Privacy Policy

SH DIGITAL ASSETS | PRIVACY POLICY | AUGUST 2023

This Privacy Policy (“Policy”) has been developed for SH Digital Assets DMCC (“SHDA”). This Policy is reviewed annually, unless there is a change in regulation that requires to implement an earlier update. The Data Protection Officer is responsible for maintaining, developing, implementing and updating this Policy and ensuring compliance with all applicable laws, regulations, and best practices. The Board of Directors of SHDA (“Board”) is responsible for approving and monitoring the implementation of this Policy and the related procedures. Upon establishing that an update is required, the Data Protection Officer proposes changes by presenting them to the Board. Once the Board approval is sought, the changes are incorporated in the Policy.

Document revision history

Version & Revision Prepared by Summary of Changes Approved by Distributed by Date

 
 
 
 
 

1. AGREEMENT AND ACCEPTANCE

  1. 1.1.  This privacy policy (“Privacy Policy” or “Policy”) has been prepared by SH Digital Assets DMCC (“SHDA”, “we”, “us”, “our” or “ours”). The Privacy Policy, together with our Terms of Use (“Terms”) and all other terms, conditions and policies published on the Platform (as defined below), govern your access to and use of the Platform. Prior to using this Platform, you (“user”, “you”, “your” or “yours”) confirm acceptance of these policies, which supplement and are incorporated into our Terms. This Policy does not intend to override the Terms. Any terms, words, phrases which are not defined in this Policy shall have the same meanings as ascribed to them in the Terms.

  2. 1.2.  When you visit our website, pages, features, API and or other products and services (“Platform”), and more generally use or participate in any of our services through our Platform, we appreciate you trusting us with your personal data. Personal data includes any data relating to you which may, by itself, or in combination with other data be able to identify you. SHDA takes your privacy very seriously; and this Policy, as amended from time to time, sets out how SHDA collects, processes, uses, maintains, stores, retains, transfers, discloses, erases or destroys your confidential and personally identifiable user data, as well as aggregated and anonymized data obtained from and through the Platform and related services offerings, via the Platform. The specific data points which we collect from you are explained below in this Policy. We are committed to protecting your information and right to privacy.

  3. 1.3.  When you use our Platform, we may, in certain cases, apply automated data decision-making, for example to prevent fraud, to ensure compliance with AML/CTF policies, etc. Automated decision-making refers to the processing of personal data using, for example, a software code or algorithm that does not require human intervention. We regularly review the criteria and models used in automated decision-making to ensure their integrity, efficiency, and impartiality.

  4. 1.4.  By opening an account with SHDA (“Account”) and/or using our services and Platform, you acknowledge that you accept terms of this Privacy Policy. We encourage you to read this Policy carefully before proceeding further as it forms part of our Terms.

2. AMENDMENTS TO THIS PRIVACY POLICY

  1. 2.1.  SHDA is licensed by the Dubai Virtual Assets Regulatory Authority (“VARA”) to undertake Broker-Dealer Services and this Policy has been prepared in accordance with the Federal Decree- Law No. 45/2021 on the Protection of Personal Data (“UAE Data Protection Law”), VARA’s licensing conditions, VARA’s Rulebooks as well as all applicable UAE regulations, guidance and international best practices. We may make amendments to this Policy.

  2. 2.2.  From time to time, we may revise, amend or supplement this Policy to reflect necessary changes in law, our personal data collection and usage practices, the features of our Platform, or certain advances in technology, or if directed by the VARA and/or the concerned regulators. If any material changes are made to this Policy, the changes may be prominently posted on the relevant or affected Platform. However, this is not obligatory for us; the onus is on you to regularly familiarize yourself with the contents of this Policy, for your own information; and particularly to do so every time you access our Platforms or make use of our services.

2.3. Changes to this Policy are effective from the date on which they are published.

3. DATA PROCESSING PRINCIPLES FOLLOWED

3.1. Your personal data is collected and processed in accordance with relevant principles, including: lawfulness, fairness and transparency; for specific and clear purpose; data minimisation; accuracy; storage limitation; integrity and confidentiality (security) and accountability; with all relevant laws and regulations considered; and however applicable.

4. BASES FOR DATA PROCESSING

4.1. We process your personal data on the following bases – because the information is necessary for the performance of a contract with you or to take steps at your request to enter into a contract; because you have given your consent if we expressly ask for consent to process your personal data for a specific purpose; and to comply with legal and regulatory obligations.

