Legal

ADGM Privacy Notice

This Privacy Policy describes how X12 Capital Limited, a company registered in the ADGM, Abu Dhabi, UAE with registered address Floor 24th Floor, Al Khatem Tower, ADGM Square, Al Mariyah Island, Abu Dhabi, UAE and our group companies, subsidiaries and affiliates (“we”, “us”, “our”) shall usually be the controller of your data and may collect, use and share Personal Data (as defined below) that is provided to us and details how and why we collect, store, use and share your Personal Data. Terms used in this Privacy Policy not defined herein, shall have the same meanings ascribed to them in our website terms and conditions or the ADGM Data Protection Regulations 2021 (“DPR”).

This Privacy Notice applies to the following individuals (“you”):

  • Our past, present and prospective customers.
  • Prospective employees.
  • Website users.
  • Anyone involved in any transaction or interaction with us, whether it is in your personal capacity or as a representative of a legal entity (for example, director, a company manager, agent, legal representative, operational staff, other authorized representative, etc.);
  • Our advisors, suppliers, business partners, consultants or secondees.

By accessing our website, you are accepting the terms of this Privacy Policy and are consenting to our collection, use, disclosure, retention and protection of your Personal Data as described in more detail herein.

We may amend this Privacy Policy from time to time at our sole discretion, this could be for a number of reasons including (but not limited to) to meet changes in the regulatory environment, business needs, or to satisfy the needs of our regulatory bodies and service providers. Any changes we make to this Privacy Policy will be posted on our website without any prior notice to you and date stamped so that you are always aware of the latest update. You should check this page from time to time to ensure you are happy with any changes.

By continuing to access our website or interact with us, you are accepting the terms of this Privacy Policy in full.

Data Protection Principles

We comply with the DPR. This ensures your Personal Data is:

  1. Used in accordance with the DPR and in accordance with your rights pursuant to the DPR.
  2. Used lawfully, fairly and in a transparent manner.
  3. Collected or used only for legitimate purposes that we have explicitly and specifically explained to you at the time of collection and not collected or used in any way that is incompatible with those purposes.
  4. Relevant to the purposes we have told you about and limited only to those purposes.
  5. Accurate and, where necessary, kept up to date including via erasure or rectification.
  6. Kept only as long as necessary for the purposes we have told you about.
  7. Kept securely.

Obtaining Personal Data

We collect Personal Data from individuals or their authorised representatives. There are several ways in which we collect this data, including (but not limited to) through the following methods:

  1. email and telephone contact with us;
  2. web-based conference or video calls with us;
  3. onsite visits or other meetings that take place with us in person;
  4. use of our website, including applications, surveys, online forms and systems available on our website;
  5. in connection with recruitment or employment;
  6. correspondence and other documents (hand delivered or sent to us by post or courier);
  7. engagement with governments, regulators, official bodies, authorities and organisations; and
  8. contracts and commercial deals we sign or discussions held in relation to them.
  9. from publicly available sources of from third parties, most common where we need to conduct background checks about you.

Our website is not targeted, intended or expected to be of use to children. Apart from providing information for specific services or purposes, as directed by AGDM processes, user-provided contributions of content or contact information regarding or about children are expressly prohibited.

We expect anyone who provides us with Personal Data to do so in compliance with all applicable laws including the DPR.

In some circumstances we may collect Personal Data about individuals from third parties in the course of:

  1. receiving other documents (such as tender, teaser or other such business and commercial documents that may contain Personal Data);
  2. recruiting our employees and engaging contractors or service providers. "Personal Data" includes any data which may be used to identify or contact you, including but not limited to, your name, telephone number, email address and/or other data which may be necessary for you to contact us and/or receive information from us. Personal Data shall not include aggregated data or data that, by itself, does not permit the identification of individual persons.

We will only gather Personal Data that is relevant for the purposes for which we need it and/or which you have provided it and do not gather excessive or unnecessary personal data and/or Personal Data about you.

Kindly note that we may retain a copy of your Personal Data where required for compliance reasons.

