Last updated: 1st October 2020
This Privacy Notice is provided by GRIP (DIFC) Ltd. (Registration # 3379); (“GRIP”, “we”, “us”, “our”), for and on behalf of itself. This Data Protection Notice has been prepared with reference to DIFC Data Protection Law considerations and will be augmented by jurisdictional specific addendums from time to time.
In the conduct of our business, we collect and use information about living individuals (also known as “Personal Data”), spanning information about our employees, clients, investors, business partners, contractors ultimate beneficial owners, guarantors, beneficiaries, and individual business contacts (all referred to below as “you”, “your”).
We take your privacy seriously. This Privacy Notice describes how and why we collect, store and use personal information, and provides information about the rights of the individuals to whom such personal information relates.
As part of our commitment to protect your Personal Data in a transparent manner, we want to inform you:
- why and how GRIP collects, uses and stores your Personal Data;
- the lawful basis on which your Personal Data is processed; and
- what your rights and our obligations are in relation to such processing.
Please read the following information carefully to understand our views and practices regarding how we handle personal information. If you have any queries about our approach to data protection that are not already addressed in this Privacy Notice, please contact our Data Protection Officer, as per the contact details set out.
This Policy applies to all forms of use of Personal Data (“processing”) in accordance with the DIFC Data Protection Law, DIFC Law No. 5 of 2020, and the Regulations and further guidance thereunder (the “Law”) by GRIP (DIFC) Ltd., as a licensed and regulated firm incorporated in the Dubai International Financial Centre (DIFC).
- What is Personal Data?
Personal Data is any information referring to an identified or Identifiable Natural Person. Identifiable Natural Person means a natural living person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one (1) or more factors specific to his biological, physical, biometric, physiological, mental, genetic, economic, cultural or social identity (and “Identified Natural Person” is interpreted accordingly).
This includes information like your name, (e-mail) address and telephone number but can also include less obvious information such as your attendance at an event, webinar or analysis of your use of our website(s).
Additional protection is afforded under the Law to Special Categories of Personal Data, i.e. Personal Data revealing or concerning (directly or indirectly) racial or ethnic origin, communal origin, political affiliations or opinions, religious or philosophical beliefs, criminal record, trade-union membership and health or sexual orientation and including genetic data and biometric data where it is used for the purpose of uniquely identifying a natural person.
- Why are we collecting Personal Data about you?
We will only hold data about you that is relevant in the context of the business relationship which we have with you and/ or communications to invite you to our events or sharing relevant information with you.
Whether we receive your personal data directly from you or from a third party, we will only use your personal information if we have obtained your consent, or if we have another lawful basis upon which to do so (e.g. for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into such contract; for compliance with a legal obligation on us; to protect your vital interests or those of another natural person; or for our own legitimate interests, or those of a third party, except where such interests are overridden by your own rights or interests).
We may hold information about you if:
- you are a client, a representative of a client, or the beneficial owner of a client
- you are a party or the representative of a party in a matter on which we are advising a client
- we are required to Process your Personal Data in accordance with Applicable Law, for e.g. anti-money laundering laws
- your information is provided to us by a client or others, or we otherwise obtain your information, in connection with the service(s) we are providing a client
- you provide services to us (or you represent a company which provides services to us)
- you attend our seminars, webinars, or events, receive our newsletter updates, or visit our offices or websites
- you are an applicant for a job with us
- you are or were an employee of the firm
- you may have met one of our staff members and have exchanged business cards or contact details
- What Personal Data do we collect about you?
Depending on the purposes, the types of information we Process about you may include:
|Types of Personal Data||Details|
|Individual details||Name, address (including proof of address), other contact details (e.g. email and telephone numbers), gender, marital status, date and place of birth, nationality, employer, job title and employment history, and family details, including their relationship to you|
|Identification details||Identification numbers issued by government bodies or agencies, such as your passport number, Emirates ID or other national identity number, tax identification number, including copies of such government-issued identification document|
|Financial information||Bank account details, income, source of wealth, source of funds or other financial information|
|Engagement details||Information about you which is relevant to a matter on which we are advising you or a client|
|Anti-money laundering and sanctions data||Screening information received from various anti-money laundering, counter-terrorism financing and sanctions databases relating to you|
|Special Categories of Personal Data||Information about your political affiliations or opinions or criminal record, to the extent required for compliance with Applicable Law.|
|Identifiers||Information which can be traced back to you, such as an IP address, a website tracking code or any other information that may be automatically collected through our Website(s) or any other digital communication or network security applications used by us.|
As a policy, we do not normally collect any Special Categories of Personal Data, unless such collection is warranted under specific circumstances.
- Where do we collect your Personal Data from?
We may collect your Personal Data from various sources, including:
- your employer
- your clients and our service providers
- anti-money laundering and counter-terrorism financing databases, sanctions list, court judgements and other databases
- government agencies and publicly accessible registers or sources of information
- by actively obtaining your Personal Data ourselves, for example using website tracking devices
We also process personal data from a range of other sources, which may include, other companies and financial institutions, publicly available sources (e.g. the press, registers of companies or assets, internet websites, including social media platforms like Linked-In) and from providers of business-risk screening services, such as credit reference agencies, anti-fraud databases, sanctions lists and databases of news articles.