  1. 5.1.  You provide consent to your personal data (whether provided directly by you, whether collected by us, or received by us from third parties or otherwise) being processed to satisfy all legal obligations arising from any contracts entered into/ with/ involving you or to deliver any services to you; or to take steps at your request prior to entering into a contract with you; or for our legitimate interests to protect our property, rights or safety of either SHDA, its users, customers, clients, other persons or other entities.

  2. 5.2.  The specific data points which we collect, the method by which we collect such data, the purposes for which we collect such data, how we share such data, and how long we retain such data is explained individually and specifically for your precise, informed and unambiguous consent below in this Policy.

  3. 5.3.  You undertake that all personal data provided to us by you is true, complete and accurate and you must notify us of any changes to such personal data.

  4. 5.4.  We do not process data about actual or alleged criminal offences unless and until specifically mandated to do so by law or directives of competent authorities.

6. PURPOSES OF PROCESSING PERSONAL DATA

SHDA will collect and process your personal data for the following purposes: 6.1. Provision of SHDA services via the Platform

Details of Purpose Provision of services via the Platform. This includes:

5. CONSENT FOR DATA PROCESSING FOR LEGAL OBLIGATIONS AND LEGITIMATE INTERESTS

  1. enabling the user to create the account on the Platform;

  2. enabling the user (or it representative) to purchase/sell virtual assets;

  3. enabling the user (or it representative) to transfer its virtual assets to the virtual asset wallet

  4. Users of the Platform (if such users are natural persons) / representatives (e. g. employees) of the users (if such users are legal persons).

Personal data

  1. Identification data (e. g. name, surname, position at the represented entity, name of the represented entity, tax ID, date of birth, nationality, country of residence);

  2. Contact data (e. g. address, e-mail address, phone number, mobile device SMS code);

  3. Data related to the provision of services on the Platform (e.g. communication with us regarding the use of the Platform).

Please note that SHDA may not process all the above data, and the scope of the processed data is determined on a case-by-case basis in accordance with the principle of data minimization.

The user or the entity it represents, the use of the Platform or third parties (e.g., payment

service provider (“PSP)”.

Data subjects

Source(s) from which the personal data is collected

Data retention <Data will be stored for up to 8 years following the end of relations with the user.> 6.2. Compliance with legal requirements (e.g., AML /KYC)

Details of Purpose

Compliance with legal requirements applicable to SHDA, including anti-money laundering (“AML”) and Know Your Counter party (“KYC”) regulations

Data subjects

Users of the Platform (if such users are natural persons) / representatives, shareholders, managers, ultimate beneficial owners (“UBOs”) of the users (if such users are legal persons

.Identification data (e. g. name, surname, position at the represented

Personal data

      1. entity, name of the represented entity, tax ID, date of birth, nationality, country of residence);

  1. Contact data (e.g., address, e-mail address, phone number);

  2. AML / KYC data (e.g. date of birth, citizenship, address, country of residence, country of tax residence, activities, sources of income, copy of identification document (and personal data therein), bank details, photo, information about applied international sanctions, PEP status, biometric data processed by specialized algorithms);

  3. Payment data (e.g. information about payments to or from SHDA);

  4. Other personal data as may be required for SHDA to comply with applicable legal acts.

Please note that SHDA may not process all the above data, and the scope of the processed data is determined on a case-by-case basis in accordance with the principle of data minimization.

Source(s) from which the personal data is collected

The user or the entity it represents, the use of the Platform and / or third parties (e.g., identification service providers), public registers, state and / or municipality institutions).

Data retention

Data will be stored for up to 8 years following the end of relations with the user.

We do not retain any biometric data gathered during the identification process.

6.3. Recruiting Details of Purpose

Data subjects Candidates applying for employment at SHDA.

Processing personal data in connection with

recruitment procedures.

Personal data

  1. Identification data (e. g. name, surname, date of birth, nationality, country of residence

  2. Contact data (e.g., address, e-mail address, phone number);

  3. Subject matter and text of your query;

  1. Information about your experience and other information provided by you in your CV and (or) other documents;

  2. Information about the results of the recruitment procedures (e.g., results of tests, interviews);

    Please note that SHDA may not process all the above data, and the scope of the processed data is determined on a case-by- case basis in accordance with the principle

Data retention of data minimization.

