Privacy Notice

    1 July 2021

    This Privacy Notice explains how Index & Cie Limited collects, uses and discloses your personal data, and your rights in relation to the personal data it holds.

    Index & Cie Limited (in this Privacy Notice, “us”, “we” and “our”) is the data controller of your personal data and is subject to the DIFC Data Protection Law (DIFC Law no 5 of 2020) and DIFC Data Protection Regulations (hereafter referred to as the “Data Protection Law”). As a “data controller” we determine how we collect and use the personal information that we obtain from you. “Personal data” means any information that relates to an identified or identifiable individual.

    This Privacy Notice supersedes any previous Privacy Notice or equivalent which you may have been provided with or seen prior to the effective date stated above. We may be required to update or change our Privacy Notice from time to time. If there are any significant changes to the Privacy Notice (e.g. if we decide to use your personal data in a manner different from that stated at the time it was collected), we will notify you by way of email.

    1. Your rights

    In relation to your personal data, and to the extent permitted under the DIFC Data Protection Law, you have the following rights:

    • To withdraw your consent at any time;
    • To obtain access to, and copies of, the personal data that we hold about you;
    • To object to our processing of your personal data under certain circumstances;
    • To require us not to send you marketing communications;
    • To require us to erase your personal data;
    • To require us to rectify your personal data
    • To require us to restrict our data processing activities;
    • To receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another data controller;
    • To require us to correct the personal data we hold about you if it is incorrect; and
    • To non-discrimination if you exercise any rights under the Data Protection Law.

    Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply.

    If you feel that we do not comply with the Data Protection Law, you may lodge a complaint with the DIFC Commissioner of Data Protection.

    Please note that we may require additional information from you to respond to your requests or to confirm your identity.

    2. How we collect your data

    We collect your personal data in a number of ways, for example:

    • From the information you provide to us when you meet us;
    • From information about you provided to us by your company or an intermediary;
    • When you communicate with us by telephone, fax, email or other forms of electronic communication. In this respect, we may monitor, record and store any such communication;
    • When you complete (or we complete on your behalf) client on-boarding or application or other forms;
    • From your agents, advisers, intermediaries, and custodians of your assets; or
    • From publicly available sources or from third parties, most commonly where we need to conduct background checks about you.

    3. The categories of personal data we collect

    We collect the following categories of personal data about you:

    • Your name and contact information such as your home or business address, email address and telephone number;
    • Biographical information which may confirm your identity including your date of birth, tax identification number and your passport number or national identity card details, country of domicile and/or your nationality;
    • Information relating to your financial situation such as income, expenditure, assets and liabilities, sources of wealth, as well as your bank account details;
    • Information about your knowledge and experience in the investment field;
    • An understanding of your goals and objectives in procuring our services;
    • Information about your employment, education, family or personal circumstances, and interests, where relevant; and
    • Information to assess whether you may represent a politically exposed person or financial crime risk.

    4. The basis for processing your personal data (other than with your consent), how we use that personal data and whom we share it with

    4.1. Performance of a contract with you

    We process your personal data because it is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.

    In this respect, we use your personal data for the following:

    • To prepare a proposal for you regarding the services we offer;
    • To provide you with the services as set out in our agreements with you or as otherwise agreed with you from time to time;
    • To deal with any complaints or feedback you may have;
    • For any other purpose for which you provide us with your personal data.

    In this respect, we may share your personal data with or transfer it to the following:

    • Your agents, advisers, intermediaries, and custodians of your assets who you tell us about;
    • Third parties whom we engage to assist in delivering the services to you:
    • Our professional advisers where it is necessary for us to obtain their advice or assistance, including lawyers, , consultants; accountants, IT or public relations advisers;
    • Other third parties such as intermediaries who we introduce to you. We will wherever possible tell you who they are before we introduce you; or
    • Our data storage providers.

    4.2. Legitimate interests

    We process your personal data because it is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.

    In this respect, we use your personal data for the following:

    • For marketing to you. In this respect, see the separate section on Marketing below;
    • Training our staff or monitoring their performance;
    • For the administration and management of our business, including recovering money you owe to us, and archiving or statistical analysis; or
    • Seeking advice on our rights and obligations, such as where we require our own legal advice.

    In this respect we will share your personal data with the following:

    • Our advisers or agents where it is necessary for us to obtain their advice or assistance;
    • With third parties and their advisers where those third parties are acquiring, or considering acquiring, all or part of our business.

    4.3. Legal obligations

    We also process your personal data for our compliance with a legal obligation which we are under.

    In this respect, we will use your personal data for the following:

    • To meet our compliance and regulatory obligations, such as compliance with anti-money laundering, conduct of business, market and tax transparency requirements; or
    • As required by financial service regulators, market authorities, financial intelligence units, tax authorities or any competent court or legal authority.

    In this respect, we will share your personal data with the following:

    • Our advisers where it is necessary for us to obtain their advice or assistance;
    • Our auditors where it is necessary as part of their auditing functions;
    • With third parties who assist us in conducting background checks; or
    • With relevant regulators or law enforcement agencies where we are required to do so.

    5. Marketing

    We will send you marketing about similar services we provide, as well as other information in the form of alerts, newsletters and invitations to events or functions which we believe might be of interest to you.

    We will communicate this to you in a number of ways including by post, telephone, email, SMS, social media or other digital channels.

    If you do not wish to receive our marketing messages, you may unsubscribe from such messages at any time.

    6. Transfer and processing of your personal data outside the Dubai International Financial Centre (“DIFC”).

    When sharing your personal data with third parties as set out in this Privacy Notice, it may be transferred outside the DIFC. In these circumstances, your personal data will only be transferred on one of the following bases:

    • the country that we send the personal data to is approved by the DIFC Data Protection Commissioner as providing an adequate level of protection for personal data;
    • the recipient has provided appropriate safeguards and on condition that your enforceable rights and effective legal remedies for you are available – appropriate safeguards may include standard data protection clauses as adopted by the Data Protection Commissioner;
    • you have explicitly consented to a proposed transfer after being informed of possible risks of such transfer; or
    • the transfer is necessary for the performance of a contract.

    To find out more about transfers by us of your personal data outside the DIFC and the countries concerned please contact us.

    7. Retention of your data

    We will only retain your personal data for as long as we have a lawful reason to do so. In particular:

    • where we have collected your personal data as required by anti-money laundering legislation, including for identification, screening and reporting, we will retain that personal data for six years after the termination of our relationship, unless we are required to retain this information by another law or for the purposes of court proceedings; or
    • otherwise, we will in most cases retain your personal data for a period of six years after the termination of our contractual or other relationship with you in case any claims arise out of the provision of our services to you.

    8. Security

    We are committed to protecting the information you provide us. We have implemented security policies, rules and technical measures to protect the personal data that we have under our control, in accordance with applicable data protection laws. The security measures are designed to prevent unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

    Contact details:

    You can address your queries in regard to this Privacy Notice to our Compliance Department.

    By post: Index & Cie Limited, Index Tower, East Entrance, level 20, P.O. Box 507069, Dubai, United Arab Emirates – Att. Compliance Officer

    By email: compliance@indexcie.com

    By telephone: +971 4563 8500