The Family Office Co. BSC(c), The Family Office Company B.S.C. (Dubai International Financial Centre “DIFC” Branch)and certain of its affiliates (“TFO”, “we” or “us”), acting as a data controller, have prepared this Privacy Policy to explain how we use any personal information we collect about you when you use this Website, and the choices you have concerning how the data is being collected and used.

This Website is not intended for children and minors and we do not knowingly solicit or collect personal data from children and minors. As a parent or legal guardian, please do not allow your children to submit Personal Data without your permission.

By submitting your Personal Data to us, you agree to the processing set out in this Privacy Policy. Further notices highlighting certain uses we wish to make of your Personal Data together with the ability to opt in or out of selected uses may also be provided to you when we collect Personal Data from you.

This Privacy Policy contains general and technical details about the steps we take to respect your privacy concerns. We have organised the Privacy Policy by major processes and areas so that you can review the information of most interest to you.

We may provide supplemental privacy policies on specific occasions when we are collecting or processing Personal Data about you so that you are fully aware of how and why we are using your Personal Data. Those supplemental policies should be read together with this Privacy Policy.

This policy may be updated from time to time. We therefore ask you to consult it on a regular basis. The last line of this Privacy Policy indicates when it was last updated. TFO reserves, in its sole discretion, the right to revise this Privacy Policy at any time by updating this posting.

1. Personal Data we collect

The term “Personal Data” refers to any information that can be used to identify you, or that can be linked to you, as an individual.

In some cases, we are legally required to collect Personal Data, or your Personal Data may be needed before we may perform certain services and provide certain products. We undertake to request only the Personal Data that is strictly necessary for the relevant purpose. Failure to provide the necessary Personal Data may cause delays or lead to refusal of certain products and services.

1.1 We may collect and process the following Personal Data about you.

(a) Personal information about you: personal information that you provide to us when you apply to open an account (e.g. personal/identification information, name, date of birth, nationality residential address, gender, country of residence, accredited investor status, tax residential status, tax identification numbers, income and wealth information, annual income, net worth, source of funds and wealth, employment activity, investment risk appetite, passport, national ID (or equivalent documents), bank details, IBAN details, and proof of address, etc), as well as any additional information provided by or through TFO, or submitted through a question, such as your e-mail address, or submitted through the uploading of personal documents in order to comply with KYC checks requirements in the jurisdictions where we operate;

(b) Our correspondence: if you contact us such as when you make a general inquiry or request technical support, we may keep a record of that correspondence;

(c) Survey information: we may also ask you to complete surveys that we use for research purposes. In such circumstances we shall collect the information provided in the completed survey; and

(d) Your use of our Website: details of your visits to our website and information collected through cookies and other tracking technologies including, but not limited to, your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access. 

(e) Do-not-track: Because there is not yet a consensus on how companies should respond to web browser-based “do-not-track” (“DNT”) mechanisms, we do not respond to web browser-based DNT signals at this time. Please note that not all tracking will stop even if you delete cookies.

1.2 We may collect your Personal Data from you directly.  We may also collect Personal Data from third parties including agents that give instructions on your behalf or any other governmental, quasi-governmental bodies that may provide Personal Data on your behalf. As well as this, we may also collect Personal Data from third party service providers as part of your application process, such as from third party video authentication providers as part of our KYC checks.

1.3 If you provide us with Personal Data about other individuals, you must inform such individuals that you have provided us with their details and let them know where they can find a copy of this Privacy Policy.

1.4 If you choose not to provide certain Personal Data, this may mean that we are not able to provide you with all of our services.

2. How we use Personal Data

2.1 We may use your Personal Data in the following ways:

Please note that use of Personal Data under applicable data protection laws must be justified under one of a number of legal “grounds” and we are required to set out the grounds in respect of each use in this Privacy Policy.

(a) To process your application to become a user: to evaluate and process your application to open an account. If you are approved, you can set up, review or update your account information once your account has been opened (including your Personal Data) online at any time.

Use justification: consent, contract performance, legitimate interests (to allow us to evaluate your eligibility as a user

(b) To provide marketing materials to you: to provide you with updates and offers, where you have opted in to receive these. We may contact you by phone, or via  third party service providers to send digital communications. These service providers are contractually prohibited from using your personal data for any purpose other than to send communications on behalf of TFO. We provide you the ability to unsubscribe from all marketing communications, without any costs. Every time you receive a communication from us, you will be provided with the choice to opt-out of future communications . You may also opt-out of receiving promotional materials by contacting us.