The candidate (user)

SHDA will store the personal data about the candidate for as long as the selection to the specific position is taking place and 6 months after that. Based on your consent such

personal data may be stored longer.

Source(s) from which the personal data is collected

6.4. Relations with suppliers & partners

Data subjects

SHDA’s suppliers and partners representatives.

or their

Details of Purpose

Commercial relations with our suppliers & partners, e.g., day-to-day business communication related to the services and (or)

goods provided.

Personal data

  1. Identification data (e.g. name, surname, position at the represented entity, name of the represented entity);

  2. Contact data (e.g., e-mail address, phone number);

  3. Subject matter and text of the communication with us.

Please note that SHDA may not process all the above data, and the scope of the processed data is determined on a case-by-case basis in accordance with the principle of data

Source(s) from which the personal data is collected

minimization.

Data will be stored for up to 8 years following the receipt of such data or termination of the

respective agreement.

SHDA’s users (i.e., suppliers and partners) where they are natural persons, or their representatives if such suppliers and partners are legal persons.

Data retention

6.5. Direct interactions

Details of Purpose Data subjects

Managing and answering the inquiries sent / provided to SHDA via e-mail, phone or via

form provided on the Platform.

Persons submitting / providing the

above mentioned inquiries to SHDA.

Personal data

  1. Identification data (e.g., name, surname, position at the represented entity, name of the represented entity);

  2. Contact data (e.g., e-mail address, phone number);

  3. Subject matter and text of the communication with SHDA.

Please note that SHDA may not process all the above data, and the scope of the processed data is determined on a case-by-case basis in accordance with the principle of data minimization.

Persons submitting / providing the above mentioned inquiries to SHDA themselves.

Data will be stored for 8 years following thereceipt of your query.

Source(s) from which the personal data is collected

Data retention

6.6. Direct marketing Details of Purpose

Data subjects

Informing you about special offers, news or providing other information about the Platform.

Persons receiving the above mentioned communications from SHDA.

Personal data

. 1. Identification data (e.g., (e. g. name, surname, position at the represented entity, name of the represented entity, tax ID, date of birth, nationality, country of residence);

  1. Contact data (e.g., e-mail address, phone

    number);

  2. Information about purchased or

    otherwise used similar services of SHDA.

Please note that SHDA may not process all the above data, and the scope of the processed data is determined on a case-by-case basis in accordance with the principle of data minimization.

Persons receiving the abovementioned communications from SHDA themselves.

Your personal data will be processed for the purpose specified in this section for 8 years from the date of its collection, or until you

Source(s) from which the personal data is collected Data retention

object to such processing of your personal data, or until your consent to process personal data for this purpose is revoked, whichever occurs

first.

6.7. Improving the Platform, ensuring proper operation and security, monitoring of users’ behaviour and ensuring fraud prevention.

Details of Purpose Data subjects

Users of the Platform

Personal data

  1. Device data (e.g., internet protocol (IP) addresses, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Platform.

  2. Platform use data, user’s behaviour on the Platform, payment information.

Please note that SHDA may not process all the above data, and the scope of the processed data is determined on a case-by-case basis in accordance with the principle of data minimization.

SHDA automatically receives personal data

directly from you while you use the Platform.

Your personal data will be processed for the

purpose specified in this section for 8 years.

Source(s) from which the personal data is collected Data retention

7. DATA RECIPIENTS

Improving the Platform, ensuring proper

operation and security, monitoring of user’s

behaviour, and ensuring fraud prevention.

7.1. Any information that you provide may be shared with third parties(data processors),which provide SHDA with services and act on its behalf (e. g. companies providing marketing / advertising services, IT service providers, accounting service providers, etc.). SHDA ensures that processing of personal data by such third parties will be based on a legitimate legal ground and will be performed in accordance with lawful instructions of SHDA and in compliance with all applicable legal requirements.

7.2. The personal data may also be transferred to the personal data recipients. Specifically, SHDA may share personal data with the following categories of third parties (data processors, data recipients or individual data controllers) as necessary:

8. PROCESSING AND USE OF AGGREGATED, ANONYMISED AND DE- IDENTIFIED DATA

8.1.

