In accordance with disclosures required by data protection laws, the following information provides an overview of how Kane LPI Solutions Limited (DIFC Branch) (“Kane”) uses certain information we hold about individuals (this is known as “personal data”), such as clients, authorised representatives, ultimate beneficial owners, guarantors, beneficiaries, and individual business contacts (all referred to below as “You” or “Your”). This notice also outlines Your rights under data protection law.
Who is legally responsible for the handling of Your personal data and who can You contact about this subject?
In data protection law terminology, such role lies with the data “controller”, namely:
Kane LPI Solutions Limited (DIFC Branch)
DIFC, The Gate Village 1, 2nd Floor, Unit 8
Dubai International Financial Centre, Dubai, United Arab Emirates
P.O. Box 506732
Tel: +971 4 434 3642
Kane is required to handle (or “process”) Your personal data securely and otherwise in accordance with applicable data protection laws.
For the purposes of applicable data protection law, Kane is typically the “data controller” of any personal information provided to us. Specifically, your data will be controlled by the Kane that you have instructed, or that is providing services to or communicating with you. In certain circumstances, we may also act as a “processor” (meaning that we process personal data only in accordance with the directions of a data controller, or as otherwise permitted by law).
Please read the following information carefully to understand our views and practices regarding how we handle personal information.
Should You have queries or complaints about the way in which Kane processes Your personal data, You may raise these with your usual Kane contact at the DIFC Branch or else with our internal Data Protection Ofﬁcer via the contact details above or the following email address: [email protected]
What personal data might We hold about You and where do We source such data?
Kane may collect personal information from you in the course of our business, when you contact us or request information from us, when you instruct us to provide services, when you use our website, or as a result of your relationship with any of our personnel or clients.
The personal information that we process includes:
- Basic details, such as your name, role/title, employer/s, your relationship to a person, and your contact information (such as your email address, physical address, contact numbers);
- Identification information to enable us to check and verify your identity (e.g. your birthdate; your passport details), and information collected from publicly available resources to verify the same;
- Information relating to the matter on which you are seeking our services;
- Bank account or other financial information, if relevant to our engagement with you;
- Technical information (including your location, IP address, browser details, traffic data, location data), such as information from your visits to our website or mobile app (page interaction information, length of visits, etc.), or in relation to marketing emails we send to you;
- Information relating to your visits to our offices or our meetings and events, including appointment details (e.g. time, location, participants), CCTV images and other photographic or video images;
- Personal information provided to us by or on behalf of our clients, or generated by us in the course or providing services to them, which may include special categories of personal data;
- Any other information relating to you which you may provide to us.
We may collect your personal information:
- As part of our new business intake and client on-boarding or client maintenance activities, and when you seek services from us;
- When you seek employment from us, as part of our new employee on-boarding and maintenance of the employment relationship;
- When you provide (or offer to provide) services to us, either yourself or on behalf of your employer;
- When we are providing services where you or your employer are a party to the same;
- When you interact with our website;
- When you interact with us in respect of any of our marketing communications or events;
We collect most of this information directly from you, or through your use of our website. However, we may also collect data about you from a third party source, such as our clients, your employer, other parties to matters in which we are involved, platform operators for technology used in our business (e.g. webinar platforms), other organisations that you have dealings with, regulators or other government authorities, credit reporting agencies, information service providers, or from publicly available records.
The information you provide may be confidential, and we will maintain such confidentiality and protect your information in accordance with our professional obligations and applicable law. We have arrangements in place with personnel and service providers who may process your personal information, to ensure that confidentiality is maintained.
What will We use Your data for and does the law allow this?
Whether we receive your personal data directly from you or from a third party, we will only use your personal information if we have obtained your consent, or if we have another lawful basis upon which to do so (e.g. for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into such contract; for compliance with a legal obligation on us; to protect your vital interests or those of another natural person; or for our own legitimate interests, or those of a third party, except where such interests are overridden by your own rights or interests).
The purposes for which we process your personal information are as follows:
The purposes for which Kane uses and processes Your personal data are summarised below, together with the specific grounds under data protection law (see the bold bullet points) which allow us to do this:
- Providing Services to You
- Communicating with you in respect of legal developments and the promotion of our legal practice;
- Managing our business relationship with you (or your organisation), whether in connection with the provision of our legal services, the procurement of your goods and services, or as your employer (or potential or former employer), including processing payments, accounting, auditing, billing and collection and related support services;
- Complying with our legal obligations, including with respect to legal and regulatory considerations (e.g. anti-money laundering and sanctions checks, audits, enquiries by regulatory authorities);
- Managing and securing access to our premises and information technology systems, and monitoring the technology side of our operations;
- Keeping your contact details accurate and current using information provided by you, or information publically available;
- For any purpose related and/or ancillary to any of the above or any other purposes for which your personal data was provided to us.
