This version of our Privacy Notice was last updated on 01 June 2023.
This privacy notice describes how your personal data will be collected and used as a client of asset and fund management services provided by abrdn Investments Middle East Limited (‘aIMEL’ – referred to within this Privacy Notice as ‘we’, ‘us’, ‘our’). aIMEL is a subsidiary of the abrdn group (a global asset management company offering active wealth management services).
We are committed to safeguarding any personal data shared with us. We take privacy seriously and as a client or a representative of one of our clients, you can be assured that personal data will only be collected and used where it is necessary, fair and lawful to do so to provide you with the agreed product or service and in line with applicable privacy & data protection laws, including the Data Protection Regulations 2021.
This Privacy Notice contains important information about what personal details we collect; what we do with that information; who we may share it with and why; and your choices and rights when it comes to the personal data you have given us.
We keep our Privacy Notice under regular review. We may need to make changes to this Privacy Notice so please check our website for updates from time to time. If there are important changes such as changes to where your personal data will be processed, we will contact you to let you know.
Information about you as either our client, or our client’s representative, that we collect and use includes:
- Information about who you are in order to verify your identity e.g. your name, date of birth, contact details, and where necessary, national identification numbers
- Information about your contact with us e.g. meetings, phone calls, emails / letters
- Information that is automatically collected via cookies when you visit one of our websites or access our online tools e.g. username, your activity on our website. Some information will only be collected where you have turned on the relevant cookies in our preference centre.
- Information if you visit one of our offices e.g. visual images collected via closed circuit television (CCTV)
We may collect your personal data directly from you, or from a variety of sources, including:
- Forms relating to your or your company’s investment(s)
- Phone conversations with us
- Emails or letters you send to us
- Meetings with us
- Registering for one of our events
- Our online services such as client portals, websites, social media.
- We may also collect personal data about you from places such as business directories and other commercially or publicly available sources e.g. to check or improve the information we hold (like your address) or to obtain updated contact information if we have been unable to contact you directly
We take your privacy seriously and we will only ever collect and use information which is personal to you where it is necessary, fair and lawful to do so. We will collect and use your information only if we are able to satisfy one of the lawful processing conditions set out in the data protection laws. This will be the case where:
- it’s necessary to provide the product or service you have requested e.g. if you wish to invest with us on behalf of your company or client we will require some personal data which may include your name, address, and date of birth
- it’s necessary for us to meet our legal or regulatory obligations e.g. to tell you about changes to Terms and Conditions or for the detection and prevention of fraud
- it’s in our legitimate interests to process your information to better understand your needs so we can:
- deliver appropriate information and guidance so you are aware of the options that may help you get the best outcome from your investment(s);
- Show you targeted ads for our products and services through social media channels
- Further improve our products and services by using information we hold on our records about existing clients to better understand their preferences and needs
- Conduct research and collate management information to understand how clients have interacted with us, which products and services clients have already purchased, and to help us send more relevant communications based on our analysis of clients’ preferences and needs
Where the processing is in our legitimate interests, we will always conduct an assessment to ensure that this use of your personal data is not excessive or unnecessary or otherwise more intrusive than it needs to be
- You have given us your permission [consent] to use your information e.g., if we are collecting and using your data for certain types of direct marketing.
We sometimes use systems to make automated decisions based on personal data we have - or are allowed to collect and use from others – about you. These automated decisions can affect the products, services or features we offer you now or in the future. We use automated decisions in the following ways:
- Tailoring products and services e.g. placing you in groups with similar clients to make decisions about the products and services we may offer you to help meet your needs
If you do not wish us to collect and use your personal data in these ways, it may mean that we will be unable to provide you with some of our products or services.
We may share your information internally, and with third parties for the reasons outlined in ‘Why we collect and use your information’.
We will share your information with:
- Other parts of abrdn plc who support us in the provision of the products or services agreed with you for your company/client
- Credit and identity check agencies for the purposes of conducting a credit check and ID verification
- Third parties we have chosen to support us in the delivery of the products and services we offer to you and other clients. For example, research, consultancy or technology companies who help us improve our service to you
- Companies who can help us in our contact with you, for example an internet service provider
- Our regulators; including the Financial Services Regulatory Authority and the ADGM Office of Data Protection
- Law enforcement and other appointed agencies who support us (or where they request the information) in the prevention and detection of crime; and
UAE Federal Tax Authority for the purposes of tax reporting, where necessary.