  1. PSP and your virtual asset wallet provider(if needed and to the extent required for proper provision of the Services) and our correspondents that facilitate virtual asset buy and sell transactions;

  2. our affiliates, i.e. subsidiaries, joint venture partners or parent companies (if needed for proper internal administration of the group (e.g. accountability));

  3. courts, arbitrators, mediators, opposing party and their lawyers (if needed for the legal proceedings),

  4. police, law enforcement authorities, tax authorities, other government, or municipal institutions;

  5. our professional advisers such as lawyers or accountants(if needed for the protection of our legitimate interests);

  6. service providers who undertake background screening of individuals and companies for the purpose of obtaining information on negative news, sanctions and political exposure of individuals and companies who participate in services through the Platform.

  7. service providers who provide information technology and system administration services, marketing, accounting, postal or courier or other services;

  8. other natural or legal persons where this is related to and necessary for the organizational changes of SHDA, e.g. in the event of merger, acquisition, or sale of SHDA (as a whole or in part), your personal data could be shared with auditors or other representatives of the potential acquirers and transferred to the final acquirer. Please note that in the latter situation the data controller of your personal data could become the final acquirer. You will be informed about such organizational changes on our Platform and (or) via contact details provided, if possible;

  9. other persons or entities (if needed to provide you with services through the Platform as effectively as possible).

We may also create, process, collect, use and share aggregated, anonymised or de-identified data such as statistical or demographic data for any purpose which may be derived from your personal data. We may use this data to comply with legal or regulatory obligations.

Page 10 of 18

  1. 8.2.  We may share your data with members of our group (including our affiliates, subsidiaries, parent companies, joint venture partners, entities we control and entities under common control) (“Group”), service providers and our key partners. Some of these third parties may be in a jurisdiction outside the laws as stated in this Policy, in which case we will take all necessary steps to ensure that your personal data is treated securely and that such transfers are permitted under the applicable data protection laws.

  2. 8.3.  We may also use any or all of the personal data above to administer and manage our business in general, to detect and prevent misuse of our services (including fraud and unauthorised payments), and to enforce our Terms or any other contract to which we may be a party to.

9. COOKIES POLICY

  1. 9.1.  We may use cookies and similar technologies that automatically collect certain information from your browser or device when you visit our Platform, read our emails, use our services or otherwise engage with us.

  2. 9.2.  Cookies: A cookie is a piece of data contained in a very small text file that is stored in your browser or elsewhere in your hard drive. We use cookies, web beacons, log files, and a variety of similar technologies (collectively, “cookies”) to collect information from your browser or device. These technologies collect information about how you use the Platform (e.g., the pages you view, the links you click, and other actions you take on the Platform), information about your browser and online usage patterns (e.g., Internet Protocol (IP) address, browser type, browser language, referring / exit pages and URLs, pages viewed, whether you opened an email, links clicked), and information about the device(s) you use to access the Platform (e.g., mobile device identifier, mobile carrier, device type, model and manufacturer, mobile device operating system brand and model, and whether you access the Platform from multiple devices).

  3. 9.3.  Usage of data collected through cookies: We may use the data collected through these technologies to better display our Platform, to save you time, to provide better technical support, for promotional purposes, and to measure and analyse Platform usage.

9.4. Types of Cookies: The types of Cookies

  1. Strictly Necessary (also known as Essential or

    Required Cookies)

  2. Functional

  3. Analytic

  4. Tracking

we may use are set out below.

Necessary for the operation of the website. We may use essential cookies to authenticate users, prevent fraudulent use of user accounts, or offer Platform features.
Allow us to recognize and count the number of visitors and see how visitors move around the website when using it. This helps us improve the way the Platform works.

Used to recognise you when you return to the Platform. This enables us to personalise our content for you and remember your preferences.
Record your visit to the Platform, the pages you have visited, and the links you have followed. We will use this information to make the Platform and the content more relevant to your interests. We may also share this information with third parties for this purpose.

9.5. Choice of cookies: You may be able to refuse or disable cookies by adjusting your web browser settings. Some browsers have options that allow the visitor to control whether the browser will accept cookies, reject cookies, or notify the visitor each time a cookie is sent. If you choose to refuse, disable, or delete these technologies, some of the functionality of the Platform, services and/or features may no longer be available to you or function properly.

10.1. In the event that you fail, neglect and/ or refuse to, or are unable to provide us with any personal data which we necessarily need so as to provide you with services or the Platform, or which we need to collect by law, we may not be able to provide you services through the Platform. In this case, we have the right to discontinue the provision of the Platform to you and/or close your Account. In such a situation, we will notify you at the earliest.

