Data Protection and Confidentiality

NASDAQ DUBAI DATA PROTECTION

The DIFC Data Protection Law No. 5 of 2020 (DPL), as amended, and administered by the Commissioner of Data Protection, prescribes rules and regulations regarding the collection, handling, disclosure and use of ‘personal data’ in the DIFC and the rights of individuals to whom the personal data relates. As a data Controller and Processor, Nasdaq Dubai is subject to the DPL.

PERSONAL DATA Collected and HELD BY NASDAQ DUBAI

Nasdaq Dubai collects and stores certain types of information about people we deal with as part of our business as an operator of an exchange and clearing house. Personal Data means any information referring to an identified/Identifiable Natural Person. Personal Data is obtained from individuals relating to new applicant Members, Issuers, existing Members or Issuers, employees, board of directors, suppliers, users of our regulatory announcement system, business contacts, business partners, subscribers to the monthly Newsletter, complainants, and any other persons from whom Nasdaq Dubai has obtained Personal Data during the course of its business.

Personal Data that Nasdaq Dubai collects may include, without limitation, the following:

  • Name, designation, employer, email address, corporate contact number, work address, personal contact number, home address;
  • Other details such as nationality, date of birth, country of residence, spouse’s name, children names etc.;
  • Curriculum Vitae and educational background;
  • Payment information such as bank account details;
  • Photos;
  • National Investor Number (NIN);
  • Identification document (ID or passport copy);

Nasdaq Dubai will collect personal data only as is relevant for the purpose for which the personal data is being obtained and depending on the nature of the arrangement with the Data Subject.

Nasdaq Dubai relies on one of the following as lawful basis for processing such data:

  • Data Subject’s consent has been obtained;
  • Processing is required for the performance of a contract;
  • Processing is necessary to comply with Applicable Law;
  • Processing is required to protect the vital interest of a person;
  • Processing is necessary for public interest or to exercise Nasdaq Dubai’s powers and functions; or
  • Processing is necessary for Nasdaq Dubai’s legitimate interest subject to Data Subject’s rights.

Nasdaq Dubai collects personal data in connection with the below:

  • Client interaction and ongoing business relations;
  • providing Nasdaq Dubai products or services;
  • entering into an agreement with a counterparty;
  • obtaining registration for webinars or events hosted by Nasdaq Dubai;
  • subscribing to Nasdaq Dubai monthly newsletter;
  • submitting enquiries, complaints or applying for a job; and
  • registering for access to real-time market data.

Nasdaq Dubai collects data from:

  • Staff, including agents and workers;
  • Clients and customers;
  • Suppliers;
  • Members;
  • Complainants, correspondents and enquirers;
  • Relatives and associates of the Data Subject;
  • Advisors, consultants and professional experts;
  • Board of directors and shareholders;
  • Event and webinar attendees;
  • Potential and current business partners;
  • Issuers;
  • Companies within Nasdaq Dubai Private Market.

USE OF PERSONAL DATA

Personal Data provided to us is used for the purposes of administering our business as an operator of an exchange and clearing house which includes: .

  • establishing business relations;
  • providing financial services or product;
  • performing other Nasdaq Dubai services;
  • verifying identity and carrying out background checks prior to onboarding customers such as issuers, member, business partners, etc.;
  • managing the exchange’s operations including carrying out trading, clearing, and settlement activities as well as market surveillance activities;
  • legal, regulatory reporting and record keeping;
  • administrating membership records;
  • advertising, marketing and public relations for Nasdaq Dubai and others;
  • hosting events, and webinars at Nasdaq Dubai’s offices;
  • benefits, grants & loans administration for employees;
  • insurance administration for employees;
  • pensions administration for employees;
  • staff administration;
  • registering for Nasdaq Dubai’s disclosure system (CANDI); and
  • complying with applicable law, rules and regulations.

Such information may be shared with our parent and affiliate companies such as Dubai Financial Market (DFM); third parties appointed by Nasdaq Dubai to carry out any Processing activity; third party partners to provide you with a service you have requested or opted in for, including promotional activities; or a third party where the Data Subject’s consent has been obtained. Where Nasdaq Dubai transfers personal data in the DIFC to a third party or to another jurisdiction outside the DIFC, the transfer will be carried out in accordance with the relevant provisions under the DPL.

Contact information provided to us may also be used to keep you up-to-date about information relevant to our business and for direct marketing purposes. Such direct marketing activities may include initiatives with DFM, for which your information will be shared with DFM. For these purposes, we will first seek your written consent if this has not already been provided through your relationship with Nasdaq Dubai. Email addresses and contact information collected are not sold to any third parties.

YOUR RIGHTS

The Data Protection Law gives individuals the following rights:

  1. Right to withdraw consent. The Data Subject has the right to withdraw their consent for Processing of their Personal Data at any time and for any reason where Nasdaq Dubai relies on consent as a lawful basis for Processing.
  2. Right to access, rectify and erase Personal Data. The Data Subject has the right to request for information and a confirmation in writing regarding the Processing of their Personal Data from Nasdaq Dubai. Upon such request, Nasdaq Dubai will provide, free of charge, the information requested within one (1) month of the request. Nasdaq Dubai may charge a reasonable fee or refuse to carry out the request, where it deems such requests as noticeably unfounded or excessive, with a written confirmation as to why the request was refused.

    The information that the Data Subject may request for includes:
    1. Confirmation regarding the Processing of their Personal Data;
    2. purposes of the Processing;
    3. categories of Personal Data concerned;
    4. recipients or categories of recipients to whom the Personal Data is disclosed;
    5. a copy of Personal Data Processed in an electronic from;
    6. information on the source(s) from which Personal Data was obtained; and
    7. other up-to-date information under information provision of the DPL.

