Online Data Protection Policy
Effective Date: May 2018
The Dubai International Financial Centre and/or its affiliates and entities (collectively “DIFC”, “we” or “us”) values your security and privacy. DIFC has its own data protection law, Data Protection Law. DIFC Law No. 1 of 2007 (the “DP Law”), and may for certain types of personal data processing, be subject to laws from other jurisdictions.
1. Scope and Application
This Policy applies to persons anywhere in the world who access or use our Website Services (“Users”).
2. Collection of Information
Information you give us (“Submitted information”): This is information you give us about you by filling in forms on any DIFC Connect App (the “App”) or any DIFC-owned Website, or by corresponding with us (for example, by e-mail or any other electronic form). It includes information you provide when you register using a DIFC-provided online client portal, or download and register to use the App, search for the App in the App stores (including but not limited to Apple App Store and Google Play Store), share data via the App's social media functions, and when you report a problem with the App, our Services, or any of our Sites. If you contact us, DIFCA will keep a record of such correspondence. The information you give us may include your name, address, e-mail address and phone number, certain device information, username, password, residential building, work address, photograph and other registration information you choose to provide.
DIFC Apps, Websites, products and services are for legitimate business purposes only. They are not targeted, intended or expected to be of use to children. Apart from providing information for specific services or purposes, as directed by DIFC processes, User provided contributions of content or contact information regarding or about children are expressly prohibited.
Information we collect about you and your device. Each time you use our App we will automatically collect the following information:
- technical information, including the type of mobile device you use, a unique device identifier (for example, mobile network information, your mobile operating system, the type of mobile browser you use, device token, device type, time zone setting (“Device Information”);
- details of your use of our App including, but not limited to traffic data, weblogs and other communication data, and the resources that you access (“Log Information”).
- location information, the App uses GPS technology to determine your current location. If you wish to use the particular feature, you will be asked to consent to your data being used for this purpose. You can withdraw your consent at any time via your mobile devices settings.
Other Information We May Collect Through Your Use of the Website Services
When you use any Website Services, we may collect personal information (i.e. information that could be used to contact you directly such as full name, postal address, phone number, financial information for User services, or email address; “Personal Information”) and demographic information (i.e. information that you submit, or that we collect, that is not personal information; this may include, but is not limited to, post code, hometown, gender, username), mobile network information, your mobile operating system, the type of mobile browser you use, time zone setting, device location, IP address, SMS data, transaction information, age/birth date, browsing history information, searching history information, and registration history information) (“Demographic Information” and, together with Personal Information, “Personal Data”).
3. Use of Personal Data
We may use Personal Data which you provide to us or we collect from you to:
- Provide, maintain, and improve our App and Website Services, including, for example, to facilitate payments, send receipts, provide products and services you request (and send related information), develop new features, provide customer support to Users, authenticate users, and send administrative messages;
- Perform internal administration and operations, including, for example, to prevent fraud and abuse of our Website Services; to troubleshoot software bugs and operational problems; to conduct data analysis, testing, and research; and to monitor and analyze usage and activity trends;
- Send you communications we think will be of interest to you, including information about products, services, promotions, news, and DIFC events, where permissible under DIFC Laws and according to local applicable laws; and to process contest, sweepstake, or other promotion entries and fulfill any related awards;
- Notify you about changes to our App and Website Services;
- Allow you to participate in any interactive features of our Website Services;
- Keep our Website Services safe and secure; and
- Personalize and improve the Website Services, including to provide or recommend features, content, social connections, referrals, and advertisements.
4. Processing, Storage and Transfer of Personal Data
We will take all steps reasonably necessary to ensure your data is processed fairly and lawfully, in accordance with the DP Law, other applicable laws and this Policy. By submitting your Personal Data, you agree to such transfer, storing or processing in order for DIFC to perform its general administrative and regulatory functions, including but not limited to responding to enquiries you raise via the App or Website, oversight of the business entities registered in our jurisdiction and maintaining contacts for future informational or promotional activities. DIFC does not engage in automated decision making when processing your Personal Data.