- How do we use your Personal Data?
The purposes for which we use and process your personal data are summarised below, together with the specific grounds under data protection law (see the bold bullet points) which allow us to do this:
- For the performance of a contract
It may be necessary for us to process your personal data in order to perform a contract with you relating to our investment banking, wealth management and financial services business, or to take steps at your request prior to entering into a contract. For further details, please refer to your contractual documentation with us.
- For compliance with a legal obligation or acting in the public interest
As a licensed and regulated investment firm, we are subject to a number of statutory and regulatory obligations that may require us to collect, store or disclose personal data, such as for anti-money laundering purposes or to respond to investigations or disclosure orders from the police, regulators, and tax or other public authorities (including outside the DIFC).
- For the purposes of legitimate interests
Where necessary, we process your personal data to serve our legitimate interests or those of a third party (the law permits this only insofar as such interests are not outweighed by your compelling legitimate interests). Cases where we may rely on our legitimate interests to process your personal data include (but are not limited to):
- Know-Your-customer and creditworthiness checks;
- Client and vendor relationship management;
- Business analysis and development of products and services;
- Activities relating to information security and building security, including use of CCTV recording;
- Managing the risks and optimising the efficiency of GRIP operations;
- Recording of telephone lines and monitoring of electronic communications for business and compliance purposes;
- Prevention and detection of financial crime;
- Evaluating, bringing or defending legal claims;
- Marketing and Advertising of GRIP products and services (unless you have objected/unsubscribed);
- Business restructurings.
- On the basis of Your consent
If we wish to process your personal data in a way not covered by the legal justifications above, we would need your consent. Where you give consent, you are entitled to withdraw it at any time. Note that withdrawing your consent does not render our prior handling of your personal data unlawful and that it might have an impact on our ability to continue to provide our services in the same way in future, as illustrated below.
There are some categories of personal data which the law deems so sensitive that we generally need an individual’s consent to be able to store and use it. Information about a person’s health or religious beliefs are examples. If you voluntarily provide us with such information in circumstances where this could be relevant to the financial products and services we offer you (as could be the case for appropriate investment planning or insurance cover) or for broader relationship management purposes, we will take it that this constitutes your consent to use this information as appropriate. You could withdraw that consent, but it may hamper our ability to ensure you receive the most suitable advice for your circumstances.
- Who might we share your data with?
Where necessary to fulfil your instructions to us and for the other purposes outlined above, we may share information about you with a range of recipients including (but not limited to) the following: credit reference agencies, background screening providers, financial institutions, funds, payment recipients, payment and settlement infrastructure providers, exchanges, regulators, courts, public authorities (including tax authorities), and service providers, professional advisors, auditors, insurers and potential purchasers of elements of our business. These recipients could be located outside the UAE.
Depending on the scope of our professional services, we may require the assistance of various external professional service providers, based in or out of the DIFC.
We use the support services of various external companies to help us run our business efficiently. Some of these services may involve the service provider Processing your Personal Data.
Where we use external companies to market, advertise our services, products and organise or host events for us, we may need to provide these service providers with your Personal Data.
We may share your Personal Data with other third parties, such as relevant regulators or other authorities, where we are required to do so to comply with legal or regulatory requirements.
The use of these external service providers may involve the service provider receiving your Personal Data from us, and some transfers of Personal Data may be made to countries or jurisdictions with data protection or privacy laws that are not adequate in comparison with the Law.
In each case where we share your Personal Data with other parties, whether or not in an adequate jurisdiction (as defined by the DIFC Commissioner of Data Protection), we take appropriate measures and ensure that the relevant party is contractually required to keep such Personal Data safe, secure and confidential in accordance with the minimum standards under the Law.
- Will We transfer Your data to other countries?
We will only disclose information about you as permitted under the contractual terms we have in place with you, data protection law and client confidentiality obligations. GRIP and its clients are active globally and thus information relating to you may, in line with the purposes described above, be transferred outside the DIFC.
However, such transfers will only be made where permitted by DIFC law. If GRIP uses service providers outside the DIFC, it will require them to apply sufficient protection to personal data.
- How long will we keep your data for?
In general terms, we retain your personal data as long as necessary for the purposes for which we obtained it. In making decisions about how long to retain data we take account of the following:
- The termination date of the relevant contract or business relationship;
- Any retention period required by law, regulation or internal policy;
- Any need to preserve records beyond the above periods in order to be able to deal with actual or potential audits, tax matters or legal claims.
- Will we use your data for marketing and/or profiling purposes?
We may use your personal data to give you information about products and services offered by us or GRIP affiliates that we believe you may be interested in receiving. Where we consider it appropriate, and so far as compliant with marketing laws, we may contact you in this regard by email or telephone. We refer to your right to object to marketing activity in the next section.
