PRIVACY POLICY STATEMENT

MSM Investment Advisors (DIFC) Limited (hereinafter referred to as “MSM”) is committed to protecting the Personal Data of the individuals we encounter in conducting our business. “Personal Data” is data about an individual who can be identified from that data. This Privacy Policy explains how and why MSM, its representatives, and authorized administrators (“we” “us” “our”) handle the Personal Data of Customers/Vendors/ Employees (“you” “your”). Our policies and procedures have been designed to ensure that your Personal Data is protected. This Privacy Policy is designed to assist you in understanding why and how MSM collects and uses your Personal Data, to whom such data is disclosed and to whom data access requests can be addressed.

PLEASE READ THIS PRIVACY POLICY CAREFULLY. THIS PRIVACY POLICY MAY BE MODIFIED FROM TIME TO TIME.

MSM Personal Data Protection Obligations

The very nature of MSM business is such that the collection, use, and disclosure of personal information is fundamental to the services we provide. We respect and maintain personal privacy and accordingly align this policy with the Dubai International Financial Centre Data Protection Law (DIFC Law No.5 of 2020, as amended) (“DPL”) when collecting, holding, processing, or using Personal Data in the Dubai International Financial Centre (“DIFC”). We are equally committed to ensuring that all our employees uphold these obligations. Under the DPL, MSM is bound to the following obligations with respect to your Personal Data:

  1. Consent
  2. Purpose Limitation
  3. Notification
  4. Access and Correction
  5. Accuracy
  6. Protection
  7. Retention
  8. Transfer Limitation
  9. Openness
  10. Other Rights, Obligations, and Uses

Obligation 1 –Consent

The DPL prohibits MSM from collecting, using, or disclosing any individual’s Personal Data unless the individual gives written consent for the collection, use, or disclosure of his Personal Data or such collection, use or disclosure is necessary for specific reasons set out in the DPL. By providing the Personal Data requested by us, you consent to us using and disclosing your Personal Data as set forth in this Privacy Policy Statement and our Personal Information Collection Statement (if one has been provided to you).

This consent remains valid until you alter or revoke it by providing written notice to us at the address below:

Rishi Kathuria, Unit 814, Burj Daman, DIFC, Dubai. Email: rishi@msmdifc.com

Please note that if you withdraw your consent to any or all use or disclosure of your Personal Data, depending on the nature of your request, we may not be in a position to continue to provide our products or services to you, administer any contractual relationship in place or respond to a query.

Obligation 2 –Purpose Limitation

The DPL limits the purposes for which and the extent to which an organization may collect, use or disclose personal data. MSM collects your Personal Data when you apply for any services. We collect your personal data to assess your application to provide you with services and administer them. If you do not provide us with your personal data, then we may not be able to provide you with any services.

MSM will only collect Personal Data that is reasonably necessary and related to our provision of services (including but not limited to processing your application, arranging a contract with you, managing your account with) and the other purposes of our collection of Personal Data as set out in our Privacy Policy Statement and Personal Information Collection Statement.

Obligation 3 –Notification

When we collect Personal Data directly from you, we will inform you of the purpose of the collection, use or disclosure by reference to this Privacy Policy or through a Personal Information Collection Statement. We will only collect Personal Data by lawful and fair means. Personal Data is collected when MSM, or when you use or visit our website and submit other information (including Personal Data) to us.

Some information is collected automatically when you visit our website because your IP address needs to be recognized by the server. We may use the IP address information to monitor and analyze how parts of our website are used.

We may use cookies for a number of purposes as set out in our website terms of use. Our cookies will track only your activity relating to your online activity on our website and will not track your other internet activity. Our cookies do not gather personally identifiable information. Please refer to our website terms of use for our policy on the use of cookies.

Obligation 4 –Access and Correction

Under the DPL, you have the right (subject to certain exemptions) to request:

  1. Access to some or all of your Personal Data in our possession;
  2. Information about the ways the Personal Data has been or may have been used or disclosed by us within a year before the date of your

Subject to certain exemptions under the DPL, we will grant access to and correct Personal Data as requested by you. If we hold Personal Data about you and you are able to establish that the Personal Data is not accurate, complete and up to date, we will take reasonable steps to correct your Personal Data so that it is accurate, complete, and up to date. We will provide reasons for any denial of access or a refusal to correct Personal Data.