Collection Of Personal Data

The Personal Data we may collect from or in relation to you includes for example:

  • information establishing your identity (for example your name, address, email address, date of birth, passport, photograph).
  • documents to verify information supplied to us, such as bills issued by third parties or endorsements issued by employers or institutions such as banks.
  • reference checking information obtained via third parties such as credit reference agencies, and sanctions lists;
  • financial information (for example, bank account details);
  • information provided so that we are able to fulfil our regulatory compliance obligations including anti-money laundering and “know your client” checks (for example the information establishing your identity as set out above);
  • information you provide when you enter into any agreement or provide other documentation or information in respect of your interactions with us, or when you use our services;
  • any information you independently choose to provide to us (for example, if you send us an email or call us);
  • information relating to your use of our website (for example, domain name, IP address and cookies) or information you provide when you register for alerts and subscriptions and when you report a problem with any of our website services;

Purposes Of Processing And Legal Basis

As required by the Applicable Data Protection Law, our legal grounds, or “lawful basis”, for processing Personal Data include the following:

  • When we have a legitimate interest in processing data about you to operate our business or protect our interests (e.g., to provide, maintain, and improve our services, conduct data analytics, and communicate with you).
  • To comply with our legal obligations (e.g., collecting due diligence information and documents to comply with the Financial Services Regulatory Authority (“FSRA”) Anti Money Laundering Rules).
  • When we have your consent to do so (e.g., when you opt in to receive marketing communications from us). When consent is the legal basis for our processing data about you, you may withdraw such consent at any time by contacting us using the details in the ‘Contact data’ section below.

Our Use Of Your Personal Data

We may use the Personal Data we collect about you to provide you with a personalized experience when you visit our website, to contact you about our company, events and/or other promotional/adverting purposes, for market research, data base building, to maintain and improve our website services as well as to develop new features to improve customer experience and support, authenticate users and send administrative messages. We may conduct data analysis, testing, research, to monitor and analyse usage and activity trends and to detect, prevent, mitigate and investigate fraudulent or illegal activities.

When you sign up with us to receive news or information relating to us or updates to our website(s) (for example: alerts or media releases), we will collect and Process your Personal Data to use in providing that news or information to you. If you would like to withdraw your consent to receiving these communications, you can contact us at any time.

We also collect and Process the Personal Data of individuals acting in their capacity as representatives of their organisations during their professional engagement with us. We may do this via online surveys or submissions, emails, general enquiries via our website(s) or verbal communications with us. Where you have asked to receive news or information from us or where we have collaborated in a commercial capacity, we will use the contact details you provide, such as your name, title, company and email address, for that purpose.

We will sometimes use the contact details of those with whom we have a relationship in their capacity as representatives of their organisation, to communicate with them or to provide them with information relevant to their relationship with us. We will also use the Personal Data you provide to us for the above purpose to ensure any activities are carried out in an appropriate and safe manner, and in accordance with agreed contracts and applicable law and regulations.

As part of any recruitment process we will collect and Process the Personal Data of candidates at various stages. This includes personal details, family details, resume information and interview records. The legal basis for Processing this Personal Data is our legitimate interest in screening and evaluating candidates to work at X12 Capital Limited or any of its group companies or subsidiaries, as well as for the purposes of entering into a contract prospectively in due course. Information collected as part of the recruitment process will be shared with external parties on a ‘need to know’ basis – which includes but is not limited to governmental national security agencies for obtaining security clearances; immigration department for processing visas; medical entities conducting medical checks on prospective staff and any 3rd parties that we may engage to assist us with any of these processes.

We collect Personal Data only where it is relevant to and necessary for specified, explicit and legitimate purposes determined at the time of collection.

Generally, we Process Personal Data on one or more of the grounds set out in Section 5 of the DPR The legislation published and/or administered by ADGM can be found here: ADGM laws and regulations.

Under certain circumstances, we may also collect special categories of Personal Data. “Special Categories” of particularly sensitive Personal Data require higher levels of protection. We will only process Special Categories of Personal Data when we have a justification for collecting, storing, and using this type of Personal Data. We have in place an appropriate policy document, where necessary, and safeguards in compliance with the Applicable Data Protection Law. We are likely to process Special Categories of Personal Data in limited circumstances where:

  • we have your explicit written consent;
  • it is necessary to comply with the applicable law in relation to anti-money laundering or counter-terrorist financing obligations or the prevention, detection, or prosecution of any crime;
  • it is required for the performance of a contract or prior to entering into a contract;
  • it is necessary for the compliance with specific requirements pursuant to applicable law.
  • We do not usually ask for any Special Categories of Personal Data from individuals, except in the following circumstances:
    1. in relation to the issuance of visas and facilitation of immigration services; and
    2. hiring employees and engaging with our employees.
    3. We envisage that we may hold information about criminal convictions. We will only collect Personal Data about criminal convictions if it is appropriate given the nature of the role and where we are legally able to do so. For example, to determine whether you are suitable to be our employee.

