IN COMPLIANCE WITH THE DATA PROTECTION DIFC LAW No 5 of 2020 (“DPL 2020”)
1.
WHAT DOES THIS PRIVACY NOTICE DO AND DOES IT APPLY TO ME?
1.1.
Many countries have data protection laws that protect the privacy of individuals by regulating the way in which businesses handle personal information. Among other things, data protection laws require businesses that handle personal information to be open and transparent about why and how they handle personal information.
1.2.
The purpose of this Privacy Notice is to inform you why and how Silicon Consultancy Limited, ("Silicon", "we", or "us") handles personal information about you in connection with the professional services provided by Silicon Consultancy Limited, in the Dubai International Financial Centre ("DIFC").
1.3.
This Privacy Notice will apply to you only if you are at least one of the following types of persons:
1.3.1.
Private Client. Individuals who enter into a contract for the provision of professional services directly with Silicon in connection with their own personal affairs, as well as individuals who are sole practitioners / traders and enter into a contract for the provision of professional services directly with Silicon in connection with their own profession or trade.
1.3.2.
Client Business Contacts. Individuals who are employed or otherwise engaged by legal entities which enter into a contract for the provision of professional services directly with Silicon ("Corporate Clients") and interact with us in the course of our business.
1.3.3.
Business Owners. Individuals who are in control of our Corporate Clients and their affiliates / subsidiaries by virtue of being the beneficial owners (regardless of the form of ownership), as well as individuals who exercise control over our Corporate Clients and their affiliates / subsidiaries through executive powers vested in them (regardless of whether or not they hold any ownership interest in our Corporate Clients or their affiliates / subsidiaries).
1.3.4.
Other Relevant Individuals. Individuals who do not belong to any of the foregoing categories but interact with us in connection with (or are otherwise affected by) the professional services provided, or the business conducted by Silicon. Depending on the circumstances, such individuals can include, without limitation, the following:
(a)
individuals who bring legal action against our Private Clients or Corporate Clients.
(b)
individuals who work for other entities that interact with us in connection with the professional services we provide to our Private Clients or Corporate Clients.
(c)
individuals who have invested in any fund, scheme, or arrangement which are established, managed, or administered by our Corporate Clients.
(d)
individuals who work for entities that provide goods and services to us.
(e)
individuals who have no business relationship with us but register on our website to receive emails updates and alerts from us.
1.4.
Nothing in this Privacy Notice creates any new relationship between you and us or alters any existing relationship between you and us. Nothing in this Privacy Notice affects any right you have under any applicable law, including the DIFC’s Data Protection Law (DIFC Law No. 5 of 2020) ("DPL"), or any other data protection law that applies to you.
2.
WHO IS RESPONSIBLE FOR THE PROPER HANDLING OF MY PERSONAL INFORMATION?
3.
WHAT SORT OF PERSONAL INFORMATION ABOUT ME DOES SILICON COLLECT?
3.1.
The types of personal information which we collect will vary significantly depending on numerous factors, including your personal circumstances, the nature of your relationship with us, and the nature of the professional services we are asked to perform.
3.2.
The personal information we obtain can be grouped into the following categories:
3.2.1.
Contact Details. Your contact details such as title, name, postal address, email address, and phone number.
3.2.2.
KYC Records. Information about you which we are obliged to check for legal or regulatory reasons, such as your date of birth, country of residence, nationality, any ownership interest in any entity or asset you hold, and other like information concerning your identity and background (which may include, where applicable, sensitive information such as any criminal record you have and any sanction or embargo enacted against you).
3.2.3.
Service Records. Information about you which we obtain in order to provide our professional services. Depending on the circumstances and the nature of your relationship with us, such information may include, without limitation, instructions you give, advice and opinion you receive from us, actions you take based on our advice / opinion, action we take towards you based on instructions we receive from our Corporate Clients, information concerning your assets and liabilities, information about your personal circumstances, as well as information of a sensitive nature, such as information concerning your mental or physical health.
3.2.4
Other Records. Other information about you which we may obtain as part of our day-to-day business operations, including but not limited to, your attendance at conferences, seminars, and other events hosted or sponsored by Silicon, and your preference with respect to marketing communication sent by the Silicon.
3.3.
