Privacy policy

Data Protection Under the DIFC Data Protection Law No. 5 of 2020

Overview

DOVA Compliance and Risk Management Advisors Ltd (“the Firm”, “us”, “we”), as a Data Controller, has an obligation under the DIFC Data Protection Law No. 5 of 2020 (“DP Law”) to inform individual Data Subjects of their rights concerning data held about them. We are committed to safeguarding personal data and processing data in line with applicable privacy and data protection laws.

Our Commitment
  • Why and how the Firm collects, treats, and stores your Personal Data.
  • The legal basis on which your Personal Data is processed.
  • Your rights and our obligations in relation to such processing.

1. What Does This Privacy Notice Cover?

This notice applies to all forms of use of Personal Data (“processing”) by the Firm in the DIFC.

2. How We Get Your Information

We collect your information in different ways, specifically:

  • Information you give to us: Data provided by you or others linked to your business services or working on your behalf.
  • Third parties: Information from business introducers or other third-party companies.

3. Information We Hold About You

We may collect and process Personal Data such as:

  • Personal details: Name, date of birth, address, residency, etc.
  • Identification data: Passports, Emirates ID, government-issued ID numbers, etc.
  • Contact details: Phone number, email, postal address.
  • Financial information: Bank account details, credit/debit card numbers, financial history.
  • Professional information: Job title, work experience.
  • Special categories of data: Biometric information, political opinions, criminal records (where legally permissible).

4. Purpose of Processing

We process Personal Data for specific purposes, including:

  • Client onboarding.
  • Client relationship management.
  • Fraud prevention and identity verification.
  • Compliance with legal and regulatory obligations.
  • Risk and compliance control.

We process Personal Data only if one of the following legal bases applies:

  1. To perform our contractual obligations or take pre-contractual steps.
  2. To comply with legal or regulatory obligations.
  3. To protect the vital interests of individuals.
  4. For our legitimate interests, provided they do not unduly affect your rights.
  5. With your explicit consent.

6. How Data Is Processed

Personal Data is processed both manually and electronically to ensure security and confidentiality. Employees and third-party processors with appropriate training handle the data.

7. Who Has Access to Personal Data?

7.1 External Sharing

We may share Personal Data with:

  • Authorities (regulators, courts, etc.).
  • Financial institutions or comparable entities.
  • Service providers (e.g., IT, logistics, marketing).
7.2 International Data Transfers

We may transfer data outside the DIFC, provided:

  • The destination jurisdiction ensures an adequate level of data protection.
  • Suitable safeguards are in place (e.g., contractual clauses).
  • You have explicitly consented.

8. Data Retention

We retain Personal Data only as long as necessary to:

  • Fulfill the purposes for which it was collected.
  • Comply with legal or regulatory obligations.
  • Defend against legal claims or assist with fraud monitoring.

9. Your Rights

You have the right to:

  • Request a copy of your Personal Data.
  • Correct inaccuracies in your data.
  • Restrict the use of your data.
  • Request the deletion of your data.
  • Withdraw your consent (if applicable).
  • Object to automated processing or profiling.

10. Automated Decision-Making and Profiling

We do not typically use fully automated decision-making. Profiling may occur to comply with regulatory requirements, such as fraud detection or risk assessment.

11. Cookies

Our websites use cookies for:

  • Recognizing visitors and tailoring content.
  • Compiling anonymous statistics for site optimization.
  • Meeting regulatory requirements.
Information Collected via Cookies

Examples include browser type, IP address, location, pages visited, and time spent on each page.

12. Exercising Your Rights

Please contact us using the details below if you wish to exercise your rights:

Contact Details
  • Address: Unit 1010, Index Tower, Dubai International Financial Centre, Dubai, UAE
  • Email: oa@dovaadvisors.ae
  • Phone: +971 54 793 3662

You may also lodge a complaint with the Competent Authority if necessary.

13. Changes to the Privacy Notice

This notice may be updated periodically. We will notify you of significant changes in advance.