Privacy Policy – Applicants and Members

 

WHO WE ARE

DMCC is a government entity established in 2002 to enhance commodity trade flows. We provide a centre for trading international commodities and we regulate, promote and facilitate trade across a range of goods from gold, diamonds and precious metals to tea, food and industrial materials in a recognized trade Free Zone in the UAE.

Our head office is at: Almas Tower, Jumeirah Lakes Towers, PO Box 48800 Dubai, United Arab Emirates. You can contact us by email at  data@dmcc.ae in relation to any matters pertaining to this Privacy Policy.

DMCC is a data controller of Personal Information (as defined below) collected for the Member Purpose (as defined below).

In this Privacy Policy, references to “we”, “us” or “our” means DMCC. References to “you” and “your” are to Applicants and Members (both as defined below.)

 

APPLICATION

Personal Information is information relating to you, which can be used to personally identify you (either directly or indirectly).

This Privacy Policy describes how we collect, use and otherwise handle Personal Information that you provide or make available to us, or that we collect from you, when:

  • considering your application to become a registered and/or licensed company in the DMCC Free Zone (Applicants); and
  • any subsequent formation and registration of company and/or grant of trade license permitting you to operate in the DMCC Free Zone is approved (Members),

and explains the circumstances in which we may transfer this to others.  

 

COLLECTION AND USE OF PERSONAL INFORMATION

1.    Information that we collect

The types of information that we may collect from you includes:

a.    your name;
b.    your email address;
c.    your address (business and personal);
d.    your landline and mobile telephone numbers (business and personal);
e.    any other information that you choose to provide to us when filling out a contact form;
f.    your geographic location (country/territory where you are living and/or working);
g.    your job title, role and the name of your employer;
h.    the industry sector in which you work;
i.    the country or countries, industry sector(s) and area(s) of our services in respect of which you wish to receive communications (where you have registered on our user portals); and
j.    Personal Information in respect of other individuals associated with you.

2.    How we use your Personal Information

Member Purpose - we collect your Personal Information, which you choose to provide as an Applicant for the purposes of assessing whether you meet suitable DMCC governance criteria in order for your application to be confirmed as a Member, and on an ongoing basis (in the event that your application to become a Member is approved) to ensure our Members can avail of their rights, entitlements and benefits as Members. We may use this Personal Information to respond to your queries, and/or provide the services and/or information that you have requested.

Our Business Purposes - we may also use your Personal Information for our business purposes such as:

  • record keeping, statistical analysis, internal reporting and research purposes;
  • to ensure network and information security;
  • to notify you about changes to our services;
  • to investigate any complaint you make;
  • to provide evidence in any dispute or anticipated dispute between you and us;
  • to customise various aspects of our services to improve your experience;
  • for the detection and prevention of fraud and other criminal offences and for risk management purposes;
  • for business and disaster recovery (e.g. to create back-ups);
  • for document retention/storage;
  • for database management;
  • to protect the rights, property, and/or safety of DMCC, its personnel and others; and
  • to ensure the quality of the services we provide to our users.

In addition, we may use your Personal Information for additional specific purposes made clear at the point of collection.

If you choose not to provide Personal Information requested by us, we may not be able to provide you with the information and/or services you have requested or otherwise fulfil the purpose(s) for which we have asked for the Personal Information.

3.    Legal grounds for collection and use of Personal Information

We rely upon your consent to process your Personal Information in relation to the Member Purpose. In other cases, we process your Personal Information where we need to do so:

  • to comply with our legal and regulatory obligations;
  • for the performance of a public task;
  • for our legitimate interests in:

     -    responding to your queries;
     -    providing services and/or information to you;
     -    our internal Business Purposes, as set out in 2 above.

You can object to processing based on our legitimate interests at any time by contacting us at  data@dmcc.ae .  See also “Your Rights” section below.

We consider the risk to your rights of data protection in connection with personal data that we process on the basis of our legitimate interests is not excessive or overly intrusive. We have also put in place protections for your rights by ensuring proper retention periods and security controls.

4.    Information from other sources

Where permissible under applicable local laws, we may combine information that you have provided to us with other information that we already hold about you and which we have collected for a compatible purpose.

 

SHARING INFORMATION WITH THIRD PARTIES

Some services that we provide require the involvement of third parties. We have carefully selected these third parties and taken steps to ensure that your Personal Information is adequately protected.

1.    Sharing with Service Providers

When DMCC would like to use your Personal Information for a new purpose, we will let you know about this first.

We share your Personal Information with our third party service providers based both inside and outside of the European Economic Area (EEA) and the United Arab Emirates (UAE) who we engage to provide support services in relation to the Member Purpose. This includes for the purposes of: assessing certain corporate information and data provided by Applicants, to confirm whether this information is accurate and to carry out the requisite compliance checks, in order to ensure that Applicants are fit and proper to be considered for the application process ahead of becoming a Member, and on an ongoing basis to ensure they are fit to remain a Member; providing data storage; assisting us with database management, and in order to assist us with related tasks or processes.
All of our service providers are bound by written contracts to process personal data provided to them only for the purpose of providing the specific service to us and to maintain appropriate security measures to protect your Personal Information.

