logo.svg
Contact us
Register

FCL, FGM and FGCS Data Privacy Policy

1 Introduction

Finstreet Capital Limited (FCL), Finstreet Global Markets Limited (FGM), and Finstreet Global Clearing and Settlement Limited (FGCS) (collectively “Finstreet,” “we”, “our”, or “us””) are committed to your (“you”, “your”, “user”, or “users”) privacy and security.We are subject to the Abu Dhabi Global Market (ADGM) Data Protection Regulations 2021 and may be subject to additional data protection laws like GDPR and UAE Federal Decree Law No. 45 of 2021.

This Data Privacy Policy (‘Policy') outlines how we collect, use, and disclose personal information obtained through our websites, email communications, and other online services as well as through offline interactions such as using networks of Finstreet offices (collectively, the “Services”), interaction with other channels such as through a mobile application (the “App”), to protect the privacy of its “Data Subjects” (natural persons and legal entities),by following applicable regulations, and our Terms of Use.

This Policy outlines how Finstreet collects, utilizes, and safeguards your information, including any Personal Data you provide. By engaging with our website or services, you explicitly consent to these data handling practices. It is essential to understand that while this Policy provides a general overview of our data management, specific services from Finstreet may require additional consent for particular data uses. Regardless of the service, your rights as detailed in this Policy remain consistent and applicable. Essentially, this Policy serves as a foundation for how we treat your information, ensuring transparency and accountability.

2 Scope and Application

This Policy applies globally to natural persons and legal entities (the “Data Subjects”) that access or utilize Finstreet’s digital platforms, including but not limited to its website and App. All users, regardless of jurisdiction, are subject to the data handling practices and rights outlined herein.

3 Data Collection

3.1 Data provided by you

We gather personal information directly from you through your engagement with our platform.

  • This encompasses data you voluntarily provide when interacting with our App, website, or by communicating with our team.
  • Activities such as account creation, accessing our services, contacting support, or utilizing App features may involve the collection of your personal information. This might include your name, address, email, phone number, device details, and any additional information you choose to share.
  • To facilitate efficient communication and service delivery, we maintain electronic records of correspondence, including any personal data shared during these interactions. These records are crucial for addressing inquiries, fulfilling requests, and providing appropriate responses.

The collection and processing of your data is conducted in strict adherence to applicable laws and regulations. The specific purposes for data handling are transparently communicated within this Policy or at the point of data collection. These purposes align with our legitimate interests or are undertaken to fulfil our obligations to you.

3.2 Information we collect

We collect information about your device and how you use our Services. This data is gathered automatically as you interact with our platform.

  • It includes technical specifications such as your unique device identifier (for example, mobile network information, your mobile operating system, the type of mobile browser you use, device token, device type, and time zone setting (“Device Information”).
  • Additionally, we track your usage patterns, such as traffic data, weblogs and other communication data, the features you access and how often you use them (“Log Information”). This information is essential for maintaining the smooth operation of our services, identifying potential issues, and enhancing your overall user experience.
  • We may also gather information about your interactions with our content, like the articles you read or the products you view. It is important to note that this data is collected in an aggregated form to protect your privacy and is used for general analysis and improvement purposes.

You have the right to control certain aspects of how your data is processed. Subject to applicable laws and the terms of this Policy, you may modify your preferences regarding data sharing and usage at any time. For information on how to exercise these rights, please check your device settings or contact us directly.

3.3 Additional Information

Beyond technical details, we may also collect information that provides insights into your preferences and behavior. The information that you submit, or that we may collect, this might encompass demographic data, such as age range, location (GPS), postal code, birth date, address, hometown, gender, username, mobile network information, your mobile operating system, UUID browser information, time zones, IP address, biometric data, images and photographs, SMS data, financial data, business activities and services/distribution locations, browsing history information, searching history information, and registration history information or interests(“Demographic Information”).

3.3.1.1Data Collection Methods

3.4 Signup / Login

3.4.1 Website Signup/Login

  • Online Forms: Users provide personal information by filling out digital forms on the Finstreet website.
  • Data Input Fields: Users manually enter data into designated fields on the signup or login page.

3.5Drop-down Menus: Users select options from pre-populated lists for certain data points (e.g., nationality, gender).