We will collect your personal information only where we are legally permitted to do so, and only to the extent it is appropriate and necessary for one or more of the purposes described in Section 4.
4.
WHY DOES SILICON COLLECT MY PERSONAL INFORMATION AND WHAT ARE THE LEGAL JUSTIFICATIONS?
4.1.
We handle your personal information for one or more of the following purposes:
4.1.1.
Service Delivery. To facilitate the provision of professional services. Further information about services we provide is available online at https://www.siliconadvisers.com/tax-family-office-solutions. This purpose corresponds to the lawful basis of contractual necessity (Article 10(1)(b) of DPL) as well as the lawful basis of our legitimate interests (Article 10(1)(f) of DPL).
4.1.2
Service Development. To improve our existing professional services and devise professional services. This purpose corresponds to the lawful basis of our legitimate interests (Article 10(1)(f) of DPL).
4.1.3.
Service Marketing. To promote the professional services we offer and related services offered by Silicon. This purpose corresponds to the lawful basis of our legitimate interests (Article 10(1)(f) of DPL) in most cases, but occasionally it may correspond to the lawful basis of your consent (Article 10(1)(a) of DPL).
4.1.4.
Client Relationship Management. To manage, maintain, and develop our relationship with our clients. This purpose corresponds to the lawful basis of contractual necessity (Article 10(1)(b) of DPL) as well as the lawful basis of our legitimate interests (Article 10(1)(f) of DPL).
4.1.5.
Business Administration. To facilitate the effective management and administration of our business, including in relation to matters such as business planning, budgeting, and forecasting, as well as enforcement of our terms of engagement and collection of our fees. This purpose corresponds to the lawful basis of our legitimate interests (Article 10(1)(f) of DPL).
4.1.6.
Legal and Regulatory Compliance. To ensure our compliance with all relevant legal and regulatory requirements, including, without limitation, legal requirements relating to money laundering, bribery and corruption, tax evasion, sanctions / embargoes, and export control. This purpose corresponds to the lawful basis of legal necessity (Article 10(1)(c) of DPL) as well as our legitimate interests (Article 10(1)(f) of DPL).
Important Note: If you are a Private Client or a Business Owner, we will use your personal information to conduct various checks to ensure that we comply with all applicable legal and regulatory requirements, before we formally accept you (or your business) as a client and from time to time after you (or your business) is accepted as our client. For example, we might check if you are included in official list published by the authorities which lists persons with whom we are by law not allowed to do business, or we might check if you are a politically exposed person in respect of whom we are required to undertake enhanced due diligence.
5.
HOW DOES SILICON OBTAIN MY PERSONAL INFORMATION?
5.1
We endeavour to collect your personal information directly from you wherever possible. However, the nature of the services we perform and the context in which we handle your personal information can often result in us collecting your personal information indirectly from third party sources.
5.2.
Additionally, there may be circumstances where we are required to seek your personal information from independent sources (for example where we need to use your personal information to comply with legal requirement to validate your identity and background).
5.3.
Sources from which we may obtain your personal information can be described as follows:
5.3.1.
Those who have referred you to us, such as your business contact, or another entity or undertaking in Silicon International Practice.
5.3.2.
Your lawyer, accountant, tax advisor, wealth manager, and other such advisors who provide your personal information to us on your behalf.
5.3.3.
Publicly accessible websites, registers, and databases, including official registers of companies and businesses, database of journals and news articles, and social media such as LinkedIn
5.3.4.
Providers of background check and business risk screening services, such as operators of fraud and financial crime databases, and operators of sanctions / embargoes databases (in some cases they can include authorities such as government departments and the police).
5.3.5.
The relevant Corporate Client to whom we provide the service and who entrusts us with your personal information. Depending on the context, this could be, for example, the business which is owned or controlled by you or the business for which you work.
6.
DOES SILICON USE MY PERSONAL INFORMATION FOR MARKETING PURPOSES?
6.1.