Your request to access or correct Your Personal Data will be actioned as soon as reasonably possible from the time the access request is received. If we are unable to respond within 30 days, we will inform you in writing of the time in which we will be able to respond to your request.

Obligation 5 –Accuracy

We will take practical steps to ensure that the Personal Data we collect, use or disclose is accurate, complete and up to date, having regard to the purpose (including any directly related purpose) for which the Personal Data is or is to be used. Please refer to Obligation 4 for details on how you can obtain and correct any Personal Data relating to you that we may hold.

Obligation 6 –Protection

We will take all practical steps to ensure that Personal Data we hold is protected against unauthorized or accidental access, processing, erasure, or other use. We provide a highly secure online infrastructure for activities conducted via our website, including SSL (secure socket layer) encryption and the use of firewalls and anti-virus software. We also adopt stringent security procedures with the use of user ID and passwords, time stamping, and audit trails for all transactions, together with a dedicated internal transaction security policy. Our online infrastructure is closely monitored and maintained, with data backup and data recovery procedures and mechanisms.

Unfortunately, no data transmission over the internet or data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any Personal Data you might have with us has been compromised), please immediately notify us.

Obligation 7 –Retention

We will retain your Personal Data for only as long as necessary to serve the purposes set out in this Privacy Policy and Personal Information Collection Statement in compliance with all statutory and regulatory requirements in DIFC concerning the retention of Personal Data. We will take reasonable steps to destroy or permanently anonymize Personal Data if it is no longer needed for such purposes.

Obligation 8 –Transfer Limitation

Due to the global nature of our business, for the purposes set out in this Privacy Policy, we may transfer Personal Data to parties located in other countries that may have a different data protection regime than is found in DIFC. Personal Data collected in DIFC by MSM may be transferred to parties which may be located in DIFC or overseas, such as to Custodial Banks; MSM secures data centers; MSM affiliates, reinsurers, lawyers, auditors, service providers, and business partners; governmental or regulatory authorities; providers of risk intelligence for the purpose of customer due diligence or anti-money laundering screening, in order to carry out the purposes, or directly related purposes, for which the Personal Data was collected. Where such a transfer is performed, MSM will take appropriate steps to ensure that the overseas recipient of Personal Data is bound by legally enforceable obligations to provide a standard of protection to that Personal Data that is comparable to that of the DPL.

Obligation 9 –Openness

We have clearly expressed policies and practices on our management of Personal Data. These policies are set out in this Privacy Policy and in our Personal Information Collection Statement, which we make available to anyone who requests it.

If you would like to access a copy of your personal data, correct or update your personal data, or have a complaint or want more information about how MSM manages your personal data, please contact Rishi Kathuria/Samar Kayali at contact@msmdifc.com.

Use of Data in Direct Marketing

MSM aims to comply with the requirements of the DPL and respects your choices.

If you have previously consented to our sending you promotional and/or marketing messages via your telephone number, email, we will continue to do so until you withdraw your consent.

Examples of the Personal Data which MSM may collect, use and/or disclose in order to send you marketing and/or promotional messages about our services which may be of interest and relevance to you include (non-exhaustive list): your name, contact details, transaction patterns and behavior, and demographic data.

At any time, you may opt-out of receiving marketing communications from us by contacting us or by using any opt-out facilities provided in our marketing communications and we will ensure that your name is removed from our mailing list.

Obligation 10–Other Rights, Obligations, and Uses

  • You have a right of access to and the right to amend and rectify your personal data.
  • You have the right to have any incomplete personal data completed.
  • You have a right to the erasure of personal data
  • You have a right to restrict processing.
  • You have a right to data portability.
  • You also have the right to object to processing where XXX is processing personal data for legitimate interests.
  • You have the right to withdraw your consent used for Direct Marketing
  • Additionally, you have a right to lodge a complaint with the relevant supervisory authority, in the DIFC of the alleged infringement if you consider that the processing of personal data relating to you is carried out by MSM Investment Advisors (DIFC) Limited is not as per the regulation in force.