  • File Uploads: Users upload documents such as government IDs, passports, and utility bills.

3.5.1 Mobile App Signup/Login

  • In-app Forms: Similar to the website, users complete digital forms within the mobile app.
  • Mobile Device Information: The App may automatically collect device-related data (e.g., device type, operating system).
  • Camera Access: Users may be prompted to use their device's camera to capture images of documents (e.g., ID cards).
  • Location Services: The App may request access to location services for specific features.
  • Biometric Information: The App may request access to biometric data for specific security features.

3.6 Cookies

A cookie is a small text file that is unique to the web browser on your computer or mobile device, which is used to retain user preferences and enhance the browsing experience ("Cookies"). Finstreet uses Cookies to track overall site usage and enables us to provide a better user experience. We do not use Cookies to “see” other data on your computer or determine your email address.

We employ the following categories of cookies to gather information, but are not necessarily limited to:

  • Essential Cookies: These cookies are strictly necessary for the website to function properly.
  • Site Analytics Cookies: These cookies help us understand how visitors interact with the website, allowing us to improve its performance and user experience.
  • Customer Interaction Cookies: These cookies personalize your experience by remembering your preferences and settings.
  • Advertising Cookies: These cookies may be used to deliver targeted advertising based on your browsing behavior.

Most web browsers are configured to accept cookies by default. However, Data Protection Regulations 2021 require Finstreet to limit cookies collection to the minimum necessary for essential website functionality.

Under applicable data protection regulations, you have the right to control how we use cookies on our website. You can exercise this right by adjusting your cookie preferences through the "Help" or "Settings" menu of your web browser.

While you have the option to disable certain cookies, it is important to understand that this may limit your ability to access specific features and functionalities offered by our website. These features rely on cookies to operate correctly.

For detailed instructions on managing cookies, including how to adjust settings or delete them from your device, we recommend visiting the independent resource www.aboutcookies.org. This website provides comprehensive information about cookies and how to manage them.

3.7 Inquiry Forms

3.7.1 Website Inquiry Forms

  • Users provide personal information by filling out dedicated inquiry forms on the Finstreet website.
  • Users manually enter data into specific fields on the inquiry form.
  • Users select options from pre-populated lists for certain data points (e.g., preferred contact method).

3.7.2 Mobile App Inquiry Forms

  • Similar to the website, users' complete inquiry forms within the mobile app.
  • The app may automatically pre-fill certain fields with information already stored on the device (e.g., phone number).

3.8 Email and Phone Inquiries

  • Users provide personal information through email or phone conversations with Finstreet representatives.
  • Finstreet may maintain records of these communications for reference and customer service purposes.

3.9 Newsletters

Finstreet collects personal data through newsletter subscriptions primarily via the following methods:

  • Users provide their email address and other optional information (name, preferences) by filling out subscription forms on the Finstreet website.
  • Users subscribe to newsletters directly through the Finstreet mobile app, providing their email address and potentially other relevant details.
  • Data subjects who register for Finstreet events may opt-in to receive newsletters, providing their email address and other contact information.
  • Users may submit their information through lead generation forms on landing pages or promotional materials.

3.10 Social Media Advertisements

Social media platforms offer various methods for collecting user data through advertisements by filling out contact forms directly within the advertisement.

3.11 Data Validation and Verification

To ensure data accuracy and security, Finstreet employs the following methods:

  • The system checks for data consistency and completeness during the signup process.
  • Uploaded documents are verified against original copies or through third-party authentication services.
  • Additional verification steps may be required, such as identity verification checks or multi-factor authentication.

4 Use of Personal Data

We may use the Personal Data which you provide to us, or we collect from you for:

  • The provision, maintenance, and improvement of our app and Services. This includes facilitating transactions, fulfilling user requests, and enhancing the overall user experience through the development of new features.
  • Adhering to internal administrative, regulatory, and legal obligations. This involves activities such as fraud prevention, security measures, data analysis, troubleshooting, and ensuring compliance with applicable laws.
  • Engaging with users through marketing communications, including the promotion of products, services, and events. This also encompasses the administration of contests, sweepstakes, and other promotional activities.
  • Personalizing the user experience by tailoring content and recommendations based on user preferences and behavior. This involves utilizing data analytics to improve service delivery and meet user expectations.
  • Protecting the integrity and security of our systems and user data. This includes implementing measures to safeguard against unauthorized access, disclosure, alteration, or destruction of information.