Use justification: consent (which can be withdrawn at any time);

(c) For analytics and profiling: to tailor our marketing to you. In connection with our marketing activities, we analyse information that we collect about customers to determine what offers are most likely to be of interest to different categories of customers in different circumstances and at different times. We call this the creation of “segments”. Such Personal Data include customer behavioural information such as transaction history, preferences, service requests and interactions with us. From time to time, we will assess the Personal Data that we hold about you in order to assign you to a particular segment. We may use the segment that you have been assigned to you in order to tailor our marketing communications to include offers and content that are relevant to you. We may also use this method to avoid sending you offers that are inappropriate or unlikely to be of interest to you. You have the right to opt out of such analysis of your Personal Data that we use to tailor the direct marketing that we send to you, at any time.

Use justification: consent (which can be withdrawn at any time); legitimate interests (to enable us to tailor our marketing to you);

(d) To comply with our legal and regulatory obligations: to comply with our legal and regulatory obligations such as financial reporting requirements imposed by our auditors and government authorities, and to cooperate with law enforcement agencies, government authorities, regulators and/or the court in connection with proceedings or investigations anywhere in the world where we are compelled to do so (e.g. to comply with anti-money laundering, KYC obligations).

Use justification: legal obligation, legal claims, legitimate interests (to cooperate with law enforcement and regulatory authorities);

(e) To handle incidents and process any claims we receive: to handle any accidents and incidents such as liaising with emergency services, and to handle any claims made by customers;

Use justification: vital interest, legal claims, legitimate interests (to ensure that incidents and accidents are handle appropriately and to allow us to assist our customers);

(f) To improve our services and products: to assist in developing new services and products and to improve our existing services and products.

Use justification: legitimate interests (to allow us to continuously improve and develop our services);

(g) To help our Website function correctly and to provide account maintenance activities (if your application is approved): to help content from our Website get presented in the most effective manner for you and for your device, and if your application is approved, to upkeep and maintain your user account.

Use justification: contract performance, legitimate interests (to allow us to provide you with the content and services on this Website);

(h) In connection with any reorganization of our business: To analyse, or enable the analysis of, any proposed sale, merger, asset acquisition, or reorganization of our business.

Use justification: contract performance, legitimate interests (to allow us to continue providing services to you).

(i) To process a commitment, subscription, redemption or withdrawal: to evaluate and process your commitment, subscription, redemption or withdrawal

Use justification: consent, contract performance, legitimate interests (to allow us to continue providing services to you).

In the event that we intend to further process your Personal Data for a purpose other than as set out in section 2 above, we shall provide you with information on that other purpose before this additional processing takes place.

3. How we share Personal Data

3.1 We may share your Personal Data in the following ways:

(a) Third party service providers who process Personal Data on our behalf to help us undertake the activities described in section 2 : We may permit selected third parties such as business partners, suppliers, service providers, agents, contractors and other TFO affiliates to use your Personal Data for the purposes set out in section 2, including mail houses and e-mail service providers that we engage to send and disseminate promotional materials for TFO products, data center providers that host our servers and third party agents that process mailing, requests, and transactions on our behalf. These parties are contractually prohibited from using Personal Data for any purpose other than for the purpose specified in their respective contracts, and will be subject to obligations to process Personal Data in compliance with the same safeguards that we deploy. We also provide non-personally identifiable information to these parties for their use on an aggregated basis for the purpose of performing their contractual obligations to us. We do not permit the sale of Personal Data to entities outside of TFO for any use unrelated to our group operations or use of Personal Data by third party for their own purposes.

(b) Law enforcement agencies, government authorities, regulators and the court in order to comply with our legal obligations or to handle incidents/ claims: We may disclose your Personal Data when required by relevant law or court order, or as requested by other government or law enforcement authorities, or any agency, court, regulator or other third party where we believe this is necessary to assist with proceedings or investigations. Where permitted, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime. This also applies when we have reason to believe that disclosing the Personal Data is necessary to obtain legal advice, to identify, investigate, protect, contact, or bring legal action against someone who may be causing interference with our guests, visitors, associates, rights or properties, or to others, whether intentionally or otherwise, or when anyone else could be harmed by such activities.

(c) Third parties who require such data in connection with a change in the structure of our business: In the event that we (or a part thereof) are (i) subject to negotiations for the sale of our business or (ii) sold to, merge with, or sell substantially all of our assets to a third party or (iii) undergo a reorganization, you agree that any of your Personal Data which we hold may be transferred to that reorganized entity or third party and used for the same purposes as set out in this Privacy Policy, or for the purpose of analysing any proposed sale or re-organisation. We will ensure that no more of your Personal Data is transferred than necessary.

3.2 This Privacy Policy does not apply to our processing of personal information on behalf of, or at the direction of, third party providers who may collect personal information from you and provide it to us. In this situation, we would merely act as a data processor and thus advise you to review applicable third-party providers’ privacy policies before submitting your personal information.

Use justifications and legal grounds

We note the grounds we use to justify each use of your information next to the use in the How we use Personal Data and How we share Personal Data sections of this policy. These are the principal legal grounds that justify our use of your Personal Data:

Consent: where you have consented to our use of your Personal Data  Contract performance: where your Personal Data is necessary to enter into or perform our contract with you.