We may from time to time use your personal information to promote to you the professional services we offer, and other related services offered by Silicon International Practice. However, we will do so only if you are:
6.1.1.
someone who has done business with us or Silicon International Practice as a Private Client, a Client Business Contact, or by being involved in transactions which also involved us or another entity or undertaking in Silicon International Practice
6.1.2.
someone who has indicated an interest in the professional services we offer, or the related services offered by Silicon International Practice, for example by registering on our website to receive email updates and alerts from us, or exchanging business cards with us at a conference, event, or a business meeting; or
6.1.3.
someone who has never done any business with us but whom we have identified (based on business-related information such as your position and title, the company for which you work, etc.) as potentially having an interest in the business-related service offered by us and Silicon International Practice.
6.2.
Where we contact you for such purpose, we will typically contact you by email or postal mail (including via third party marketing service providers acting on our behalf) but where the situation warrants, we may contact you by telephone. We will always observe the applicable direct marketing rules when contacting you and we will always respect your marketing preferences.
6.3.
If you wish to stop receiving promotional emails and professional updates from us, you can make use of the ‘unsubscribe’, ‘opt out’, or ‘update your marketing preference’ link we include within our promotional emails and updates. If for whatever reason such links are not functioning or missing, or if you feel that we have otherwise failed to respect your marketing preference, please alert your contact person within Silicon, or alternatively, contact us using the details provided in paragraph 14.2.
7.
DOES SILICON SHARE MY PERSONAL INFORMATION WITH OTHERS?
7.1.
We will share your information with others only if and to the extent it is appropriate and necessary to do so for one or more of the purposes outlined in Section 4. Whenever we share your personal information, whether internally or externally, we will ensure that such sharing is kept to the minimum necessary.
7.2.
The extent to which we share your personal information will vary depending on your circumstances and relationship with us, but your personal information will be shared with one or more of the following categories of recipients:
7.2.1.
Our Corporate Clients (if you are a Client Business Contact, this could be your employer).
7.2.2.
Companies, trusts, and partnerships that belong to Silicon International Practice including those who perform any of the support roles described in paragraph 7.2.3. and / or 7.2.4., as well as those who provide ancillary services as described in paragraph 7.2.5.
7.2.3.
Those who support our business operations, for example data centre operators, IT service providers, administrative support service providers, insurers, accountants, consultants, auditors, etc.
7.2.4.
Providers of background check and business risk screening services, such as operators of fraud and financial crime databases, and operators of sanctions / embargoes databases. Generally speaking, your personal information will be shared with recipients who fall into this category only if you are a Private Client or a Business Owner.
7.2.5.
Those who provide ancillary services which complement the professional services we provide, for example those who provide legal entity formation / registration services, fund administration services, fiduciary services, and other such services.
7.2.6.
Government departments and agencies, police, regulators, courts, tribunals, and other like authorities with whom we are legally obliged to share your personal information, or with whom we decide to cooperate voluntarily (but only to the extent we are legally permitted to do so).
Important Note: Please note that where we share your personal information with the authorities, we may, depending on the circumstances, be forbidden from advising you of the fact that your personal information was disclosed to or requested by the authorities (e.g. when doing so is illegal or might prejudice an on-going investigation).
8.
DOES SILICON TRANSFER MY PERSONAL INFORMATION OUTSIDE THE DIFC?
8.1.
Due to the international nature of Silicon’s business operations and the markets in which we operate, your personal information may be transferred outside the DIFC to any of the different categories of recipients described in Section 7, who could be located anywhere in the world, including, without limitation, Singapore.
8.2.
Where we share your personal information with recipients who are located outside the DIFC, we will take appropriate steps to ensure that such overseas transfer of your personal information takes place in accordance with any legal restriction that applies to cross-border transfer of personal information under DPL, as applicable.
9.
WILL MY PERSONAL INFORMATION BE KEPT SECURE BY SILICON?
9.1.
We take information security very seriously and we use a broad range of tools and techniques to prevent and detect incidents that might adversely affect information we hold, such as unauthorised access or disclosure, and accidental change or loss, whether they are caused by external factors or internal factors.
9.2.
The tools and techniques we use include technical measures such as firewalls, backup and disaster recovery systems, anti-malware, and encryption, as well as other measures such as vetting of suppliers who are entrusted with our information, awareness training for our workforce, and the continuous evaluation and enhancement of our information security controls. We also conduct a broad range of monitoring over our IT and communication systems.
10.
WHAT WOULD SILICON DO IF A DATA BREACH HAPPENS?
10.1.