11. INFORMATION RELATING TO PERSONS BELOW THE AGE OF 18

11.1. We do not allow persons under the age of 18 to register for any service on the Platform, and we do not knowingly collect any personally identifiable information from persons under the age of 18. If you are aware of someone under the age of 18 using our Platform, please contact us immediately at info@sh.digital.io

12.1. Wemaycollectandprocesssomeofyourpersonaldatawithoutyourknowledgeorconsent;and only where this is required or permitted by law. We may be compelled to surrender your personal data to legal authorities without your express consent, if presented with a court order or similar legal or administrative order, or as required or permitted by the laws, rules and regulations of any nation, state or other applicable jurisdiction.

13.1. We provide you with choices regarding the personal data we use, particularly concerning any market research and/or subsequent marketing, advertising and promotion. Towards this, we have established these personal data control mechanisms:

  1. Promotional offers from us: We may use your personal data to determine what may be of interest to you. This is how we decide which products, services, and offers may be relevant and of interest to you. By using our Platform, registering an Account, contacting us, requesting information from us, you consent to receiving marketing communications from us. We may communicate with you by e-mail, fax or telephone.

  2. Opting out: You can ask us or third parties to stop sending you marketing related material and/ or communications at any time by following the opt-out links on any marketing

10. CONSEQUENCES OF REFUSAL, FAILURE, INABILITY TO PROVIDE US WITH

NECESSARY PERSONAL DATA

12. PROCESSING OF PERSONAL DATA WITHOUT YOUR CONSENT IN SOME CASES

13. COLLECTION OF YOUR DATA FOR MARKET RESEARCH AND PROMOTIONAL INFORMATION; YOU MAY OPT OUT FROM THIS

message sent to you or, if the marketing related materials and/or communications are sent by us, then by contacting us at info@shdigital.io.

14. SHARING OF YOUR PERSONAL DATA WITH THIRD PARTIES

  1. 14.1.  We may have to share your personal data with selected and trusted third parties to fulfil our obligations under our contract with you, to meet government, regulatory and law enforcement requests, and to continue providing you with the services. We will only disclose your personal data to third party service providers under strict terms of confidentiality. We do not allow our third- party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

  2. 14.2.  We may have to share or transfer your personal data in the specific circumstances listed below:

    1. Upon your consent: We will share your personal data with companies, outside organisations or

      individuals, if we have your consent to do so.

    2. In compliance with applicable law, judicial requirements, government requests: Where we are legally

      required to do so, we may disclose your personal data to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements), or where we find it is necessary to investigate, prevent or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved disclose your personal data. Additionally, we may disclose your personal data to enforce our Terms, or to protect the rights, safety, and security of SHDA, our users, other persons or the public.

    3. Merger, acquisition etc.: In connection with, or during negotiations of, any merger, sale of our assets, financing, acquisition of all or a portion of our business to another company, any dissolution transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. In the event of an insolvency, bankruptcy, or receivership, your personal data may also be transferred as a business asset forming part of our good will. If another company acquires us, our business or assets, that company will possess the personal data collected by us and will assume the rights and obligations held by us regarding your personal data, as described in this Policy.

    4. Advertisements: Where we use third party advertising companies to serve ads when you visit or use the Platforms. These companies may use information about your visits to our Platforms and other Platforms that are contained in web cookies and other tracking technologies in order to provide advertisements about goods and services of interest to you, provided you have consented to the same.

    5. Affiliates: We may share your personal data with our Group in order to provide you with certain services and/or functions, in which case we will require those Group members to honour this Policy.

    6. With selected third party vendors: In connection with the performance of our services, we may share your personal data with third-party vendors, service providers, contractors or agents who perform services for us or on our behalf and require access to such information to do that work. Examples of such third parties include payment processing, customer relationship management, data analysis, email delivery, hosting services, customer service, quality assurance testing, technical support, operational support and maintenance services and marketing efforts.

15. YOUR RIGHTS TO YOUR PERSONAL DATA

15.1. Depending on the country in which you are resident you may have certain rights. These rights may include:

  1. Right of Access to information: This means you have a right to receive at no charge, the following information upon submitting a request to us:

    1. The categories of personal data processed.

    2. The purposes of the processing of your personal data.

    3. The recipients or categories of recipients of your personal data both within and outside the UAE.

    4. Controls and standards relating to the duration of storage and archiving of your personal data.

    5. Actions taken upon your requests for rectification, erasure or restriction of processing and objection to processing of your personal data.

