Data Protection Declaration

Privacy and Cookie Policy

 

1. Introduction

Amber Lion Middle East Limited ("ALME", "we", or "us") is committed to protecting the privacy and security of your personal information ("PI"), including sensitive personal information ("SPI"). This Privacy Notice explains how we collect, use, disclose, and protect your PI, as well as your rights concerning your data.

This Notice is aligned with the requirements of the Dubai International Financial Centre (DIFC) Data Protection Law No. 5 of 2020 and other relevant regulations.

2. Information We Collect

PI is any information that relates to an identifiable individual. We may collect the following types of PI, depending on our relationship with you and the services we provide:

  • Identification Data: Full name, title, gender, marital status, date of birth, passport number, national identification number, signature.

  • Contact Data: Personal and business address, telephone number, email address.

  • Electronic Monitoring Data: To the extent permitted by law, we may record and monitor your electronic communications with us, including telephone conversations, email, and instant messaging.  

  • Financial Data: Account number, account statements, investment history.

  • Professional Information: Position/job title, business address, business telephone number, business email address.

  • Services Data: Payment details, details of services provided to or by us.

  • Sensitive Personal Information: In limited circumstances, we may collect information about criminal convictions and offenses (when legally required) and political affiliations (to determine if you are a politically exposed person).

2.1 How We Collect Information

We collect PI in several ways, including:

  • Directly from you when you use our services or interact with us.

  • From your organization or entity if they are a client or vendor of ALME.

  • Throughout our relationship with you, as your details or the services we provide change.

  • From public sources/registers and third parties (e.g., credit reference agencies, World-Check).

  • From visits to our websites or online services.

Providing certain PI may be necessary for us to deliver the requested services. If you do not provide this information, we may be unable to provide those services.

2.2 How We Use Your Information (Purpose of Processing)

We process your personal data for the following lawful purposes:

  • Providing and managing services: To provide the financial services you've requested, including account management, transaction processing, and client reporting

  • Client onboarding and due diligence: To conduct necessary checks, including anti-money laundering (AML), anti-terrorism financing (ATF), sanctions screening, and fraud prevention, as required by DIFC regulations

  • Compliance with legal and regulatory obligations: To comply with applicable laws and regulations in the DIFC and other relevant jurisdictions

  • Marketing and communication: To send you marketing communications and service updates (with your consent)

  • Research and analysis: To improve our services and understand client needs

  • IT security and operations: To ensure the security and integrity of our systems and data

2.3 Lawful Basis for Processing

We process your personal data based on one or more of the following lawful bases:

  • Contractual necessity: Processing is necessary to perform a contract with you or to take steps at your request before entering into a contract  

  • Legal obligation: Processing is necessary to comply with a legal obligation to which we are subject

  • Legitimate interests: Processing is necessary for our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms  

  • Consent: You have given clear consent for us to process your personal data for a specific purpose  

Data Processing

3.1 Data Minimization & Purpose Limitation 

We are committed to collecting and processing only the minimum necessary personal data required to fulfil the specified purposes outlined in this Notice. We will not use your personal data for any purpose’s incompatible with those purposes.

3.2 Your Rights

You have the following rights regarding your personal data under the DIFC Data Protection Law:

  • Right to access: You can request a copy of the personal data we hold about you

  • Right to rectification: You can request that we correct any inaccurate or incomplete personal data we hold about you  

  • Right to erasure: You can request that we erase your personal data in certain circumstances  

  • Right to restriction of processing: You can request that we restrict the processing of your personal data in certain circumstances

  • Right to data portability: You can request that we provide you or a third party with your personal data in a structured, commonly used, and machine-readable format  

  • Right to object: You can object to the processing of your personal data in certain circumstances  

  • Right to withdraw consent: You can withdraw your consent at any time where we are relying on consent to process your personal data  

To exercise any of these rights, please contact us using the contact information provided below. We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). You will not have to pay a fee to access your personal information or to exercise any of your other rights, unless your request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to comply with the request as permitted by law.

3.3 User Control & Preferences

You have the right to control your personal data and preferences. You can update your contact information, communication preferences, and marketing consent at any time by contacting us using the information provided below.

3.4 Data Sharing

We may share your personal data with:

  • ALME Group and Service Providers: Other companies within our group or third-party vendors who assist us in providing services, subject to appropriate data processing agreements.

  • Third Parties: When required by law or for legitimate business purposes (e.g., auditors, regulators, tax authorities, technology providers), subject to appropriate safeguards.

3.5 International Data Transfers

As a DIFC-based company, we may transfer your data outside the DIFC, including to countries with potentially different data protection laws. We will only transfer your data to jurisdictions deemed adequate by the DIFC Commissioner of Data Protection or implement appropriate safeguards, such as Standard Contractual Clauses or Binding Corporate Rules.

3.6 Data Retention

We retain your personal information for as long as necessary to fulfil the purposes outlined in this Notice, unless a longer retention period is required or permitted by law. Specific retention periods may vary depending on the type of data and legal requirements.  

  • Client data: We generally retain client data for at least 6 years after the termination of our relationship with you, or longer as required by applicable laws and regulations

  • AML/KYC data: We retain AML/KYC data for at least 6 years after the termination of our relationship with you, or longer as required by applicable laws and regulations

  • Marketing data: We retain marketing data until you withdraw your consent or for a maximum of 1 years after our last interaction with you

3.7 Data Security

We implement reasonable and appropriate technical and organizational security measures to protect your information from loss, misuse, and unauthorized access.  

3.8 Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the DIFC Commissioner of Data Protection without undue delay and, where feasible, within 48 hours of becoming aware of the breach. We will also inform affected individuals without undue delay when the breach is likely to result in a high risk to their rights and freedoms.  

We have implemented procedures to identify, assess, and promptly respond to any potential data breaches. These procedures include measures to contain the breach, investigate its cause, and take corrective action to prevent future occurrences.

3.9 Automated Decision-Making and Profiling

We do not use your personal information for automated decision-making, including profiling, that has a legal or significant effect on you. We also do not use automated decision-making for marketing purposes

Cookies and Similar Technologies

Our website may use cookies and similar technologies to enhance your browsing experience and collect information about how you use our website. Cookies are small text files that are stored on your device when you visit our website. We use both session cookies (which are deleted when you close your browser) and permanent cookies (which remain on your device for a set period).  

You can manage your cookie preferences through your browser settings. Please note that disabling cookies may affect the functionality of our website.

Updates to this Notice 

We may update this Privacy Notice periodically. Please check our website for the latest version. We will notify you of any material changes through appropriate channels, such as by email or through prominent notices on our website.

 

Contact Us

If you have any questions or concerns about this Privacy Notice or our data practices, please contact our Data Protection Officer at:

Email: dp@amberlion.co.ae

Address: The Gate Precinct 5, Level 5, Unit 9, DIFC, Dubai, UAE

Contact Number: +971 4 4281100

Complaints

If you have any concerns or complaints about the way your PI is processed, please contact our Data Protection Officer at dp@amberlion.co.ae

You also have the right to lodge a complaint with the DIFC Commissioner of Data Protection or another competent authority with jurisdiction over privacy and data protection law in the country where you live or work, or where you believe an issue in relation to the processing of your PI has arisen.

You may also contact the DIFC Commissioner of Data Protection's Office at:

Dubai International Financial Centre Authority

 Level 14, The Gate Building

+971 4 362 2222

commissioner@dp.difc.ae

 

Amber Lion Middle East Ltd. is a Dubai International Financial Centre (DIFC) firm regulated by the Dubai Financial Services Authority (DFSA) and is only authorized to provide financial services to Professional Clients or Market Counterparties.