Sharing Personal Data

We may share Personal Data in the following circumstances:

  1. to our third-party professional advisors, service providers, agents, subcontractors and other organisations for the purposes of providing services to us or to you on our behalf, who are under a duty of confidentiality with us;
  2. professional advisors and service providers to the extent that they need access to such information for the purpose of or in connection with Processing your Personal Data;
  3. any person to whom information is required or requested to be disclosed by any governmental, taxation or other regulatory authority or similar body or pursuant to any applicable law or regulation; and
  4. third parties in an aggregated and/or anonymized form which cannot reasonably be used to identify you.

We may also share your Personal Data with our group companies, affiliates and subsidiaries for internal reasons, primarily for business and operational purposes.

By using our website or interacting with us in any way you agree that you consent to the sharing of Personal Data as detailed above. In other cases, we may be compelled to disclose Personal Data due to a mandatory legal obligation or by order of a court or other adjudicatory body or tribunal of competent jurisdiction.

We may share your Personal Data with any other person if we notify you and obtain your consent to the disclosure. We do not generally rely on consent as our processing reason. However, if we do so, we will provide you with full details of the information that we would like and the reason we need it so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your relationship with us that you agree to any request for consent from us.

To withdraw your consent, please contact us using the email provided below in the ‘Contact Data’ section. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so under an applicable law.

Your Personal Data may be processed by us, our subsidiaries and those other parties described above, outside of the ADGM. Where the ADGM Commissioner of Data Protection has not issued an adequacy decision in relation to the jurisdiction where your Personal Data is processed, we will ensure that there are adequate mechanisms in place to protect your personal information in accordance with applicable data protection and privacy law.

To comply with our regulatory obligations, we may also disclose Personal Data to relevant government, supervisory and judicial authorities such as:

  • Public authorities, regulators and supervisory bodies in the countries in which we operate.
  • Tax authorities may require us to report customer assets or other Personal Data such as your name and contact details and other information about your organisation; for this purpose, we may process your identification data such as national identifier in accordance with applicable law.
  • Judicial/investigative authorities such as the police, public prosecutors, courts and arbitration/mediation bodies on their express and legitimate request.

Links To Other Websites

Our website may from time to time contain links to and from other websites/platforms. This includes websites/platforms owned or controlled by independent parties not controlled or authorized by us. If you follow a link to any of these websites/platforms please note that these websites/platforms have their own privacy policy, data collection practices and security measures and we do not accept any responsibility or liability for these policies. Please ensure you check these policies before submitting any personal data.

Data Choices

As a data subject, you have a number of rights with regard to your Personal Data. You have the right to request to access and rectify your data as well as for it to be erased and to restrict the processing of your data in certain circumstances.

You also have the right to lodge a complaint with the ADGM Commissioner of Data Protection (further details below) if you feel that we have not complied with our obligations under applicable data protection law regarding how we deal with your Personal Data.

Your rights pursuant to Applicable Data Protection Law amongst others:

  • Request access to your personal information (commonly known as a "Data Subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully Processing it.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us to continue to Process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to Processing (see below).
  • Object to Processing of your Personal Data. You have the right to object where we are Processing your personal information for direct marketing purposes.
  • Request the restriction of Processing of your personal information. This enables you to ask us to suspend the Processing of personal information about you, for example, if you want us to establish its accuracy or the reason for Processing it.
  • Data portability enables you to receive or request transfer of the data you have provided us in a structured, commonly used and machine-readable format.
  • Object to automated Processing, including profiling which produces legal or other seriously impactful consequences concerning you.

We may need to request specific Personal Data from you to help us confirm your identity and ensure your right to access the Personal Data (or to exercise any of your other rights). This security measure ensures that Personal Data is not disclosed to an unauthorised person.