5 Processing, Storage and Transfer

Finstreet will process Personal Data in strict compliance with applicable laws and regulations, adhering to principles of lawfulness, fairness, and transparency. By submitting Personal Data (including Device Information, Log Information, and Demographic Information), Data Subjects affirm their consent to its processing as outlined in this Policy.

Data may be transferred, stored, and processed both within and outside the United Arab Emirates. Finstreet employs robust security measures to safeguard Personal Data, regardless of its location. Data retention periods are determined by factors such as business needs, legal obligations, and data minimization principles. Data Subjects possess the right to access, rectify, or erase their Personal Data, subject to legal exceptions.

Data Subjects are responsible for the accuracy of Personal Data provided to Finstreet. We will endeavor to update or correct Personal Data upon request, subject to applicable legal and contractual obligations.

Finstreet will retain Personal Data for as long as necessary to fulfil the purposes outlined in this Policy unless a longer retention period is required or permitted by regulation. Upon the expiration of the retention period or fulfilment of the relevant purpose, we will securely erase or anonymize Personal Data.

Finstreet is committed to maintaining data accuracy and will amend or delete information upon request unless prevented by legal or contractual constraints. The organization will notify Data Subjects of significant changes to data processing activities, where required or appropriate.

In certain circumstances, Finstreet may contact Data Subjects to inform them of ongoing Personal Data processing activities.

By accessing or using our App or Services, you consent to the collection and processing of your Personal Data as outlined in this Policy. Your continued use of our services constitutes acceptance of these terms.

6 Data Sharing

Finstreet may disclose Personal Data to third parties under specific circumstances. These instances primarily involve sharing information with entities that are essential to the delivery of services requested by the user. For example, when a user requests a service through a partnership or promotional offer, their Personal Data may be shared with the collaborating third party to fulfil the request.

Additionally, Finstreet may share Personal Data with third-party platforms or services that integrate with its app or Website Services. This sharing is typically predicated on the user's consent and is intended to enhance the overall user experience by enabling seamless interactions across different platforms.

It is crucial to note that the sharing of Personal Data is always conducted following applicable laws and regulations. Finstreet takes appropriate measures to ensure that third parties handle Personal Data responsibly and in compliance with relevant data protection standards.

By understanding the specific scenarios in which data sharing may occur, users can make informed decisions about how their information is utilized and with whom it is shared. This transparency fosters trust and reinforces Finstreet's commitment to data protection.

6.1 Data Sharing with Third Parties

Finstreet may disclose Personal Data to the following categories of recipients:

  • Within the limits permitted by law, Personal Data may be shared with Finstreet's subsidiaries and affiliated companies.
  • We may engage third-party service providers to assist in our operations. These entities may have access to Personal Data to perform specific tasks on our behalf.
  • Finstreet may disclose Personal Data to government authorities, law enforcement agencies, or other third parties as required by law or in response to legal processes.
  • In the event of a merger, acquisition, or sale of assets, Personal Data may be transferred to the involved parties.
  • De-identified or anonymized data may be shared for research, statistical, or marketing purposes.

6.2 Government Data Sharing

Finstreet may be compelled to disclose Personal Data to governmental or law enforcement entities under specific legal mandates. These circumstances typically involve court orders, regulatory inquiries, or compulsory legal processes. In such instances, Finstreet will diligently ensure that any data disclosure adheres strictly to legal requirements and is appropriately justified.

Furthermore, instances of non-payment, including monetary penalties or court-ordered costs, may necessitate legal action to recover outstanding debts. To facilitate this process, Finstreet may share pertinent Personal Data with specialized litigation and recovery firms. These entities are instrumental in asset identification and the initiation of recovery procedures through legal channels.

It is imperative to emphasize that Finstreet prioritizes data protection and will implement robust safeguards to protect Personal Data during any disclosure process. The organization will meticulously document all instances of data sharing to maintain transparency and accountability.