“Profiling” in the context of this notice is the use of an automated process to analyse personal data in order to assess or predict aspects of a person’s behaviour. We may use profiling in the following circumstances:
- To help identify potential cases of financial crime;
- To provide You with information on GRIP products and services that seem likely to be of interest;
- To assess creditworthiness (where automated credit scoring based on a mathematically and statistically recognised and proven procedure assists us with our decision making and ongoing risk management)
We operate a email mailing list program, which we use to inform clients and other contacts about our products, services, and events. Such marketing messages may contain tracking technologies in order to track subscriber activity relating to engagement, demographics and other data, and to build subscriber profiles. We use this as a means by which to undertake direct marketing.
If you would like to cease receiving marketing materials from us at any time, please let us know directly. You can also change your preferences for receiving our marketing emails from us at any time, and you can unsubscribe by following the instructions specified in our marketing emails.
- What data protection rights do You have?
Subject to certain exceptions and limitations, by law you may have the right to:
- Request access to your personal data. This enables you to receive a copy of the personal data we hold about you.
- Request rectification of the personal data that we hold about you. This enables you to have incomplete or inaccurate data that we hold about you corrected.
- Request erasure of your personal data. This enables you to ask us to delete your personal data where there is no good reason for us continuing to process it. This is sometimes referred to as the “right to be forgotten”.
- Request the blocking of processing of your personal data. This enables you to ask us to suspend the processing of your data, such as during the period of time it might take us to respond to a claim by you that the data is inaccurate or that our legitimate interests in processing it are outweighed by yours.
- Object to processing of your data This enables you to object to processing of your personal data and to be informed before your Personal Data is disclosed for the first time to third parties or used on their behalf for the purposes of direct marketing, and to be expressly offered the right to object to such disclosures or uses
In certain circumstances, we may need to restrict your rights in order to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. responding to regulatory requests), or in accordance with other exceptions and limitations specified in the Law.
To exercise any of these rights, please write to your usual contact at GRIP or the Data Protection Officer via the contact details given under section13.
You are also entitled to submit any complaint you may have to the data protection regulator, which in the DIFC is the DIFC Commissioner of Data Protection via email at firstname.lastname@example.org or via regular mail sent to the DIFC main office: The Gate, Level 14, DIFC P.O. Box 74777, Dubai, UAE, Tel: +971 (0)4 362 2222.
- Are You under an obligation to provide us with Your personal data?
You are not required by law to provide us with your personal data. However, if you refuse to do so we may not be able conduct further business with you. For example, in order to satisfy our antimoney laundering obligations we have to verify the identity of our clients. This inevitably requires us to collect certain personal data from current and prospective clients.
- Who is legally responsible for the handling of your personal data and who can you contact about this subject?
In data protection law terminology, such role lies with the “controller”, namely:
GRIP (DIFC) Ltd.
614, 6th Floor, Liberty House,
Dubai International Financial Centre (DIFC)
Dubai, United Arab Emirates
P.O. Box 9552
Tel: +971 4 564 2244
We are required to handle or process your personal data securely and otherwise in accordance with applicable data protection laws.
Should You have queries or complaints about the way in which we process your personal data, you may raise these with your usual GRIP contact or else with our internal Data Protection Officer via the contact details above or the following email address: email@example.com
- Changes to this privacy notice
We may update this privacy notice from time to time in order to clarify it or address changes in law or our business operations. We will notify you if we make any substantial updates and you can always access the current version at the following Website address:
We may also notify you in other ways about the processing of your personal data, such as in specific product documentation and online.
What is a cookie?
Cookies are small text files that are stored on your computer or mobile device. They are widely used in order to make websites work, or work in a better, more efficient way. They can do this because websites can read and write these files, enabling them to recognise you and remember important information that will make your use of a website more convenient (e.g. by remembering your user preferences).
For more detailed information on cookies, visit www.allaboutcookies.org.
Our website (https://gripinvestments.com) uses two types of cookies:
1. Strictly necessary cookie
moove_gdpr_popup – This cookie is used within the cookie banner to store the cookie consent information decisions taken by the user, and retains the consent for up to 365 days.
2. Embedded content from other websites (3rd party cookies)
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Please find below a list of the 3rd party cookies you may incur while navigating https://gripinvestments.com.
|VISITOR_INFO1_LIVE||This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.||5 mths||Advertisement|
|GPS||This cookie is set by Youtube and registers a unique ID for tracking users based on their geographical location.||30 mins||Analytics|
|YSC||This cookie is set by Youtube and is used to track the views of embedded videos.||1 visit||Performance|
|IDE||Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile, and is used due to the embedded Youtube content.||1 year||Advertisement|
|li_sugr||Browser Identifier, LinkedIn Insight Tag, when IP address is not in a Designated Country.||2 mths||Other|
|lang||used to store the language preferences of a user to serve up content in that stored language the next time user visits the website.||2mths||Functional|
|lidc||This cookie is set by LinkedIn and used for routing.||1 day||Functional|
|UserMatchHistory||Linkedin – Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor’s preferences.||1 mth||Other|
|bcookie||This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.||2 years||Functional|
|bscookie||This cookie is a browser ID cookie set by Linked share Buttons and ad tags.||2 years||Advertisement|
|lissc||This cookie is provided by LinkedIn. This cookie is used for tracking embedded service.||1 year||Analytics|