
Privacy Policy
Last updated: 23/10/2023
About us
AOP Capital Ltd (collectively “the Company”, “we” or “us”) is a financial services company established in the DIFC, licensed, and regulated by the DFSA to provide advice on financial products, arrange custody, arrange deals in investments, and arrange credit for professional and retail clients.
This Policy
The purpose of this policy is to let you know what personal data we collect about you, how we use it, why we might share your personal data and how long we keep it. This policy will also inform you of your rights and how you may exercise them.
This policy sets the Company’s obligations regarding the collection, processing, transfer, storage, and disposal of personal data.
The procedures must always be followed by the Company, its employees, agents, contractors, or other parties working on behalf of the Company.
Personal Data we collect and process
We may collect and process various types of personal data about you depending on the nature of the services we are providing. The Personal Data we collect and process may include but is not limited to:
Identity Data
This includes full name, marital status, date of birth, gender, proof of address, images, and phone or video call recordings. We will also process documents such as ID, passport, birth certificate, driving license, and proof of address amongst other data which enables us to comply with our obligations under identification, money laundering and anti-terrorism legislation.
Contact Information
This includes billing address, email addresses and telephone numbers.
Transaction Data
This includes details about calls, meetings, visits to our offices, and the products and services you have purchased from us, we have arranged for you, or taken over. Also includes details about payments to and from your accounts, beneficiary names, account numbers, addresses and transaction details.
Economic and Financial Data
This includes bank account and payment card details, tax affairs, credit score, value of assets, income, financial history, and payroll information.
Profile Data
This includes purchases or orders made by you, your interests, preferences, and feedback.
Education and Employment data
This includes level of education, employment, employer’s name and remuneration.
Correspondence Data
This includes any information you provide to us by filling any of our forms, or by communicating with, whether face-to-face, by phone, email, online or otherwise.
Usage Data
Includes information about how you use our website, products and services.
Marketing and Communications data
Includes your preferences in receiving marketing from us and our third parties and your communication preferences.
Cookie information
Includes cookies that track overall site usage and enable us to provide a better user experience, such as: essential cookies that enable the website to work and webpages to load more efficiently, and google analytics cookies that enable us to analyse and understand the customer experience.
Data Collection
We may receive your data from direct interactions with you, or from third parties and publicly available sources as listed below:
Direct interactions:
- Application for our services
- Engagement of our services
- Via communications, including email, post, telephone, and social media
- Networking
- Signing up to receive our insights and marketing
- Filling in the contact us form on our website
Third parties or publicly available sources:
We may obtain personal data about you from various third parties and public sources including:
- Contact, Financial and Transaction Data from providers of technical, or payment services.
- Identity and Contact Data from data brokers or aggregators, including specialist databases used to comply with our legal and regulatory obligations under anti money laundering and counterterrorism laws.
How we use your data
We may process your personal data where necessary to meet the requirements of our contract with our clients and to comply with our legal obligations under applicable DIFC and UAE local laws (including DIFC Data protection law), and/or any court orders. This may include processing your personal data where you are an employee, subcontractor, supplier, or customer of our client.
We may also process your personal data for our own legitimate interests provided that those interests do not conflict with any of your own interests, rights and freedoms. This includes processing for marketing, business development, statistical and management purposes.
Situations in which we will use your personal data
We may use your personal data in order to:
- Comply with our legal and regulatory obligations
- Carry out our obligations between our clients and us
- Carry out our obligations between our clients and us where you may be a subcontractor, supplier or customer of our client
- Carry out our obligations to providers we have introduced you to
- Provide you with information related to our services and our events
- Seek your thoughts and opinions on the services we provide
- Notify you about any changes to our services
We may process your personal data without your knowledge or consent, where we are legally required or permitted to do so.
Data retention
We will only retain your personal data for as long as is necessary to fulfil the purposes for which it is collected or to comply with applicable law and regulation.
When assessing what retention period is appropriate for your personal data, we take into consideration the requirements of our business and the services provided, any statutory or legal obligations and the purposes for which we originally collected the personal data.
Location of your data
The data that we collect about you will be stored in the United Arab Emirates and (where applicable or required) with processors in other countries, some of which may have less protective privacy laws than those where you reside. In all such cases, and generally for any processing operations, we take appropriate security measures to protect your Personal Data in accordance with this Policy.
Data Sharing
Depending on the scope of our professional services, we may require the assistance of various external professional service providers, based in or out of the DIFC.
The use of these external service providers may involve some transfers of Personal Data to countries or jurisdictions with data protection or privacy laws that are not adequate in comparison with the Law.
In each case where we share your Personal Data with third parties, whether or not located in an adequate jurisdiction (as defined by the DIFC Commissioner of Data Protection), we would take appropriate measures to ensure that the relevant party is contractually required to keep such Personal Data safe, secure and confidential.
We may share your Personal Data with other third parties, such as relevant regulators or other authorities, where we are required to do so to comply with legal or regulatory requirements.
Data Security
We have put in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Your rights
Under certain circumstances, by law you have the right to:
- Request access to your personal data. This enables you to receive details of the personal data we hold about you and to check that we are processing it lawfully.
- Request correction of the personal data that we hold about you.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this basis. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal data to you or another data controller if the processing is based on consent, carried out by automated means and this is technically feasible.
Contact us
If you have any questions about this policy or if you would like to speak to us about how we process your personal data, please email us on [email protected], or write to us at the address below.
Office no. C-1002A Burj Daman,
Dubai International Financial Center (DIFC),
PO Box: 507042