7 Links to External Websites

Our website and App may contain links to third-party websites (the "External Sites"). These links are provided solely for your convenience and do not constitute an endorsement of the linked websites or their content. Finstreet assumes no responsibility for the availability, accuracy, or reliability of the content on these external sites.

Accessing linked third-party websites is at your own risk. Finstreet disclaims all liability for any damages or losses arising from your use of or reliance on content from external websites.

8 Your Rights and Choices

8.1 Your Rights

  • Right of Access: You have the right to obtain confirmation of whether or not your personal data is being processed and, if so, to request access to specific details about that processing. This includes information about the purposes of processing, the categories of data involved, the recipients to whom the data has been or will be disclosed, and the envisaged retention period.
  • Right to Rectification: If Personal Data is inaccurate or incomplete, you have the right to request rectification. This ensures that the data held about you is accurate and up to date.
  • Request erasure (Right to be Forgotten): Under certain circumstances, you can request the erasure of your Personal Data. This right is subject to limitations, such as when processing is necessary for compliance with legal obligations or the exercise of public interest.
  • Right to Restriction of Processing: In specific scenarios, you may request a restriction on the processing of your Personal Data. This means that the data will be stored but not further processed. This right can be exercised in cases where data accuracy is contested when processing is unlawful, but the individual opposes erasure, when data is no longer needed for the original purposes but is required for legal claims, or when the individual has objected to processing pending verification of legitimate grounds.
  • Right to Object: You have the right to object to the processing of your Personal Data based on legitimate interests or for direct marketing purposes. This right allows you to prevent the processing of your data for certain purposes.
  • Right to Data Portability: You have the right to receive your Personal Data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

You may exercise these rights by contacting us using the contact details provided in this Policy. We will respond to your request without undue delay, within two months, unless there are legitimate grounds for an extension.

There may be circumstances where we are unable to fulfill your request, such as if it would reveal Personal Data about another individual or if we are legally required to retain the data. We will not discriminate against you for exercising your rights.

8.2 Marketing and Preferences

You have the right to control how we use your Personal Data for marketing purposes. You can opt-in or opt-out of receiving marketing communications from us at any time.

  • We will not process your Personal Data for marketing purposes unless you have explicitly consented to such processing. You can withdraw your consent at any time by contacting us.
  • Please note that even if you opt out of marketing communications, we may still send you essential service-related messages.
  • Opting out of marketing communications from us does not necessarily prevent you from receiving marketing communications from other websites, providers, or other, nonaffiliated marketers whose services you may have accessed via Finstreet Services or App.
  • Please note that removing your contact information from our database does not guarantee the removal of your information from the databases of third-party marketing organizations. You may need to contact these organizations directly to request the removal of your information from their records.

9 Security Measures

Finstreet is committed to safeguarding the confidentiality, integrity, and availability of Personal Data. To this end, we have implemented robust security measures, including:

  • Governance Framework: Our information security governance framework ensures the effective management, protection, and use of information across the organization.
  • Data Encryption: Employing encryption technologies to protect data both at rest and in transit.
  • Access Controls: Limiting access to Personal Data to authorized personnel on a need-toknow basis.
  • Regular Security Assessments: Conducting ongoing security assessments of our IT infrastructure and practices to identify potential risks.
  • Continuous Monitoring: 24x7x365 security monitoring of our websites, mobile apps, networks, databases etc.
  • Employee Training: Providing comprehensive awareness training to employees on data protection and security best practices.
  • Incident Response Strategies: Our robust incident response plans address potential data breaches effectively.
  • Third-Party Risk Management: Due diligence and due care processes for third-party service providers to ensure they adhere to appropriate security standards.

While we strive to protect Personal Data, it is important to recognize that no system is entirely immune to security risks. Therefore, Finstreet cannot guarantee absolute security.

To the extent permitted by law, Finstreet disclaims liability for any damages or losses arising from unauthorized access to or alteration of Personal Data, or any other acts that are beyond our reasonable control.

Finstreet shall not be liable for any unauthorized access or disclosure of Personal Data arising from causes beyond its reasonable control, including but not limited to acts of third parties such as social engineering attacks such as phishing or other fraudulent activities.

10 Social Media

Finstreet has social media accounts to inform and promote services to customers and the public. Finstreet monitors and records comments and posts about the organization on these channels to improve products and services.