You agree that we have the right to transfer the Personal Data described in this Policy to and from, and process and store it in, the United Arab Emirates and (where applicable or required) with processors in other countries, some of which may have less protective privacy laws than those where you reside. Where this is the case, we will take appropriate security measures to protect your Personal Data in accordance with this Policy. DIFC is ISO 27001 certified and all information security policies are strictly enforced. Please see section 7 below for further details.
To preserve the integrity of our databases, to carry out on-going Website Services on behalf of all Users, for research, analytics and statistics purposes and to ensure compliance with applicable laws and regulations, we retain Personal Data submitted by Users for a reasonable length of time unless otherwise prescribed by applicable law. DIFC is not responsible for the accuracy of the information you provide, and will modify or update your Personal Data in our databases upon your request, as further outlined below. We will erase or archive from active use your Personal Data upon request, unless we are required to retain it in accordance with DIFC or other applicable laws or to perform agreed services. By accessing or using the App or Website Services, you do hereby represent and warrant that you understand that all information submitted by you through the App or Website Services or otherwise to DIFC may be used by DIFC in accordance with applicable laws and its policies.
5. Sharing of Personal Data
We may share Personal Data which we collect about you as described in this Policy or as described at the time of collection or sharing, including as follows:
Through Our Website Services
We may share your Personal Data:
- With third parties to provide you a service you requested through a partnership or promotional offering made by a third party or us;
- With third parties with whom you choose to let us share your Personal Data, for example other apps or websites that integrate with our API or Website Services, or those with an API or Service with which we integrate; and
Other Types of Data Sharing
We may share your Personal Data:
- With DIFC subsidiaries and affiliated entities;
- With vendors, consultants, marketing and advertising partners, and other service providers who need access to such Personal Data to carry out work on our behalf or to perform a contract we enter into with them;
- In response to a request for information by a competent authority if we believe disclosure is in accordance with, or is otherwise required by, any applicable law, regulation, or legal process;
- With law enforcement officials, government authorities, or other third parties as required by law;
- With third parties in connection with, or during negotiations of, any merger, sale of company assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company;
- If we otherwise notify you and you consent to the sharing;
- With third parties in an aggregated and/or anonymized form which cannot reasonably be used to identify you.
6. Your Rights and Choices
Marketing and Opting Out
DIFC supports Users’ applicable legal rights to opt-out of receiving communications from us and our partners at the point where we request information about the visitor. You have the option to ask us not to process your Personal Data for marketing purposes and to remove it from our database, to not receive future communications or to no longer receive our App or Website Services.
You may change your preferences at any time.
Please note that we may continue to send you transactional or service-related e-mails despite your desire to not receive promotional or marketing e-mail messages. Additionally, please note that if you elect to opt-out of receiving promotional e-mails from one of our websites, you may continue to receive promotional emails from our other websites, providers or other, non-affiliated marketers.
Finally, while we may remove your individual contact information from our professional contacts database, please be aware that if such information is in a different third party's marketing directory, you will need to request removal with such third party directly.
Access to and Correction of Your Personal Information
You have the right to access information held about you. Your right of access can be exercised in accordance with DIFC and other applicable laws. Any access request may, where permissible, be subject to a fee to meet any extraordinary administrative costs in providing you with details of the information we hold about you.
When you contact us about a potential personal data error, we will endeavor to confirm or verify the information in question, then correct verified inaccuracies and respond to the original inquiry. We will endeavor to send a correction notice to businesses or others whom we know to have received the inaccurate data, where required and / or appropriate. However, some third parties and third party sites may continue to process inaccurate data about you until their databases and display of data are refreshed in accordance with their update schedules, or until you contact them personally to ensure the correction is made in their own files.