You will not have to pay a fee to exercise your rights . However, we may charge a reasonable fee if your request for access is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances, where permitted by law.

If you wish to exercise any of the rights set out under the DPR, please contact data.protection@adgm.com

Note: your right of access can be exercised in accordance with DPR and other applicable laws. There are circumstances where we may not be able to comply with your request, such as where we have a legal duty to retain Personal Data. You may send requests about Personal Data to our email address provided above. You can request to change contact choices, opt-out of our sharing with others, and update your Personal Data at any time.

Note that if you choose to 'opt-out', withhold, block or request that we delete your Personal Data, you may not be able to receive the benefit of any information we may want to share with you.

It is important that the Personal Data we hold about you is accurate and, where necessary, kept up to date. Please keep us informed if your Personal Data changes during your working relationship with us and respond promptly to our request for updates of your data.

In some cases, we are legally required to collect Personal Data, or your Personal Data may be needed before we may perform certain services and provide certain products. We undertake to request only the Personal Data that is strictly necessary for the relevant purpose. Failure to provide the necessary Personal Data may cause delays or lead to refusal of certain products and services.

Storing Your Data

By submitting your Personal Data, you agree to its transfer, storing and processing in accordance with this Privacy Policy. We will take all steps reasonably necessary to ensure that your data is treated securely, in accordance with your rights and in accordance with this Privacy Policy. The Personal Data that we collect from you may be securely transferred to and securely stored on our databases, located on our secure servers in the UAE.

Data Retention

We Process Personal Data for such periods as is necessary for the purposes set out in this Privacy Policy, unless a longer period for the retention of Personal Data is required by law.

We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

Personal Data Processed based on consent will be retained for the period specified in the consent, or where not specified, until you withdraw your consent. We have a Retention Policy which outlines the applicable periods.

In the case of unsuccessful candidate CV’s, we will only retain these for a period of one year after receiving them, in case an alternative suitable position arises.

Security

We maintain commercially reasonable safeguards to ensure your Personal Data is protected and used in accordance with this Privacy Policy. Only those authorized individuals who have a need to know your Personal Data shall have access to such information.

In addition, however, it is also important for you to implement sufficient safeguards to protect yourself from any unauthorized access to the device you are accessing our website form.

We take precautions to protect your Personal Data but unfortunately, the transmission of any information over the internet is not completely secure. Although we will do our best to protect your Information, we cannot guarantee the security of your Information transmitted to our website and any transmission is at your own risk. We shall not collect, use, disclose or transfer your Personal Data except as described in this Privacy Policy unless you give us your permission to collect, use, disclose or transfer it for other purposes.

Cookies

We may use cookies, web beacons, unique identifiers and similar technologies to collect data about the pages that you view, the links that you click and other actions you may take on our website.

We use different types of cookies on our website for different reasons, but we primarily use cookies for technical reasons to improve the user experience, or for analytics of website traffic. Cookies can improve the user experience, for example, by storing user preferences about our website.

The data we collect using cookies helps us understand our customers better so that we can provide a more focused user experience. By using the knowledge of your previous visits to our website we can enhance your subsequent visits by suggesting content to match your requirements.

You can typically remove and reject cookies from our website with your browser settings. Many browsers are set to accept cookies until you change your settings. If you remove or reject our cookies, it could affect how our website works for you and you may not be able to access or use certain areas of our website or receive full functionality.

Contact Data

We have appointed a Data Protection Officer (DPO) who oversees data privacy and data protection compliance for us and advises us on our data protection obligations. The DPO acts as our contact point with the ADGM Office of Data Protection.

Should you have any concerns about our Privacy Policy, you can contact us on the following details, with a description of your concern and we will try to resolve it:

Email: dataprotection@x12capital.com

Address: Unit 1, Floor 24, Al Khatem Tower, Adgm Square, Al Maryah Island, Abu Dhabi, United Arab Emirates

You have the right to make a complaint at any time to the ADGM Commissioner of Data Protection, which is the relevant authority that safeguards your interests.

Contact Details:

  • Email: dataprotection@x12capital.com
  • Telephone: +971 23338888
  • Address: ADGM Commissioner of Data Protection ADGM Authorities Building, ADGM Square, Al Maryah Island, PO Box 111999, Abu Dhabi, UAE
Back to Disclaimers