2.    Sharing with other third parties

We share your Personal Information with:

  • our accountants, auditors, lawyers or similar advisers when we ask them to provide us with professional advice;
  • any other third party if we are under a duty to disclose or share your Personal Information in order to comply with any legal obligation, or to protect the rights, property and/or safety of DMCC, our personnel or others;
  • any other third party for the purposes of acting in accordance with the requirements of a court, regulator or government agency, for example, complying with a search warrant or court order or acting in accordance with an applicable law or regulation; or
  • investors and other relevant third parties in in the event of an actual potential sale or other corporate transaction related to DMCC.

 

INTERNATIONAL TRANSFERS

The transfer of your Personal Information to third parties may involve your Personal Information being sent outside of the EEA, to locations that may not provide the same level of protection as those where you first provided the information.

However, we will only transfer your Personal Information outside of the EEA:

  • where the transfer is to a place or by a method or in circumstances that is regarded by the European Commission as providing adequate protection for your Personal Information;
  • where we have put in place standard data protection clauses adopted by the European Commission or a relevant data protection authority; or
  • where none of the above apply but we are still legally permitted to do so, for example if the transfer is necessary for the establishment, exercise or defence of legal claims.

You can request further detail about the safeguards that we have in place in respect of transfers of Personal Information outside of the EEA by contacting us at  data@dmcc.ae.

 

STORING PERSONAL INFORMATION

It is our policy to retain your Personal Information for the length of time required for the specific purpose or purposes for which it was collected. However, we may be obliged to store some Personal Information for a longer time, taking into account factors including:  

  • legal obligation(s) under applicable law to retain data for a certain period of time;
  • statute of limitations under applicable law(s);
  • (potential) disputes; and
  • guidelines issued by relevant data protection authorities.

Whilst we continue to process your Personal Information, we will ensure that it is treated in accordance with this Privacy Policy. Otherwise, we securely erase your information once this is no longer needed.

If you would like to find out how long we keep your Personal Information for a particular purpose you can contact us at  data@dmcc.ae.

 

SECURITY

We employ appropriate security measures to help protect your Personal Information and guard against access by unauthorised persons. Information storage is on secure computers in a locked and certified information centre. We undergo periodic reviews of our security policies and procedures to ensure that our systems are secure and protected. However, as the transmission of information via the Internet is not completely secure we cannot guarantee the security of your information transmitted to us.

 

CONFIDENTIALITY

We acknowledge that the information you provide may be confidential. We do not sell, rent, distribute or otherwise make Personal Information commercially available to any third party, except that we may share information with our service providers for the purposes set out in this Privacy Policy. We will maintain the confidentiality of and protect your information in accordance with our Privacy Policy and all applicable laws.

 

YOUR RIGHTS  

The following section explains your rights. The various rights are not absolute and each is subject to certain exceptions or qualifications. We will grant your request only to the extent that it follows from our assessment of your request that we are allowed and required to do so under data protection laws. Nothing in this Privacy Policy is intended to provide you with rights beyond or in addition to your rights as a data subject under data protection laws.

You have the right to request access to Personal Information that we may process about you. If you wish to exercise this right, you should:

  • put your request in writing (an email sent to  data@dmcc.ae is acceptable);
  • include proof of your identity and address (e.g. a copy of your driving licence or passport, and a recent utility or credit card bill); and
  • specify the Personal Information you want access to.

You have the right to require us to correct any inaccuracies in your Personal Information free of charge. If you wish to exercise this right, you should:

  • put your request in writing (an email sent to  data@dmcc.ae is acceptable);
  • provide us with enough information to identify you (for example, your name, include proof of your identity and address (e.g. a copy of your driving licence or passport, and a recent utility or credit card bill); and
  • specify the information that is incorrect and what it should be replaced with.

You also have the right to ask us to stop processing your personal data. However, if we do not hold all the data or are not able to process the data we need to administer the Member Purpose, we may not be able to provide you with the information and/or services you have requested or otherwise fulfil the purpose(s) for which we have asked for the Personal Information.

If you wish to exercise this right, you should:

  • put your request in writing (an email sent to  data@dmcc.ae with a header that says 'Stop Processing' is acceptable);
  • provide us with enough information to identify you (for example, your name, include proof of your identity and address (e.g. a copy of your driving licence or passport, and a recent utility or credit card bill); and
  • provide us with full details of the personal data that you wish us to stop processing.

 

CHANGES TO THIS PRIVACY POLICY

This version was last updated on: FEBRUARY 2019

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.