Data Protection Policy
The purpose of this Data Protection Notice (hereinafter referred to as the "Notice") is to inform clients, connected individuals, prospective clients, business relationships and any other data subjects about how we collect, use, store, share and process your personal data (hereinafter collectively referred to as the "Data Subjects").
Please read it carefully to understand our personal data processing and your rights.
1. Entity Responsible for Processing and Contact Person for Data Protection
For the purposes of the Data Protection Law 2020 DIFC Law No.5 of 2020 (“the Law”) enacted in the Dubai International Financial Centre (“DIFC”) and the European Union General Data Protection Regulations 2016/679, the entity responsible of determining the purposes and means of the processing of your Personal Data is Probus Middle East Limited (hereinafter referred to as “PMEL”, the “Controller”, “we”, or “us”).
Our full contact details are as follows:
Probus Middle East Limited
Emirates Financial Towers
South Tower - Office 1101
Dubai International Financial Centre (DIFC)
P.O. Box 9519 - Dubai
United Arab Emirates
+971 04 305 8000
PMEL recognizes the importance of keeping the Personal Data of its Data Subjects confidential and protecting their privacy rights. Regarding its activities and the Personal Data collected by it, PMEL intends to apply the most restrictive principles and standards that are identifiable with respect to the protection of Personal Data.
Consequently, all Personal Data and information received from and provided by Data Subjects in connection with our services will be processed lawfully, fairly, transparently and confidentially by PMEL.
Contact Person for Data Protection:
Our Contact Person for Data Protection is Mr. Usman Basharat. You can contact him by the following means for matters that relate to Data Protection (i.e. exercise of Data Subjects rights):
by email at firstname.lastname@example.org ;
by calling him at telephone number +971 04 305 8027
by post via the above-mentioned address of PMEL (with sealed envelope attention to the Contact Person for Data Protection)
2. About Us
Probus Middle East Limited, an entity within in the Probus-Pleion group, is registered with the Dubai International Financial Centre (DIFC) and is regulated by the Dubai Financial Services Authority (DFSA) as and is licensed to provide the following financial services:
Arranging Credit and Advising on Credit;
Arranging Deals in Investments; and
Advising on Financial Products.
3. Scope and Application of this Notice
The Notice applies to the processing of Personal Data that we gather or use when you visit or use the Probus-Pleion group website (the “Website”), when you visit or use our social media accounts, when we discharge our obligations in relation to a contract between you and PMEL and when you interact with us in general.
Note that the Website may include links to third party websites. We do not have any control and accept no responsibility for the way these third-party websites operate and collect or process Personal Data. When accessing these third-party websites, we recommend that you consult the privacy policies of every website you visit. It may be useful to read our cookies policy for more information about how to manage cookies that may get into your computer or other device when browsing our Website.
The terms and expressions listed below should be interpreted as follows:
AML/CFT means Anti-Money Laundering and Combating Financing of Terrorism;
Applicable Law means all applicable laws, statutes, codes, ordinances, decrees, rules, regulations, municipal by-laws, judgments, orders, decisions, rulings or awards of any government, quasi-government, statutory or regulatory body, ministry, government agency or department, court, agency or association of competent jurisdiction;
Controller means any person who alone or jointly with others determines the purposes and means of the Processing of Personal Data;
Commissioner means the person appointed by the President of the DIFC pursuant to Article 43(1) of the Law to administer the Law;
Data Protection Officer means a data protection officer appointed by a Controller (including a Joint Controller), or Processor to independently oversee relevant data protection operations in the manner set out in Article 16, 17, 18 and 19 of the Law;
Data Subject means the identified or Identifiable Natural Person to whom Personal Data relates;
DFSA means Dubai Financial Services Authority;
DIFC means the Dubai International Financial Centre;
Direct Marketing means any form of advertising, whether written or oral, sent to one or more identified or identifiable end-users of electronic communications services;
Filing System any structured set of Personal Data that is accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographic basis;
Group any group of entities that are related to each other by virtue of being Subsidiaries of the same Ultimate Holding Company or subsidiaries of any such Subsidiaries. Ultimate Holding Company and Subsidiary have the meaning given in the DIFC Companies Law, Law No. 5 of 2018 (as amended or updated);
High Risk Processing Activities means Processing of Personal Data where one (1) or more of the following applies:
(a) Processing that includes the adoption of new or different technologies or methods, which creates a materially increased risk to the security or rights of a Data Subject or renders it more difficult for a Data Subject to exercise his rights;
(b) a considerable amount of Personal Data will be Processed (including staff and contractor Personal data) and where such Processing is likely to result in a high risk to the Data Subject, including due to the sensitivity of the Personal data or risks relating to the security, integrity or privacy of the Personal data;
