The protection of privacy and the safeguarding of your personal information including Personal Data is our highest priority. We respect your privacy rights and are strongly committed to protecting your privacy. In this Policy “we”, “us” and “our” means GTN Middle East [GTN ME] and “you”, “your”, “the user” means the individual or an authorised representative of a legal entity who accesses or uses this Site from anywhere in the world. In the course of providing financial Products and Services, we collect and maintain certain Personal Data when you use our Site, in order to enter into a transaction or open an account with us.
This Policy explains how we collect and protect your Personal Data. We ensure that any Personal Data obtained from you is not used or disclosed unless we have obtained your consent for such disclosure. By opening an account or by using our Site, you give your consent to the collection, use and the disclosure of Personal Data by us in accordance with this Policy and other agreements (if any) you have entered with GTN ME.
means a legal entity that controls, is controlled by or is under common control with another legal entity, but only while that control relationship exists. To “control” means the direct or indirect ownership or power to control more than 50% of the issued shares or other securities of an entity or of the voting rights attached to the issued shares or other securities of such entity; or the power to control, directly or indirectly, the appointment of more than 50% of any board of directors or governing body of such entity.Controller
means any person who alone or jointly with others determines the purposes and means of the Processing of Personal Data.Data Subject
means an identified or identifiable natural person to whom Personal Data relates.
means the Data Protection Law No. 5 of 2020 of the DIFC
means any information referring to an identified or identifiable natural person” i.e. a Data Subject.
means the entity/any person that processes Personal Data on behalf of a Controller.
means the financial products made available to you by GTN ME and/ or its Affiliates.
means the services made available to you through our Site.
Collection of personal data
We collect your Personal Data through our Site when you log in to the Site. You may also provide Personal Data to us when you subscribe for any Products or Services or when you fill in account opening applications (whether written or electronic) or when we conduct Know Your Client (‘KYC’) and Customer Due Diligence checks upon you or when you provide Personal Data in any other form.
Personal Data we collect may include information required to communicate with you and would generally consist of the following information:
Identification information (passport, identity card or other form of Identification information),
Information about your intended transactions with us and other related information,
Information about transactions you enter into through our Site in order to assess your trading experience,
Your approximate annual income and approximate net worth to assess your financial position and suitability for entering into transactions with us,
Bank details or details of your investments with other financial services providers
- Purpose of collecting personal data
We may use the information collected from you for the following purposes:
- To establish and verify your identity and contact information,
- To establish and set up your trading account,
- Issue an account number and a secure password,
- To monitor your account activity and contact you with account information,
- To personalize and continually improve the Services,
- To customize your browsing experience and inform you about additional Products, Services or promotions that may be of interest to you.
How long we keep your Personal Data
We keep your Personal Data only so long as we need it to provide services to you and fulfill the purposes described in this policy.
This is also the case for anyone with whom we share your information and who carries out services on our behalf.
We may also retain your Personal Data after the closure of the account or if your application is declined or abandoned for as long as we require in order to comply with legal and regulatory requirements and for our legitimate business purposes. We will ordinarily retain your information for six (6) years or as otherwise required by the Dubai International Financial Center (‘the DIFC’) and the Dubai Financial Services Authority (‘the DFSA’) Law, Rules and Regulations.
Disclosure of Personal Data
We may share your Personal Data with our Affiliates and third parties for the purposes of providing you with Products and Services. For example, we may share your Personal Data in order to process transactions for your account, execute your trades on an exchange, and manage and administer your account or we may share your Personal Data with any of our service providers as required by them enabling them to provide their services to you. Furthermore, these service providers may only use your Personal Data in accordance with our mandate.
Our Affiliates will deal with your Personal Data in the same way as described in this privacy statement. GTN ME may disclose the information to GTN ME’s agents, counterparties such as bankers, custodians, broker-dealers, exchanges, and sub- contractors as necessary in order to provide the Services to you.
We may be obliged to disclose your Personal Data in certain circumstances for legal or regulatory reasons, including but not limited to instances where we are required to disclose the information in accordance with the laws and regulations of the DIFC and the DFSA or any other applicable regulations.
We may also disclose your Personal Data as necessary to perform credit checks, collect debts, enforce our legal rights or protect our interests and property.
Data Security, Safety of Personal Data
We have taken appropriate steps to ensure the security of any Personal Data that we collect and held by us, including limiting the number of people who have physical or network access to our database servers.
A secure http/ communication channel ensures the security of data communications made through our Site. Your Personal Data is protected during transmission by using Secure Sockets Layer (SSL) software, which encrypts Personal Data transmitted to us. Furthermore, a 128-bit key, the most secure form of commercially available encryption, is used to ensure the security of your transactions. We also provide you with a unique username and password to access your account information online. You are responsible for keeping this password confidential.
Transmission of information via the internet is not completely secure. Although, we have implemented systems and processes to protect your Personal Information, no data transmission over the Internet can be guaranteed to be completely secure. Accordingly, transmission of data should be done at your own risk.
We assume no responsibility for loss of whatever nature, howsoever arising and/or resulting from computer viruses, trojans, worms or equivalent or similar items which are beyond our control.
Data Subject rights under DPL
We are committed to fulfilling our obligations concerning the exercise of your rights under DPL as a Controller or sometimes as a Processor. As a Data Subject, you will have the following rights under DPL):
The right to request access to personal data or restriction of processing or to object to processing and rectification.
The Right to erasure (i.e. the right to be forgotten): means that the Data Subject has the right to erasure of his/ her personal data without undue delay, as well as the cease of further data dissemination. To the extent that it is required by the regulatory bodies or under the applicable laws, we may continue to store the personal data despite Account Holder/ Client’s request to erasure.
The right to data portability – i.e. the Data Subject has the right to receive their personal data from the Controller and the right to transmit that data to another controller where technically feasible.
The right to lodge a complaint with the Commissioner of Data Protection, of the Dubai International Financial Center.
Processing, Storage and transfer of Personal Data
Rights under General Data Protection Regulations (GDPR)
If you are a Data Subject in a European Union country, subject to the other terms already specified in this policy, we are committed to fulfilling our obligations concerning the exercise of your rights under GDPR as a Data Controller or sometimes as a Data Processor as applicable.
We may record and monitor any telephone calls made to us or received by us to maintain our service standards, to check instructions, for compliance purposes and otherwise for your protection and ours.
Links to other websites
Our Site may contain links to other websites. Please be aware that we are not responsible for the privacy practices of such other websites.
If the use of the websites of other third parties/ service providers is associated with the collecting, processing and use of Personal Data, please refer to the data protection notes of the respective third-party websites.
We reserve the right to change this Policy at any-time by posting revisions on this site. Such changes will be effective upon posting. We advise you to check our site frequently to review any changes to this Policy.
Contact Point for data protection enquiries or exercising Data Subject Rights
Notification of Personal Data breaches
We will notify you as soon as practicable in the circumstances, when a Personal Data Breach is likely to result in a high risk to the security or your rights. We shall promptly communicate with you if there is an immediate risk of damage to you.
Governing Law and Jurisdiction
Parties agree that the governing law of this Policy or other agreements entered with MFS is the DIFC law and the Parties submit to the jurisdiction of the DIFC courts, in Dubai, U.A.E.