    The Data Subject has the right to request Nasdaq Dubai to rectify their Personal Data. Nasdaq Dubai will rectify Personal Data only where it is technically possible. At the time of collection of Personal Data from the Data Subject, Nasdaq Dubai will inform the Data Subject that rectification or erasure of Personal Data cannot be carried out where erasure is not feasible.

    Nasdaq Dubai will carry out the erasure request if one of the below conditions is met;

    • in the event that the purpose for collecting and Processing of Personal Data is no longer valid;
    • upon withdrawal of consent where Nasdaq Dubai relies on Consent as a lawful basis for Processing;
    • due to unlawful Processing or erased to comply with Applicable Law; or
    • Nasdaq Dubai does not have an overriding legitimate ground to continue to Process Personal Data where Data Subject objects to the Processing.
  3. Right to object to Processing. The Data Subject, on reasonable grounds, has the right to object to Processing of their Personal Data at any time.
  4. Right to restrict Processing. The Data Subject may request Nasdaq Dubai to restrict Processing of their Personal Data in the following circumstances:
    • the Data Subject is aware that the Personal Data is not accurate and informs Nasdaq Dubai to verify the accuracy of such Data;
    • the Data Subject opposes to the erasure of Personal Data in the event of unlawful Processing and instead asks for it to be restricted;
    • Data Subject requires Nasdaq Dubai to maintain the Personal Data for the establishment, exercise or defense of legal claims, even in the event that Nasdaq Dubai no longer needs the Personal Data for Processing;
    • pending verification of whether Nasdaq Dubai’s legitimate grounds overrides those of the Data Subject in order to accept Data Subject’s objection to Processing Personal Data.
  5. Right to be informed/notified of the recipients of Personal Data. Nasdaq Dubai will provide the Data Subject with details of the recipients of their Personal Data if requested.
  6. Right to data portability. Where Nasdaq Dubai Processes Personal Data based on Data Subject’s consent and in automated means, the Data Subject has the right to receive Personal Data in a structured, commonly used and machine-readable format. The Data Subject may request Nasdaq Dubai to share their Personal Data with another person, where it is technically possible for Nasdaq Dubai to do so. Nasdaq Dubai will not provide or transmit Personal Data where such activities would infringe the rights of any other natural person.
  7. Rights to object to automated Processing including Profiling. Currently, Nasdaq Dubai does not make decisions based solely on automated Processing, however, if Nasdaq Dubai decides to do so, the Data Subject would have the right to object to such Processing.
  8. Rights to not be discriminated against for exercising any of the Data Subject’s right.
  9. Right to lodge a complaint with the Commissioner

If the Data Subject wishes to exercise any of their rights, or has any questions regarding their rights, they may contact Nasdaq Dubai DPO through contact details provided below or send an email to NasdaqDubai.Compliance@nasdaqdubai.com

CONFIDENTIAL INFORMATION

In principle, information shared between Nasdaq Dubai and our participants (including Members, Issuers, and Custodians) will remain confidential. Nasdaq Dubai may however share certain information in accordance with our legal and regulatory obligations. This includes information it holds in relation to Members, Issuers, their directors, officers, employees and representatives and/or information in relation to their trading activities (including trading on behalf of clients).

Personal data retention

Nasdaq Dubai will retain personal data for as long as the purpose for processing personal data and its grounds for retention are still applicable. Where grounds for retention no longer apply, Nasdaq Dubai will take reasonable measures to cease the Processing of Personal Data in accordance with its cessation procedure and the DPL.

Security measures

Nasdaq Dubai has in place security measures to protect against accidental destruction, loss, unauthorised access and/or disclosure, or unlawful Processing of Personal Data. Measures include:

  • physical security measures;
  • hardware and network security measures;
  • commination security;
  • personal security measures; and
  • destruction of data measures.

Nasdaq Dubai Webinars

By choosing to attend an event or a webinar hosted by Nasdaq Dubai, whether alone or in conjunction with other hosts, you explicitly consent to the receipt, use and processing of your Personal Data by Nasdaq Dubai in accordance with the provisions of the DPL. Nasdaq Dubai may use a third party platform, including without limitation, Zoom, Webex, MS Teams, etc. to host an event and webinar which may result in your Personal Data being stored on the third party platform. By choosing to attend an event or webinar hosted through such third party platform, you hereby consent to the receipt and storage of your Personal Data by the third party platform in accordance with the terms of the third party platform’s privacy policy which will be available on the website of the third party platform. Please be aware that once Personal Data is recorded on certain third party platforms, such data cannot be deleted.

COOKIES

We may in the future collect anonymous information from visits to our website to help us provide better customer service. We may collect the anonymous information through the use of various technologies, including one called ‘cookies’. A cookie is a piece of data stored on the user’s hard drive containing information about the user. We use both session ID cookies and persistent cookies. We use cookies to make it easier for you to navigate our site. A session ID cookie expires when you close your browser. A persistent cookie is used to remember things like User IDs and remains on your hard drive for an extended period of time. You can remove persistent cookies by following directions provided in your Internet browser’s “help" file. Usage of a cookie is in no way linked to any personally identifiable information.

LINKS

This website contains links to other sites. Nasdaq Dubai is not responsible for the privacy practices of any other sites. We encourage our users to be aware when they leave our site and to read the Privacy Policies of each website that collects personally identifiable information. This Data Protection and Confidentiality disclosure statement applies to all Nasdaq Dubai Processing activities.

Contact us

Nasdaq Dubai Compliance
Email: Compliance@nasdaqdubai.com

Nasdaq Dubai Data Protection Officer:

Fatma Lootah
Market Regulations Manager & DPO
Direct: +971 4 305 5460
E-mail: Fatma.Lootah@nasdaqdubai.com