(c) The Processing will involve a systematic and extensive evaluation of personal aspects relating to natural persons, based on automated Processing, including Profiling, and on which decisions are based that produce legal effects concerning the natural person or similarly significantly affect the natural person; or
(d) a material amount of Special Categories of Personal Data is to be Processed;
Identifiable Natural Person means a natural living person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one (1) or more factors specific to his biological, physical, biometric, physiological, mental, genetic, economic, cultural or social identity (and "Identified Natural Person" is interpreted accordingly);
Joint Controller any Controller that jointly determines the purposes and means of Processing with another Controller;
Processor means any person who Processes Personal data on behalf of a Controller;
Personal Data means any information relating to a Data Subject;
Personal Data Breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise Processed;
Process, Processed, Processes and Processing means any operation or set of operations performed upon Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage and archiving, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, transfer or otherwise making available, alignment or combination, restricting (meaning the marking of stored Personal Data with the aim of limiting Processing of it in the future), erasure or destruction, but excluding operations or sets of operations performed on Personal Data by: (a) a natural person in the course of a purely personal or household activity that has no connection to a commercial purpose; or (b) law enforcement authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including safeguarding against and preventing threats to public security;
Profiling the automated Processing of Personal Data to evaluate the personal aspects relating to a natural person, in particular to analyse or predict aspects concerning the person's performance at work, economic situation, health, personal preferences or interests, reliability or behaviour, location or movements;
Ruler means the Ruler of the Emirate of Dubai;
Single Discrete Incident a processing operation or a collection of Processing operations that relate to a: (a) single, non-recurring transaction; or (b) non-recurring and clearly defined purpose that a Data Subject is seeking to achieve, in each case, with a definable end point.
Special Category of Personal Data means Personal Data revealing or concerning (directly or indirectly) racial or ethnic origin, communal origin, political affiliations or opinions, religious or philosophical beliefs, criminal record, trade-union membership and health or sex life and including genetic data and biometric data where it is used for the purpose of uniquely identifying a natural person;
Sub-Processor means a processor appointed by the Processor as set out in Article 24(2) of the Law;
Substantial Public Interest means includes, but is not limited to:
(a) administration of justice, including criminal and regulatory investigations; and
(b) exercise of a function conferred on a person by Applicable Law;
Supervisory Authorities mean the DFSA, Commissioner of Data Protection and any other authority supervising our business activities;
Third Country means jurisdiction other than the DIFC, whether in the UAE or elsewhere.
By contracting the services offered by PMEL (hereinafter referred to as the "Services"), and in accordance with the Law, relevant rules and regulations and Applicable Law, you acknowledge and agree that, in connection with our Services, your Personal Data is or will be collected and Processed by PMEL. The Personal Data will be collected and used for the purposes of the Services offered by PMEL or any subsequent contractual relationship with PMEL, and for Purposes as enumerated in paragraph 6 below.
6. Legal Basis and Purposes for Processing Your Personal Data
The Law requires us to inform Data Subjects of the legal basis we rely on for Processing their Personal Data.
We generally rely on one or more of the following legal basis to Process personal information:
To take steps at your request to enter into a contract with you;
To perform our contractual obligations towards you in relation with the Services;
To satisfy a requirement of an applicable Law (for example: AML/CFT requirements);
To protect your vital interests or that of another person;
Our legitimate interests in the effective delivery of services and information to you;
Our legitimate interests in the effective and lawful operation of our business activities;
Our legitimate interests in managing, developing and improving our business, services, platforms and offerings (on condition that your rights and freedoms do not override these interests); or
Your valid consent given to us to Process your Personal Data for specific purposes.
We process your Personal Data for lawful, specific and legitimate purposes. We ensure to Process Personal Data that is adequate, relevant and not excessive in relation to the purpose or purposes for which they were collected. The Personal Data is collected and Processed by PMEL for any of the following purposes (hereinafter referred to as "Purposes"):
Fulfil our duties as per the contract signed with our clients;
Comply with relevant legal and regulatory obligations (For example AML/CFT requirements);
Address inquiries or complaints;
Provide you with information about our products and services;
Fraud Prevention, Crime Investigation and reporting of Financial Crime;
Administering and Managing risks;
Personalizing our activities on an ongoing basis to ensure customer satisfaction;
Establishment, exercise and defense of legal claims (if any); and
Responding to legitimate requests from supervisory and other relevant authorities or group entities.