You should not share the following types of information with Finstreet through social media channels:

  • Personal Data, including any information regarding your financial situation, bank account details, transactions, etc.
  • Sensitive Personal Data including
    • racial or ethnic origin,
    • political opinions,
    • religious or philosophical beliefs,
    • trade union membership,
    • genetic data, and
    • biometric data for unique identification,
    • health data,
    • sex life or sexual orientation,
    • criminal convictions,
    • offences and
    • national identification number.
  • Excessive, inappropriate, offensive, or insulting information towards data subjects or Finstreet.
  • Finstreet is not liable for any information posted on those channels other than the information.
  • posted by the social media account manager.

11 Physical Data Security

To ensure the safety and security of data subjects visiting our premises, Finstreet maintains detailed records of visitor entry and exit times. These records are managed following established building security protocols.

It is essential to note that Finstreet assumes no responsibility for personal belongings, including but not limited to any contents, such as documents, electronic devices etc., whether they contain Personal Data or other business information, which is left unattended on our premises.

12 Data Retention

Finstreet will comply with all applicable data retention requirements imposed by the ADGM Financial Services Regulatory Authority (FSRA) and other relevant regulatory bodies. Data may be retained for longer periods if required by law, court order, or for the purpose of establishing, exercising, or defending legal claims.

12.1 Data Categories and Retention Periods

12.1.1 Client Information

  • Data Type: Name, address, date of birth, nationality, passport number, contact details, financial information (income, assets, liabilities), employment details, etc.
  • Retention Period: The duration of the client relationship plus six years for regulatory compliance and potential legal claims.

12.1.2 Trading Data

  • Data Type: Order history, trade confirmations, account statements, market data, transaction history, and correspondence related to trading activities.
  • Retention Period: Six years to comply with regulatory requirements and for audit purposes.

12.1.3 Communication Records

  • Data Type: Emails, phone calls, and other communication records with clients.
  • Retention Period: Three years for reference and compliance purposes.

12.1.4 Surveillance Recordings

  • Data Type: Audio and video recordings of client interactions for compliance and security purposes.
  • Retention Period: Six months, unless required for legal or regulatory purposes.

12.1.5 Marketing Data

  • Data Type: Client preferences, marketing campaign data, and contact history for marketing purposes etc.
  • Retention Period: Three years unless the client opts out or withdraws consent.

Finstreet will implement measures to ensure that only the necessary Personal Data is collected and retained. Appropriate technical and organizational measures will be in place to protect Personal Data throughout its lifecycle.

Finstreet will regularly review its data retention policies and practices to ensure compliance with the regulations.

13 Data Disposal

Upon expiration of the designated retention period, personal data will undergo a secure deletion or anonymization process. This action will be implemented only after receiving explicit approval from both the compliance team and the Data Protection Officer, ensuring strict adherence to regulatory guidelines and internal policies. Finstreet employs robust measures to safeguard personal data during the disposal process, preventing unauthorized access, disclosure, or misuse. These measures may include secure data wiping techniques, encryption, and physical destruction of storage media, as appropriate.

14 Data Protection Officer

Information Security Officer has been appointed as a Data Protection Officer in accordance with the regulations.

15 Breach Notification

In the event of a Personal Data breach, Finstreet will conduct a thorough investigation and notify the relevant authorities and affected Data Subjects promptly as required by the regulations.

16 Revisions to This Policy

Finstreet reserves the right to modify this Policy at any time. While we will endeavor to provide notice of significant changes, we are not obligated to do so. Your continued use of our services following such modifications constitutes your acceptance of the revised Policy.

We encourage you to review this Policy periodically for updates. You can access the current version through our website or mobile app as necessary or appropriate or by referencing our Terms of Use.

17 Contact Us

If you have any questions, comments and requests related to this Policy, or if you have any complaints related to how Finstreet processes your Personal Data, please contact:

Finstreet’s email address: [email protected]

Escalations:

You may also contact the ADGM Commissioner of Data Protection’s Office at:

Abu Dhabi Global Market

ADGM Building, Abu Dhabi Global Market Square,Al Maryah Island, Abu Dhabi, United Arab Emirates.

M: 00 971 2 3338888

E: [email protected]