Legal and regulatory obligation: where we need to use your Personal Data to comply with our legal and regulatory obligations.

Legitimate interests: where we use your Personal Data to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights.

Legal claims: where your information is necessary for us to defend, prosecute or make a claim against you, us or a third party.

Vital interest: where we need to process your Personal Data to protect the vital interest of you or another natural person e.g. where you require urgent assistance

4. How we transmit, protect and store Personal Data

Security over the internet

4.1 It is important to note that all Internet communication is not secure. There is a risk inherent in the use of e-mail. Please be aware of this when requesting information or sending forms to us by e-mail, for example, from the “Contact Us” section. We recommend that you do not include any sensitive information when using e-mail or using any public computers/public WIFI. Our e-mail responses to you may not include any sensitive or confidential information. Please bear in mind that no security system or system of transmitting information over the Internet is guaranteed to be secure.

4.2 If your application is successful and a user account is set up, you should always close your browsers when you have finished completing a form. Although the session will automatically terminate after a short period of inactivity, it is easier for a third party to gain access to your profile whilst you are logged onto your account.

4.3 We treat all Personal Data that you provide to us as confidential information. To prevent Personal Data from unauthorised access or leakage, we have adopted and regularly monitor our security and data privacy policies and procedures. We use SSL protocol – an industry standard for encryption over the Internet, to protect the Data. When you type in sensitive information, it will be automatically encrypted and transferred over a SSL connection. This ensures that your sensitive Data is encrypted as it travels over the Internet. You will know that you are in a secure mode when the security icon (such as a lock) appears in the screen.

Security controls

4.4 Where we have given you (or where you have chosen) a password, you are responsible for keeping this password confidential and for complying with any other security procedures that we notify you of. We ask you not to share a password with anyone.

4.5 TFO trains its employees and staff on the importance of data privacy and protection. Our Privacy Policy is updated as required to reflect any changes in applicable laws and developments in best practice procedures. Further, we limit the number of individuals within the companies with access to Personal Data to those directly involved in the process of providing quality service to you.

4.6 We store certain customer information in our Customer Information System. Both systems are secure customer databases stored on a dedicated server located in a data centre in Ireland hosted by a third party service provider. Our server resides behind firewalls to protect Personal Data collected from you against unauthorised or accidental access. Because laws applicable to personal information vary by country, our business operations may put in place additional measures that vary depending on the applicable legal requirements.

Data transmission across international borders

4.7 The nature of our business and our operations require us to transfer your Personal Data to other authorized distributors, centres of operations, data centres, or service providers that may be located in countries outside of your own for the purposes mentioned in this Privacy Policy. Although the data protection and other laws of these various countries may not be as comprehensive as those in your own country, TFO will take appropriate measures, including implementing up to date contractual clauses, to secure the transfer of your Data to recipients (which may be internal or external to TFO) located in a country with a level of protection different from the one existing in the country in which your Data is collected.

4.8 Where your Personal Data may be transferred to a country in which data protection laws may be of a lower standard than in the transferor country, TFO will impose the same data protection safeguards that we deploy in the countries in which we operate to ensure an adequate level of protection for this data.

4.9 The Personal Data collected using the means located in Bahrain may be required to be transferred outside Bahrain for processing. As there are no approved jurisdictions that provide adequate level of data protection required under Bahrain law, any transfer of Personal Data outside Bahrain requires your consent. As business requirement we may transfer your Personal Data to Kingdom of Saudi Arabia, Switzerland, and Ireland (“Consented Jurisdictions”) and you consent to the transfer of your Personal Data to the Consented Jurisdictions.

4.10 Where Personal Data is transferred by the DIFC Branch to a jurisdiction considered as non-adequate the Branch will ensure that relevant safeguards are in place to protect the transfer, such as standard contractual clauses. You may ask us for further details of these.

Retention

4.10 Your Personal Data will be stored for the period of time required or permitted by law in the jurisdiction of the operation holding the information (for example certain transaction details and correspondence may be retained until the time limit for claims in respect of the transaction has expired or in order to comply with regulatory requirements regarding the retention of such data). So if information is used for two purposes we will retain it until the purpose with the latest period expires; but we will stop using it for the purpose with a shorter period once that period expires.

4.11 Our retention periods are based on business needs, and your information that is no longer needed is either irreversibly anonymised (and the anonymised information may be retained) or securely destroyed once the purpose for which we collected this personal data is no longer applicable. By way of example:

(a) use for marketing: in relation to your Personal Data used for marketing purposes, we may retain your Personal Data for that purpose after we have obtained consent to market to you, or the date you last responded to a marketing communication from us (other than to opt out of receiving further communications);

(b) use to perform a contract: in relation to your Personal Data used to perform any contractual obligation with you, we may retain that Personal Data whilst the contract remains and for a certain period thereafter to deal with any queries or claims thereafter; and

(c) where claims are contemplated: in relation to any information where we reasonably believe it will be necessary to defend or prosecute or make a claim against you, us or a third party, we may retain that information for as long as that claim could be pursued.