Please review the available guidance for further information about individual rights regarding access to and control of DIFC personal data processing.
Changes to this Policy
We may change this Policy from time to time. If we make significant changes in the way we treat your Personal Data, or to the Policy, we will provide you notice through the App or Website Services or by some other means, such as email. Your continued use of the App or Website Services after such notice constitutes your consent to the changes. We encourage you to periodically review this Policy for the latest information on our privacy practice. We provide links to it through:
- The App or Website Services
- Incorporating it into our contracts, agreements, and other documents as necessary or appropriate
7. Security Precautions
DIFC makes every effort to ensure that your Personal Data is secure on its system. DIFC has staff dedicated to maintaining our data protection and security policies, periodically reviewing them and making sure that every DIFC employee is aware of our data protection and security practices. Unfortunately, no data transmission over the internet can be guaranteed to be 100% secure. As a result, DIFC cannot guarantee the security of any Personal Data you transmit to us, and you do so at your own risk.
DIFC has established policies and procedures for securely managing information and protecting Personal Data against unauthorized access. We continually assess our data privacy, information management and data security practices. We do this in the following ways:
- Establishing policies and procedures for securely managing information;
- Limiting employee access to viewing only necessary information in order to perform his or her duties;
- Protecting against unauthorized access to Personal Data by using data encryption, authentication and virus detection technology, as required;
- Requiring service providers with whom we do business to comply with relevant data privacy legal and regulatory requirements;
- Monitoring our websites through recognized online privacy and security organizations;
- Conducting background checks on employees and providing Data Privacy training to our team members;
Types of cookies we drop and the information collected using them include:
- Google Tag Manager - helps make tag management simple, easy and reliable by allowing marketers and webmasters to deploy website tags all in one place.
- Google Analytics - gives website owners the digital analytics tools needed to analyse data from all touchpoints in one place, for a deeper understanding of the customer experience.
- Pingdom - monitors sites and servers on the internet, alerting the website owners if any problems are detected.
- Hotjar - by combining both analysis and feedback tools, Hotjar helps website owners understand what users want, care about and interact with on their website by visually representing their clicks, taps and scrolling behavior.
- Zendesk Chat (formerly Zopim) - lets website owners chat with customers and give them real-time support.
- DoubleClick - a subsidiary of Google which develops and provides Internet ad serving services.
- Twitter Advertising - enables website owners to track and measure the actions users take after viewing or engaging with ads on Twitter.
- Facebook Advertising - lets website owners measure, optimise and build audiences for advertising campaigns.
- LinkedIn Analytics – enables website owners to promote their company updates to targeted audiences on desktop, mobile, and tablet.
Most browsers accept and maintain Cookies by default. Check the ‘Help’ or ‘Settings’ menu of your browser to learn how to change your Cookie preference. You can choose to decline Cookies while at our Website, but this may limit your ability to access certain areas of the Website.
Alternatively you may wish to visit an independent source of information, www.aboutcookies.org, which contains comprehensive information on how to delete Cookies from your computer as well as more general information about Cookies. For information on how to do this on the browser of your mobile phone you will need to refer to your handset manual or network operator for advice.
9. External Links
The Website and App may contain links to other websites on the Internet that are owned and operated by third parties (the "External Sites"). These links are provided solely as a convenience to you and not as an endorsement by DIFC of the contents on such External Sites. You acknowledge that DIFC is not responsible for the availability of, or the information and content of any External Site. You should contact the site administrator or webmaster for those External Sites if you have any concerns regarding such links or the content located on such external Sites. If you decide to access linked third party websites, you do so at your own risk. DIFC does not accept any liability, and shall not be liable to you for any loss or damage arising from or as a result of your acting upon the content of another website to which you may link from the Website or App.
If you have any questions, comments and requests related to this Policy, or if you have any complaints related to how DIFC processes your personal data, please contact the Commissioner of Data Protection’s Office.