We may use screening processes, mechanisms and/or software as part of our Customer Due Diligence process in order to comply with applicable laws, including AML/CFT laws and for our legitimate interest in preserving the integrity of our organization. This screening process may lead us to take decisions terminating business relationships or satisfying our reporting obligations with our supervisory authority if deemed necessary.
We will request your consent in case we want to use your Personal Data for any Direct Marketing, or other similar campaigns. Not providing your consent will entail that we shall not do any Direct Marketing or other similar campaigns with you, but this will not affect the contractual business relationship we have with you (if any).
7. How Do We Collect Your Personal Information?
We may collect personal information through any of the methods described below:
(i) Directly from you when you:
Visit or use our Website and social media account(s);
Subscribe / use any of our products and/or engage our Services;
Interact with us by telephone, in writing (electronic format or courier) or in person;
Sending us emails or other forms of correspondences;
Subscribe to newsletters, or other communications from us;
Fill in the contact us form on our website; and
Give us feedback.
(ii) From third parties when:
In case a third party mandated by you provides us with information we require to provide our products and/or Services, or for the legitimate interest of our business in general;
We conduct searches and screening processes using search engines / browsers and/or third party service providers to satisfy our legal and regulatory duties under Anti-Money Laundering and Combating Terrorism Financing legislations.
8. What Personal Information is Collected?
As part of its Services, PMEL may collect the following data (contemplative, non-exhaustive list) from its counter-parties (customers, administrators of investment vehicles, lawyers, banks, other intermediaries):
Identification data: personal identification data (name, surname, nationality, date of birth, title, residence address, tax identification number, etc.) and structural identification data (information relating to entities).
Identification data issued by public authorities and other registers: identity cards, passports, certificate of incorporation, articles of association, share registers.
Location data: personal and business addresses.
Communication and electronic identification data (personal and business): telephone number, e-mail address.
Financial data: identification number and bank account numbers, financial means / assets, financial transactions, source of wealth and source of funds.
Kindly note that we may collect Special Categories of Personal data in certain specific circumstances if we require this in view of satisfying applicable legal and regulatory obligations.
9. For How Long Do We Keep Your Personal Data?
We retain Personal Data for as long as it is necessary to fulfil the purpose for which it was collected, our legal or business purposes, or as required by relevant laws.
With regards to marketing, if you do not provide your consent, or if you withdraw your consent to any marketing communications or any other processing which require your consent, we will remove you permanently from our marketing database.
PMEL deletes or anonymizes Personal Data (or takes equivalent measures) as soon as they are no longer necessary to achieve the Purposes, subject however (i) to legal or regulatory requirements applicable to the data retention for a longer period of time, or (ii) to ascertain, exercise and / or defend actual or potential rights in legal proceedings, investigations or similar proceedings, including legal claims that PMEL might impose to preserve relevant information.
10. Access to Personal Data and Transfer of Personal Data
Access to your Personal Data is restricted to persons on a need-to-know basis and, subject to a duty of confidentiality. This includes employees, affiliates, contractors or service providers who need access to your information to allow us to fulfil our contract with you, or for our legitimate business purposes. If we are required to share or transfer your Personal Data, we will ensure that the third party has implemented appropriate Data Protection measures and are required to Process Personal Data with equivalent degree of care as required by the Law. We do not allow any third party to use your Personal Data for any other purposes than the one for which it was collected for.
We may communicate your personal information when required by law to Supervisory Authorities, law enforcement authorities, government organisations and agencies to fulfil our legal and regulatory obligations, as applicable.
The transmission of Personal Data to third parties abroad is alternatively based on (i) an adequacy decision, (ii) appropriate safeguards or (iii) a waiver for specific situations (i.e. execution of a mandate related to the Services offered by PMEL). The following are examples of when Personal Data transfer may occur:
In dealings with custodian banks, transfer of Personal Data may take place towards national and international banks, as well as towards any other financial intermediary.
As part of the implementation of FATCA regulations, transfer of Personal Data may be made to the relevant local authorities, Internal Revenue Service (IRS) or any other competent tax authority recognized by the IRS.
In the context of the implementation of the Automatic Exchange of Information (AEOI), transfer of Personal Data may take place with relevant local authorities, any competent tax authority, Supervisory Authorities, it being specified that the condition of confidentiality of Personal Data is a sine qua non stipulated by the OECD to adhere to the AEOI Mechanism.
PMEL does not sell or rent the Personal Data to any third party.
