to receive your personal data in a structured, commonly used and machine-readable format;
You can exercise your rights by contacting us using the details set out in "Section 8: Contacting RJ Fleming DIFC" section below. You can also find out more information about your rights by contacting the office DIFC Commissioner of Data Protection.
8. Contacting RJ Fleming DIFC
If you would like further information about our processing of your personal data or would like to exercise of any of your rights referred to above, please contact our data protection contact as follows:
Name:
By email:
By post:
By phone:
Nofal Tariq Shaikh
Office 421, Index Tower, DIFC, PO Box 507137, Dubai, UAE
+971 4327 9999