NASDAQ DUBAI DATA PROTECTION
The DIFC Data Protection Law No. 5 of 2020 (DPL), as amended, and administered by the Commissioner of Data Protection, prescribes rules and regulations regarding the collection, handling, disclosure and use of ‘personal data’ in the DIFC and the rights of individuals to whom the personal data relates. As a data Controller and Processor, Nasdaq Dubai is subject to the DPL.
PERSONAL DATA Collected and HELD BY NASDAQ DUBAI
Nasdaq Dubai collects and stores certain types of information about people we deal with as part of our business as an operator of an exchange and clearing house. Personal Data means any information referring to an identified/Identifiable Natural Person. Personal Data is obtained from individuals relating to new applicant Members, Issuers, existing Members or Issuers, employees, board of directors, suppliers, users of our regulatory announcement system, business contacts, business partners, subscribers to the monthly Newsletter, complainants, and any other persons from whom Nasdaq Dubai has obtained Personal Data during the course of its business.
Personal Data that Nasdaq Dubai collects may include, without limitation, the following:
- Name, designation, employer, email address, corporate contact number, work address, personal contact number, home address;
- Other details such as nationality, date of birth, country of residence, spouse’s name, children names etc.;
- Curriculum Vitae and educational background;
- Payment information such as bank account details;
- National Investor Number (NIN);
- Identification document (ID or passport copy);
Nasdaq Dubai will collect personal data only as is relevant for the purpose for which the personal data is being obtained and depending on the nature of the arrangement with the Data Subject.
Nasdaq Dubai relies on one of the following as lawful basis for processing such data:
- Data Subject’s consent has been obtained;
- Processing is required for the performance of a contract;
- Processing is necessary to comply with Applicable Law;
- Processing is required to protect the vital interest of a person;
- Processing is necessary for public interest or to exercise Nasdaq Dubai’s powers and functions; or
- Processing is necessary for Nasdaq Dubai’s legitimate interest subject to Data Subject’s rights.
Nasdaq Dubai collects personal data in connection with the below:
- Client interaction and ongoing business relations;
- providing Nasdaq Dubai products or services;
- entering into an agreement with a counterparty;
- obtaining registration for webinars or events hosted by Nasdaq Dubai;
- subscribing to Nasdaq Dubai monthly newsletter;
- submitting enquiries, complaints or applying for a job; and
- registering for access to real-time market data.
Nasdaq Dubai collects data from:
- Staff, including agents and workers;
- Clients and customers;
- Complainants, correspondents and enquirers;
- Relatives and associates of the Data Subject;
- Advisors, consultants and professional experts;
- Board of directors and shareholders;
- Event and webinar attendees;
- Potential and current business partners;
- Companies within Nasdaq Dubai Private Market.
USE OF PERSONAL DATA
Personal Data provided to us is used for the purposes of administering our business as an operator of an exchange and clearing house which includes: .
- establishing business relations;
- providing financial services or product;
- performing other Nasdaq Dubai services;
- verifying identity and carrying out background checks prior to onboarding customers such as issuers, member, business partners, etc.;
- managing the exchange’s operations including carrying out trading, clearing, and settlement activities as well as market surveillance activities;
- legal, regulatory reporting and record keeping;
- administrating membership records;
- advertising, marketing and public relations for Nasdaq Dubai and others;
- hosting events, and webinars at Nasdaq Dubai’s offices;
- benefits, grants & loans administration for employees;
- insurance administration for employees;
- pensions administration for employees;
- staff administration;
- registering for Nasdaq Dubai’s disclosure system (CANDI); and
- complying with applicable law, rules and regulations.
Such information may be shared with our parent and affiliate companies such as Dubai Financial Market (DFM); third parties appointed by Nasdaq Dubai to carry out any Processing activity; third party partners to provide you with a service you have requested or opted in for, including promotional activities; or a third party where the Data Subject’s consent has been obtained. Where Nasdaq Dubai transfers personal data in the DIFC to a third party or to another jurisdiction outside the DIFC, the transfer will be carried out in accordance with the relevant provisions under the DPL.