In the unlikely and unfortunate event your personal information under our control becomes compromised due to a breach of our security, we will act promptly to identify the cause and take the necessary steps to contain and mitigate the consequences of the breach. Where appropriate, we will also notify you of the breach in accordance with DPL, and any other applicable law which requires us to notify you of the breach.
11.
HOW LONG WILL SILICON RETAIN MY PERSONAL INFORMATION?
11.1.
The personal information about you which we collect will typically be retained for at least the duration of the relevant matter in respect of which we provide our professional services. Thus, where we obtain your personal information in connection with a corporate transaction, we will retain your personal information for as long as the transaction remains open and pending.
11.2.
Once the matter is closed, for example because the transaction has settled, closed, or otherwise reached its end, then we will retain your personal information as part of our business records for the duration of the applicable retention period, which will be determined by reference to any legal or regulatory record keeping requirement that applies to us.
11.3.
For example, the rules concerning prevention of money-laundering mean that if any of your personal information forms part of KYC Records, we will have to retain it for as long as we continue to have client-advisor relationship with you (if you are a Private Client) or the relevant Corporate Client (if you are a Business Owner), and then for several years following the end of the client-advisor relationship.
11.4.
In the absence of any specific legal or regulatory record-keeping requirement which applies, we may retain your personal information for an appropriate period where we consider this to be necessary to protect ourselves from any legal claim or dispute that may arise in connection with the relevant services we have provided. Where we do so, the retention period applied to your personal information will reflect the relevant limitation periods.
12.
WILL THIS PRIVACY NOTICE CHANGE IN THE FUTURE?
12.1.
We may revise this Privacy Notice from time to time to reflect changes in law or changes in how we run our business, but where such revision becomes necessary in the future, we will announce the changes on our website at https://www.siliconadvisers.com/ and bring them to your attention to the extent it is practicable to do so.
13.
WHAT RIGHTS DO I HAVE IN RESPECT OF MY PERSONAL INFORMATION?
13.1.
Under DPL, you have certain legal rights in respect of your personal information handled by us. These include the following:
13.1.1.
The right to withdraw your consent where we rely on your consent to justify the handling of your personal information.
13.1.2.
The right to ask us to confirm whether or not we handle any personal information about you.
13.1.3.
The right to ask us to provide you with copies of your personal information we hold.
13.1.4
The right to ask us to provide you with soft copy of personal information you provided to us (or to forward them to any other person you specify).
13.1.5.
The right to ask us to correct any inaccuracy or incompleteness in your personal information we hold.
13.1.6.
The right to ask us to delete your personal information we hold.
13.1.7.
The right to ask us to refrain from handling your personal information where you feel that the handling of your personal information by us is unwarranted, for example due to inaccuracies in your personal information or lack of proper legal justification.
13.1.8.
The right to object to how we handle your personal information, for example by asking us not to use your personal information to profile you or to subject you to automated decision-making. You can also object to us using your personal information for direct marketing purposes.
Important Note: The rights you have in respect of your personal information are not absolute and are subject to a range of legal conditions and exemptions. If and to the extent a relevant legal condition or exemption applies, we reserve the right not to comply with your request. Additionally, while the rights you have can often be exercised free of charge, the law allows us to charge you in certain limited circumstances. In such cases, we reserve the right to charge you a fee for processing your request.
14.
WHO CAN I CONTACT ABOUT MY PERSONAL INFORMATION?
14.1.
If you would like to exercise any of the rights you have in respect of your personal information, or if you have any question or concern regarding the way in which we handle your personal information, then please reach out to your usual contact person within Silicon in the first instance.
14.2.
If you have a complaint regarding the way in which we handle your personal information, please contact our local Data Protection Officer in the first instance. You can do so by emailing your complaint to dpo@siliconadvisers.com.
14.3.
We will endeavour to respond satisfactorily to any request, query, or complaint you may have in respect of your personal information, but if you are dissatisfied with our response and wish to make a formal complaint, or if you simply wish to learn more about your rights, you can contact the Commissioner of Data Protection who enforces DPL:
Commissioner of Data Protection
DIFC Authority
Level 14, The Gate Building
Dubai International Financial Centre
PO Box 74777, Dubai
United Arab Emirates
commissioner@dp.difc.ae