Whenever we share your personal data, we will do so in line with our obligations to keep your information safe and secure.
The majority of your information is processed in UAE.
However, some of your information may be processed by us or the third parties we work with in locations in the UK or the EEA.
Where your information is being processed outside of the UAE area, we take additional steps to ensure that your information is protected to at least an equivalent level as would be applied by the Data Protection Regulations 2021 e.g. we will put in place legal agreements with third parties and abrdn affiliates with ongoing oversight to ensure they meet these obligations.
We take information and system security very seriously and we strive to comply with our obligations at all times. Any personal data which is collected, recorded or used in any way, whether on paper, online or any other media, will have appropriate safeguards applied in line with our data protection obligations.
Your information is protected by controls designed to minimise loss or damage through accident, negligence or deliberate actions. Our security controls are aligned to industry standards and good practice; providing a control environment that effectively manages risks to the confidentiality, integrity and availability of your information whether it is being processed by us or a third party acting on our behalf.
Our employees also protect sensitive or confidential information when storing or transmitting information electronically and must undertake annual training on this.
We also use internal and external audit and specialist third party consultants to conduct regular, independent assurance and benchmarking exercises across our business to ascertain the effectiveness of our security control environment and our security strategy.
To provide you with the service or product agreed, and to fulfil our legal and regulatory obligations, we will keep your personal data and copies of records we create (e.g. calls with us) while you are a [prospective] client of ours.
Even when you no longer have a relationship with us, we are required to keep information for different legal and regulatory reasons. The length of time will vary and we regularly review our retention periods to make sure they comply with all laws and regulations.
You have a number of rights under data protection laws which may be exercised in certain circumstances. These are:
Right to be informed
You have a right to receive clear and easy to understand information on what personal data we hold, why we hold it and with whom we share it – these details are contained in our Privacy Notice.
Right of access
You have the right of access to your personal data. If you wish to receive a copy of the personal data we hold on you, you may make a data subject rights request. If you would like to submit a data subject rights request, please contact the Data Protection Officer [see the How to Contact Us section for the DPO’s contact details]
Right to rectification
If your personal data is inaccurate or incomplete, you can request that it is corrected.
Right to erasure
You can ask for your personal data to be deleted or removed if there is not a compelling reason for abrdn to continue to have it.
Right to restriction
You can ask that we block or suppress the processing of your personal data in certain circumstances. This means that we are still permitted to keep your data – but only to ensure we don’t use it in the future for those reasons you have restricted.
Right to data portability
You can ask for a copy of your personal data for your own purposes to use across different services. In certain circumstances, you may move, copy or transfer the personal data you have provided us to another company in a safe and secure way.
Right to object
You can object to us processing your personal data where: it is based on our legitimate interests; for direct marketing; and if we were using it for research.
Rights relating to automated individual decision making including profiling
You have the right to ask abrdn to:
- Give you information about its processing of your personal data
- Request human intervention or challenge a decision where processing is done solely by automated processes
- Carry out regular checks to make sure that our automated decision making and profiling processes are working as they should.
More information can be found on your rights here. If you would like to exercise any of these rights please contact the Data Protection Officer [see the How to Contact us section].
We will always strive to collect, use and safeguard your personal data in line with data protection laws. If you do not believe we have handled your information as set out in our Privacy Notice, please let us know immediately (see ‘How to contact us’ section) and we will do our utmost to make things right.
While we hope that we can resolve any complaints for you, you do have the option complain to your local data protection authority (e.g. the Commissioner of Data Protection in the ADGM). This is available to you whether or not you have exhausted our complaints procedure.
The Commissioner’s contact details are:
Office of Data Protection
Telephone No.: 00 971 2 3338888
Address: ADGM Building, Abu Dhabi Global Market Square, Al Maryah Island, Abu Dhabi, United Arab Emirates.