Who might We share Your data with?
Where necessary to fulfil Your instructions to us and for the other purposes outlined above, Kane may share information about You with a range of recipients including (but not limited to) the following: credit reference agencies, background screening providers, financial institutions, funds, payment recipients, payment and settlement infrastructure providers, exchanges, regulators, courts, public authorities (including tax authorities), Kane Group entities and service providers, professional advisors, auditors, insurers and potential purchasers of elements of our business. These recipients could be located outside the UAE.
Will we transfer Your data to other countries?
It may sometimes be necessary for us to share your personal information with other Kane offices or professional services firms around the world, who provide services to us or on our behalf (including data storage facilities or online storage located within or outside the United Arab Emirates, which may be operated by independent service contractors). This will entail a transfer of personal information from within the Dubai International Financial Centre to recipients outside the DIFC, and vice versa.
However, such transfers will only be made where permitted by DIFC law and in accordance with the requirements of DIFC law. If Kane uses service providers outside the DIFC, it has procedures and safeguards in place to ensure the protection of personal information. These procedures include contractual obligations to ensure that all such entities safeguard your personal information and use it only for the purposes that we have specified and communicated to you. (For a further information, please contact us at [email protected]). When we transfer your information to other countries, we will use, share and safeguard that information as described in this Privacy Notice.
How long will We keep Your data for?
In general terms, we retain Your personal data as long as necessary for the purposes for which We obtained it (see section 3 above). In making decisions about how long to retain data Kane takes account of the following:
- The termination date of the relevant contract or business relationship;
- Any retention period required by law, regulation or internal policy;
- Any need to preserve records beyond the above periods in order to be able to deal with actual or potential audits, tax matters or legal claims.
Will we use Your data for marketing and/or profiling purposes?
We may use Your personal data to give You information about products and services offered by us or our Kane Group affiliates that we think You may be interested in receiving. Where we consider it appropriate, and so far as compliant with marketing laws, we may contact You in this regard by email or telephone. We refer to Your right to object to marketing activity in the next section.
“Profiling” in the context of this notice is the use of an automated process to analyse personal data in order to assess or predict aspects of a person’s behaviour. Kane does not use profiling.
What data protection rights do You have?
Various rights may be available to you, depending on the circumstances and the applicable law. We summarise key rights likely to be available to most data subjects:
- Withdraw consent: When personal information is processed on the basis of consent, you may withdraw consent at any time, although such withdrawal will not affect the lawfulness of processing occurring prior to such withdrawal;
- Access and rectification, etc.: You may request access to and rectification or erasure of personal information, or restriction of Processing concerning the Data Subject or to object to Processing as well as the right to data portability;
- Objecting and restricting: You may object, on legitimate grounds, to the processing of your personal information, or request that processing be restricted; and
- Complaints: If you believe that your data protection rights may have been breached, you may lodge a complaint with the relevant data protection authority (e.g. the Commissioner of Data Protection in the case of the DIFC).
If you would like to exercise any of the above rights, or any other rights available to you pursuant to applicable law, please write to Your usual contact at Kane in the DIFC or the Data Protection Officer via the contact details given in section 1 above.
You are also entitled to submit any complaint You may have to the data protection regulator, which in the DIFC is the DIFC Commissioner of Data Protection via email at [email protected] or via regular mail sent to the DIFC main office: The Gate, Level 14, DIFC P.O. Box 74777, Dubai, UAE, Tel: +971 (0)4 362 2222.
Are You under an obligation to provide us with Your personal data?
You are not required by law to provide us with Your personal data. However, if You refuse to do so, Kane may not be able conduct further business with You. For example, in order to satisfy our anti-money laundering obligations, we have to verify the identity of our clients. This inevitably requires us to collect certain personal data from current and prospective clients.
Changes to this privacy notice
We may from time to time make changes to this Privacy Notice. Where these are likely to be material, we will communicate these in advance. Otherwise, these will become effective once the amended Privacy Notice is posted on our website. Please check back regularly to keep informed of updates to this Privacy Notice.
Updated January 2021