Finally, PMEL may have to share or disclose the Personal Data:
To put the needed Services to the Data Subjects’ disposal;
Where permitted or required by law to comply with a valid legal process;
To protect and defend PMEL's rights or property, including the security of its products and services.;
To protect the personal safety, property or other rights of the public, PMEL or its customers or employees; or
In connection with the sale of all or part of PMEL 's operations.
If PMEL is required by law to disclose the Personal Data to third parties, PMEL will take reasonable steps to notify you in advance, unless otherwise required by Applicable Law.
11. Information Security
PMEL is committed to ensure that Personal Data it has in its possession is adequately protected. As such, we have implemented the below safeguards, among others, in line with the relevant requirements of the Law:
Appointment, if required, of a suitably qualified and experienced Data Protection Officer who will have the responsibility to ensure that we are at all time compliant with the Law, and ensure adequate security and protection of Personal Data;
Implementation of Data Protection policies and procedures, in line with the requirements of the Law, to ensure the safekeeping of information;
Implementation of appropriate security measures to safeguard the integrity of information, both in physical and electronic format. This includes appropriate authentication mechanism, adequate physical security to our office premises to monitor access and robust security software to prevent intrusions and unauthorized access;
We have a robust IT infrastructure and a well-structured business continuity and disaster recovery plan in place to preserve the integrity of Personal Data at all times and under any circumstances;
Implementation of relevant measures for employee screening prior to on-boarding and training on data privacy;
Implementation of appropriate confidentiality and non-disclosure clauses in any agreement we execute with service providers, or other third party (as applicable).
Specific measures are applied to prevent the risk of loss of data, unlawful or improper use and unauthorized access.
Personal Data will be transmitted to and stored on PMEL's servers, access to which is strictly limited. PMEL has taken the appropriate technical and organizational precautions to ensure that its server is accessible exclusively to duly authorized persons, as well as special precautions with regard to the protection of its technical environment (e.g. use of anti-viruses and firewalls).
Although we have taken reasonable measures to protect your Personal Data, we cannot guarantee the security of the Personal Data you transmit to us over the internet as it also depends on the security of the device you use, among other factors.
12. How Can You Manage Your Marketing Communication Preferences?
We will only send you marketing communications if you have requested information from us or if you have given your consent to receive marketing communication from us.
If you wish to stop receiving marketing communications from us or if you wish to update your marketing communication preferences please write to email@example.com You may also click the Unsubscribe link at the bottom of any marketing email you receive from us.
If you do not wish to receive our advertisements or notifications within social media, you need to update your preferences on these platforms.
A cookie is a small text file that is placed on the device you use to browse. It collects information about how you navigate the Internet, which helps to tailor content.
14. Rights of the Data Subjects
In accordance with the Law, you, as a Data Subject, have rights in relation to your Personal Data. You may exercise the following rights with respect to your Personal Data Processing:
(a) Right to Access
You can ask us for confirmation as to whether or not we are processing your Personal Data and where this is the case, you can request to receive a copy of the Personal Data we hold about you and obtain specific information. This includes but is not limited to:
the source of your personal information that we Process:
the purposes of Processing your Personal Data,
the legal basis and methods of Processing your Personal Data;
the Data Controller’s identity; and
the entities or categories of entities to whom we may transfer your personal information.
(b) Right for Rectification
This enables you to have any incomplete or inaccurate Personal Data we hold about you corrected. We may need to verify the accuracy of the new data you will provide to us before rectifying it.
(c) Right to Erasure of Your Personal Data
This enables you to ask us to delete or remove your Personal Data in the following circumstances:
It is no longer required for the purpose(s) for which it was collected and there is no lawful and legitimate reason for us continuing to Process it;
You have successfully exercised your right to object to Processing (see below);
Processing was based on valid consent and you have withdrawn your consent;
Your Personal Data was Processed unlawfully; or
We are required to erase your Personal Data to comply with any of the laws mentioned above.
Please note that we may not be required to comply with your request to erase Personal Data if the Processing of your Personal Data is necessary:
for compliance with Applicable Laws; or
for the establishment, exercise or defence of legal claims.
(d) Right to Object
You may object to Processing of your Personal Data at any time on reasonable grounds relating to your particular situation to the Processing of Personal Data where such Processing is (i) carried out on the basis that it is necessary for the performance of a task carried in the public interest or (ii) is necessary for the purpose of the legitimate interests of a Controller or of a third party.
You also have the right to be informed before your Personal Data is disclosed for the first time to third parties or used for the purposes of Direct Marketing, and subsequently, should you wish so, object to this disclosure and/or use.