Contact information provided to us may also be used to keep you up-to-date about information relevant to our business and for direct marketing purposes. Such direct marketing activities may include initiatives with DFM, for which your information will be shared with DFM. For these purposes, we will first seek your written consent if this has not already been provided through your relationship with Nasdaq Dubai. Email addresses and contact information collected are not sold to any third parties.
The Data Protection Law gives individuals the following rights:
- Right to withdraw consent. The Data Subject has the right to withdraw their consent for Processing of their Personal Data at any time and for any reason where Nasdaq Dubai relies on consent as a lawful basis for Processing.
- Right to access, rectify and erase Personal Data. The Data Subject has the right to request for information and a confirmation in writing regarding the Processing of their Personal Data from Nasdaq Dubai. Upon such request, Nasdaq Dubai will provide, free of charge, the information requested within one (1) month of the request. Nasdaq Dubai may charge a reasonable fee or refuse to carry out the request, where it deems such requests as noticeably unfounded or excessive, with a written confirmation as to why the request was refused.
The information that the Data Subject may request for includes:
- Confirmation regarding the Processing of their Personal Data;
- purposes of the Processing;
- categories of Personal Data concerned;
- recipients or categories of recipients to whom the Personal Data is disclosed;
- a copy of Personal Data Processed in an electronic from;
- information on the source(s) from which Personal Data was obtained; and
- other up-to-date information under information provision of the DPL.
The Data Subject has the right to request Nasdaq Dubai to rectify their Personal Data. Nasdaq Dubai will rectify Personal Data only where it is technically possible. At the time of collection of Personal Data from the Data Subject, Nasdaq Dubai will inform the Data Subject that rectification or erasure of Personal Data cannot be carried out where erasure is not feasible.
Nasdaq Dubai will carry out the erasure request if one of the below conditions is met;
- in the event that the purpose for collecting and Processing of Personal Data is no longer valid;
- upon withdrawal of consent where Nasdaq Dubai relies on Consent as a lawful basis for Processing;
- due to unlawful Processing or erased to comply with Applicable Law; or
- Nasdaq Dubai does not have an overriding legitimate ground to continue to Process Personal Data where Data Subject objects to the Processing.
- the Data Subject is aware that the Personal Data is not accurate and informs Nasdaq Dubai to verify the accuracy of such Data;
- the Data Subject opposes to the erasure of Personal Data in the event of unlawful Processing and instead asks for it to be restricted;
- Data Subject requires Nasdaq Dubai to maintain the Personal Data for the establishment, exercise or defense of legal claims, even in the event that Nasdaq Dubai no longer needs the Personal Data for Processing;
- pending verification of whether Nasdaq Dubai’s legitimate grounds overrides those of the Data Subject in order to accept Data Subject’s objection to Processing Personal Data.
If the Data Subject wishes to exercise any of their rights, or has any questions regarding their rights, they may contact Nasdaq Dubai DPO through contact details provided below or send an email to NasdaqDubai.Compliance@nasdaqdubai.com
In principle, information shared between Nasdaq Dubai and our participants (including Members, Issuers, and Custodians) will remain confidential. Nasdaq Dubai may however share certain information in accordance with our legal and regulatory obligations. This includes information it holds in relation to Members, Issuers, their directors, officers, employees and representatives and/or information in relation to their trading activities (including trading on behalf of clients).
Personal data retention
Nasdaq Dubai will retain personal data for as long as the purpose for processing personal data and its grounds for retention are still applicable. Where grounds for retention no longer apply, Nasdaq Dubai will take reasonable measures to cease the Processing of Personal Data in accordance with its cessation procedure and the DPL.
Nasdaq Dubai has in place security measures to protect against accidental destruction, loss, unauthorised access and/or disclosure, or unlawful Processing of Personal Data. Measures include:
- physical security measures;
- hardware and network security measures;
- commination security;
- personal security measures; and
- destruction of data measures.
Nasdaq Dubai Webinars
This website contains links to other sites. Nasdaq Dubai is not responsible for the privacy practices of any other sites. We encourage our users to be aware when they leave our site and to read the Privacy Policies of each website that collects personally identifiable information. This Data Protection and Confidentiality disclosure statement applies to all Nasdaq Dubai Processing activities.
Nasdaq Dubai Compliance
Nasdaq Dubai Data Protection Officer:
Market Regulations Manager & DPO
Direct: +971 4 305 5460