    6. Safeguards in case of cross-border processing of your personal data.

    7. The existence of automated decision-making, including profiling.

    8. Actions to be taken in case of personal data breach.

    9. Procedure to lodge a complaint with the UAE Data Office.

  2. Right to Rectification: This is your right have your personal data rectified if what is held by us is inaccurate/incomplete. .

  3. Right to Erasure: This is your right, under certain circumstances to ask for your personal data to be deleted. This would apply if your personal data is no longer required for the purposes it was collected for, or your consent for the processing of that data has been expressly withdrawn, or where your personal data has been unlawfully processed. Once deleted all your personal data will be removed from our systems and will not be recoverable. This right is subject to the restrictions laid down in the applicable law, including if the request is in conflict with other legislation(s) to which we are subject.

    Right to Withdraw Consent: If you wish for SHDA to stop processing your personal data, it is your right to withdraw consent at any time, where we have asked you for consent to use your information for that particular purpose. To withdraw consent for processing of your personal data, please email us at info@shdigital.io

  4. Right to Restrict Processing: This is your right to ask for a restriction or stop in processing of your personal data, such as in the case where accuracy of personal data is contested by you, or you object to the processing of your personal data, or the processing is in contravention to applicable laws. This right is subject to the restrictions laid down in the applicable law, including for reasons such as where processing is necessary for judicial purposes, or is necessary for protection of public interest or third party rights, or where the processing is limited to the storage of data.

  5. Right to Data Portability: This is your right to ask for your personal data supplied directly to us, which we have processed pursuant to your consent, under a contract, or by automated means, to be provided to you in a structured, commonly used, and machine-readable or electronic format.

F. Right to Object: This is your right to object to the further processing of your personal data which is inconsistent with the primary purpose for which it was collected, and includes processing for profiling, direct marketing and for statistical surveys.

Rights in Relation to Automated Decision Making and Profiling: This is your right to object to automated decision-making that has legal implications or seriously affects you. This right is subject to restrictions under applicable laws.

  1. 15.2.  We aim to respond to all legitimate requests without undue delay and within 2 calendar months of receipt of any request from you. Occasionally it may take us longer than 2 calendar months, if your request is particularly complex, or if you have made duplicated or numerous requests. In this case, we will notify you of receipt of such request(s) and keep you updated as to the status of progress concerning such request(s).

  2. 15.3.  If you have any of these rights under your domestic data protection laws and wish to exercise any of them, please contact us at info@shdigital.io We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This security measure is to ensure that your personal data is not disclosed to any person who has no right to receive it.

16. UPDATING YOUR INFORMATION

16.1. Whenever possible, you can update your personal data, subject to verification by us. If you wish for us to update your personal data, please contact us at info@shdigital.io or proceed to amend the same in your Account on the Platform. We will retain your personal data for as long as your Account has not been closed or as may be needed to provide you access to your Account and/ or services, and in compliance with the law.

17. DATA RETENTION AND RECORDS

  1. 17.1.  We retain information on your behalf, including customer data, transactional data and other session data, linked to your Account. Should any further information be required, please contact us at info@shdigital.io.

  2. 17.2.  Your personal data will be stored, retained, and processed for no period longer than as required by us for the purposes it was collected for, for the purposes of using the Platform, and for meeting any legal, accounting, reporting, government, regulatory or law enforcement requirements. Unless required for any of the purposes specified above, we will delete personal data related to closed Accounts every 12 calendar months.

  3. 17.3.  To determine the appropriate retention period for your personal data, the criteria we consider includes the amount, nature, and sensitivity of the personal data; the potential risk of harm from unauthorised use or disclosure of your personal data; the purposes for which we process your personal data and whether we can achieve those purposes through other means; whether there are legal or contractual obligations that mandate us to retain data for a particular period of time; whether there is any legal or financial claim in relation to your business relationship with us and the applicable legal requirements.

17.4. When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.

18. STORAGE AND TRANSFER OF DATA

  1. 18.1.  Your personal data is stored and transferred in compliance with the applicable legislations and regulations of UAE.