5. Your rights

Opt-out of marketing

5.1 You have the right to ask us not to process your Personal Data for marketing purposes. You can also exercise the right at any time by contacting us.

Other rights

5.2 Subject to various exceptions and data protection laws in your country, you may have the following rights:

(a) Access: you can ask us to provide you with further details on the use we make of your Personal Data and a copy of the Personal Data we hold about you;

(b) Correction: you can ask us to correct any inaccuracies in the Personal Data we hold about you;

(c) Complaint: if you are not satisfied with our use of your Personal Data or our response to any exercise of these rights, you have the right to complain to the data protection authority in your country (if one exists);

(d) Erasure: you can ask us to delete your Personal Data if we no longer have a lawful ground to use;

(e) Withdrawal of consent: where processing is based on consent (e.g. marketing), you can withdraw your consent to processing so that we stop that particular processing

(f) Object to processing: you have the right to object to other types of processing (e.g. analytics and profiling activities carried out in relation to your Personal Data or any processing that causes material or moral damage to you), unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights;

(g) Restriction: you can restrict how we use your Personal data, for example whilst we are verifying the accuracy of your Personal Data or where we are verifying the grounds that use as the basis of holding your Personal Data;

(h) Portability: where technically feasible, you have the right to ask us to transmit the Personal Data that you have provided to us to a third party in a structured, commonly use and machine readable form.

We may need to request specific Personal Data from you to help us confirm your identity and ensure your right to access the Personal Data (or to exercise any of your other rights). This security measure ensures that Personal Data is not disclosed to an unauthorised person.

You will not have to pay a fee to exercise your rights . However, we may charge a reasonable fee if your request for access is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances, where permitted by law.

Updating or modifying information

5.3 We will use reasonable endeavours to ensure that your Personal Data is accurate. In order to assist us with this, you should notify us of any changes to the Personal Data that you have provided to us by contacting us.

Notifications in the event of breach

5.4 In the unlikely event of a data breach, we are prepared to follow any laws and regulations which would require us to notify you of the disclosure of private information.

6. Cookies

Our Website uses cookies to collect and store certain information about you, and to distinguish you from other users of this Website. This helps us provide you with a good experience when you browse our Website and also allows us to improve our Website. A cookie is a small text file which is sent by a Website, accepted by a web browser and then placed on your hard drive. The information collected from cookies lets us know that you visited our Website in the past, and helps you avoid having to re-enter information on each visit in order to use some of our products or services, among other things. We use a variety of cookies in this Website:

Strictly Necessary: These cookies are necessary for the Website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but if you do so, some parts of the site will not work. These cookies do not store any personal information.

Performance Cookies: These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.

Functional Cookies: These cookies enable the Website to provide enhanced functionality and personalization. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies, some or all of these services may not function properly.

Targeting Cookies: These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant ads on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social Media Cookies: These cookies are set by a range of social media services that we may have added to the site to enable you to share our content with your friends and social or professional networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies, you may not be able to use or see these sharing tools.

7. Changes to the Privacy Policy

In the future, we may need to make additional changes. All additional changes will be included in the latest Privacy Policy published on this Website, so that you will always understand our current practices with respect to the information we gather, how we might use that information and disclosures of that information to third parties. You can tell when this Privacy Policy was last updated by looking at the date at the bottom of the Privacy Policy. TFO reserves the right, in its sole discretion, to modify, alter or otherwise update this Privacy Policy at any time. Any changes will be effective only after the effective date of the change and will not affect any dispute arising prior to the effective date of the change.

8. Other Sites

This Website may contain links to other third-party websites. If you follow a link to any of those third party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your personal information. Please check these policies before you submit any personal information to such third party websites.

9. Additional Rights

Applicable laws may give you additional rights that are not described in this Privacy Policy.

Under certain circumstances, and where the conditions specified in the DIFC Data Protection Law No. 5 of 2020  (DIFC Law) are met, by law, in addition to the rights listed above you also have the right to object to automated Processing, including profiling which produces legal or other seriously impactful consequences concerning you.

_______________________________

Contact Us

For further information, or inquiries about this User Agreement or Privacy Policy please contact:

Client Services
[email protected]
+973 1757 8000

Right to lodge a complaint

If you are unhappy with the way the DIFC Branch treats your data you have a right to make a complaint to the Commissioner in the DIFC. The Commissioner can be contacted by:

DIFC Authority
Level 14, The Gate Building
DIFC
Dubai
United Arab Emirates

Or via email: [email protected]