You may object that we take decisions that may have legal or other similar consequences based solely on automated processing (example profiling). This is subject to a few limitations.
the right to object applies in certain circumstances only, and its applicability will depend on the purpose of Processing and the relevant lawful basis;
If you object to the Processing of your Personal Data and we have no overriding grounds, we will stop Processing your Personal Data;
If we stop Processing your Personal Data in view of the objection made, we will erase your Personal Data unless the same is also being Processed for other purposes.
(e) Right to Restriction
This enables you to ask us to restrict the Processing of your Personal Data, but only where:
you contest the accuracy of your Personal Data and the restriction period allows us to verify the Personal Data’s accuracy;
our use of the Personal Data is unlawful but you do not want us to erase it, and you request for restriction of Processing instead;
you need us to hold the Personal Data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
you have exercised your right to object and we need to verify whether we have overriding legitimate grounds to continue the Processing of your Personal Data.
Please note that we are allowed to continue using your Personal Data following a request for restriction, where:
(a) we have your consent to do so;
(b) it for reason of storage of the Personal Data concerned;
(c) to establish, exercise or defend legal claims;
(d) to protect the rights of another person; or
(e) it is for reasons of substantial public interest
We shall communicate any restriction of Processing, rectification and/or erasure of your Personal Data to each recipient to whom the Personal Data has been disclosed (if applicable). Upon your request, we will inform you about the recipient(s).
(f) Right to Data Portability
This enables you to request us to provide you, or another person of your choice (where technically feasible), your Personal data in a structured, commonly used, machine-readable format. This right allows you to move, copy or transfer your Personal Data easily from one IT environment to another in a safe and secure way, without affecting its usability.
Please note that this right only applies when:
(a) The Processing of your Personal Data was based on your consent given to us or on our performance of a contract with you; and
(b) We Processed your Personal Data by automated means.
(g) Right to Withdraw Consent
Where we are relying on your consent to Process your Personal Data, you have the right to withdraw your consent at any time, however, the withdrawal of consent will not affect the lawfulness of Processing based on consent prior to the withdrawal.
Even if a Data Subject contests the Processing of their Personal Data, PMEL is entitled to continue such Processing if it is (i) legally binding, (ii) necessary for the performance of the contract to which the Data Subject is party, (iii) necessary for the performance of a public interest mission or (iv) necessary for the legitimate interests that PMEL pursues, including the finding, exercise or defence of a right in justice.
PMEL works diligently to protect itself and its users from unauthorized access, alteration, disclosure or destruction of information held. More specifically:
PMEL respects this Notice in all circumstances with respect to all Personal Data that PMEL collects and Processed about the Data Subject concerned;
PMEL limits the use and disclosure of Personal Data and ensures that anyone with whom PMEL shares this information will treat it with the confidentiality and security it deserves; and
PMEL has implemented physical, technical and administrative procedures to protect the personal information collected.
15. How to Exercise the Data Subjects Rights
If the Data Subjects have any questions about Probus Middle East Limited’s Data Protection or the Data Subject would like to exercise any of their rights as mentioned in paragraph 13 above in relation to the Processing of their Personal Data, we put in place different channels to communicate with us as outlined below:
Fill in the Data Subject Request Form and click submit. The form will be sent to the Contact Person for Data Protection who will communicate to you as soon as possible;
Send an email to our Contact Person for Data Protection at firstname.lastname@example.org;
Call our Contact Person for Data Protection at +971 4 305 8027; or
Send a written correspondence to below address to the attention of Mr Usman Basharat, the Contact Person for Data Protection:
Probus Middle East Limited
Emirates Financial Towers
South Tower - Office 1101
Dubai International Financial Centre (DIFC)
P.O. Box 9519 - Dubai
United Arab Emirates
16. Complaint to the DIFC Commissioner of Data Protection
While we did our best to implement appropriate measures to safeguard your Personal Data and allow you to exercise your rights effectively, you have the right to lodge a complaint with the DIFC Commissioner of Data Protection should you believe that we have breached the Law or your rights.
17. Changes to the Data Protection Notice
Kindly note that we may change this Data Protection Notice from time to time and without prior notice. We would therefore encourage you to consult our Website on our Data Protection Notice periodically to keep up to date with any changes made. If you continue to use our Website, we shall take this as an acceptance from your side to the changes made to our policy.In case there are any material change in the manner into which we Process your Personal Data, we will duly inform you of the same via email, or another appropriate channel.