  2. 18.2.  Some of the international organisations and countries to which your personal data may be transferred do not benefit from an appropriate data protection regulatory framework. For transfer of your personal data outside the UAE to such international organisations and countries, we shall transfer your personal data, upon ensuring that a suitable degree of protection is afforded to it through the implementation of the necessary safeguards, such as an adequacy decision by the relevant authority, adequate binding corporate rules or through the inclusion of standard contractual clauses in our agreements with such organisations and countries. We may also transfer your personal data to recipients outside the UAE based on your express consent; or if such transfer is necessary for judicial processes; or if such transfer is necessary for entering into or performing a contract between SHDA and you or between SHDA and a third party for your interests, or if such transfer is necessary for an act relating to international judicial cooperation; or if the transfer is necessary for protection of public interest.

19. HOW TO CLOSE YOUR USER ACCOUNT

19.1. If you wish to close your Account, please use the relevant option within your Account on the Platform. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our Terms.

  1. 20.1.  We are committed to ensuring that your information is secure. To protect your personal data and information from loss, theft, misuse, alteration, destruction, unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. We use industry-standard technical mechanisms, password protected directories and databases and ensure that our affiliates or vendor entities use data encryption technology while implementing restrictions related to the storage of and the ability to access your personal data.

  2. 20.2.  Ourfacilitiesarescannedonaregularbasisforsecurityholesandknownvulnerabilities,tobest ensure its security.

  3. 20.3.  Your personal data is contained behind secured networks and is only accessible by a limited number of individuals who have special access rights to such systems and are required to keep the information confidential.

20. SECURITY PRECAUTIONS AND MEASURES FOR PROTECTION OF YOUR PERSONAL DATA

No guarantee

  1. Please note that no transmission over the Internet or any method of electronic storage

    can be guaranteed to be absolutely 100% secure, however, our best endeavours will be

    made to secure data and the ability to access your personal data.

  2. Without prejudice to our efforts on the protection of your data, nothing contained in this Policy constitutes a warranty of security of the facilities, and you agree to transmit

    data at your own risk.

  3. Please note, that we do not guarantee that your data may not be accessed, disclosed,

    altered, or destroyed by breach of any of our physical, technical, or managerial

    safeguards.

  4. Please, always check that any website on which you are asked for financial or payment

    information in relation to our Platform is in fact legitimately owned or operated by us. The risk of impersonating hackers exists and should be taken into account when using our Platform.

  5. If you do receive any suspicious communication of any kind or request, do not provide your information and report it us by contacting our offices immediately at info@shdigital.io Please also immediately notify us at info@shdigital.io if you become aware of any unauthorised access to or use of your Account.

  6. Since we cannot guarantee against any loss, misuse, unauthorised acquisition, or alteration of your data, please take the necessary steps to protect your own personal data, including the adoption of sufficient safety measures such as your choosing of an appropriate password of sufficient length and complexity and to not reveal this password to any third parties.

  7. Furthermore, we cannot ensure and do not warrant the security or confidentiality of data transmitted to us, or sent and received from us by Internet or wireless connection, including: email, phone, over-the-top (OTT) messaging services or SMS, since we have no way of protecting that information once it leaves and until it reaches us. If you have reason to believe that your data is no longer secure, please contact us at info@shdigital.io.

  1. Should your personal data be breached, and the security of your rights be at high risk, we shall promptly and immediately communicate to you the nature of the breach which has taken place, the likely consequences of such a breach and shall describe thoroughly the measures we have implemented to address the breach and to mitigate any and all adverse effects to you and your rights. In the unlikely event of a breach occurring, please reach out to us at info@shdigital.io for further information and for further advise on how to mitigate the potential adverse effects of such a breach.

  2. We also aim to conduct all applicable security risk assessments to ensure the availability of risk mitigation controls, to better safeguard the integrity of your data.

21. GENERAL

  1. 21.1.  In the case of abuse or breach of security, we are not responsible for any breach of security or for any actions of any third parties which receive the information illegally.

  2. 21.2.  We will not distribute customer information to be used in mailing lists, surveys, or any other purpose other than what is required to perform our services.

  3. 21.3.  If you choose to restrict the collection or use of your confidential and personal data, please stop using the Platform immediately.

22. DATA PROTECTION OFFICER

22.1. We have a designated Data Protection Officer (“DPO”). The DPO is responsible for the management and protection of personal data in accordance with all applicable laws and is appropriate for the level of risk involved with such personal data. The DPO is responsible for implementing and maintaining appropriate policies, procedures, systems, and controls in relation to personal data.

23. HOW TO GET IN TOUCH WITH US

23.1. If you have any questions about our Policy as outlined above, or if you have any complaints, queries of issues pertaining to your personal data, then please contact our DPO at souhila.boudil@shdigital.io.