Website Privacy Notice

THE PURPOSE OF THIS PRIVACY NOTICE

1. Introduction

This Website Privacy Notice generally covers all visitors to our website, subject to the provisions of our UK/EU, DIFC and Guernsey where applicable.  For personal data that is subject to the DIFC Data Protection Law No. 5 of 2020 please refer to our DIFC Privacy notice. 

GMG Group of Companies (“GMG”) is committed to protecting the privacy of all personal information that we obtain from you. Our Privacy Policy explains how and why we collect personal information about you, and how that information is maintained and used (“Privacy Policy/Notice/Statement”). 

2. Identity

PLEASE READ THIS PRIVACY STATEMENT/PRIVACY POLICY CAREFULLY. “YOU” AND “YOUR” SHALL REFER TO THE CUSTOMER OR VENDOR OR VISITOR OF THE “GMG” [www.gmg-brokers.com]. “WE,” “OUR” OR “US” SHALL REFER TO GMG Group of Companies, PROVIDING OR OFFERING SERVICES TO YOU OR CUSTOMER OF the GMG Group of Companies. Each such GMG Group of Companies shall have an interest in, take the benefit of, and be bound by these terms and conditions, as applicable. “GMG Group of Companies” or “GMG” shall mean GMG Group Limited, Mill Court, La Charroterie, St Peter Port, Guernsey, GY1 1EJ, and any Affiliate of GMG Group Limited, where the term “Affiliate” shall mean, in respect of any party, persons who control, are controlled by or are under common control with such party. A full list of GMG Group affiliated companies is available at www.gmg-brokers.com/contact.

3. Our use of personal information

GMG is committed to protecting the privacy of personal information of our customers which has been provided to us or collected by us when you use our products and services. Our Privacy Statement is designed and developed to understand the privacy and security of customers’ personal information.

4. This Privacy Notice

This Privacy Notice explains the collection, use, protection, disclosure, sharing and transfer, if any, of “personal information” by GMG. GMG reserves its right to amend this Privacy Policy from time to time based on changes as per the business, legal and regulatory requirements and applicable laws and the same shall be updated on this website. You are encouraged to periodically visit this page to review the policy and any changes. By using our website or our products/services or otherwise providing information to us through this website, you consent that your personal information may be used and handled as described in this Privacy Statement.

5. What is Personal Information?

Personal information is information that relates to you or allows us to identify you. This includes obvious things like your name, address and telephone number but can also include less obvious things like your attendance at a board meeting or analysis of your use of our websites.

We may also collect your personal information from third parties, including, for example, business partners, analytics providers, search information providers, credit reference agencies and third-party marketing companies or through publicly available sources.

6. Our responsibility to you

We process your personal information in our capacity as a controller. This means that we are responsible for ensuring that we comply with relevant data protection laws when processing your personal information.

If you are a client/services provider/applicant of our UK Company the relevant data controller is the GMG legal entity with whom you are dealing with.  If you contract with our UK Company in any other capacity, your data controller will be the GMG entity with which you contract.

If you are a client/services provider/applicant of our DIFC Company the relevant data controller is the GMG legal entity with whom you are dealing with.  If you contract with our DIFC Company in any other capacity, your data controller will be the GMG entity with which you contract.

YOUR PERSONAL INFORMATION

7. Why are we collecting personal information about you?

We only collect personal information about you in connection with providing our services and running our business. We will hold information about you if:

- you are a client, a representative of a client, or the beneficial owner of a client

- your information is provided to us by a client or others

- you provide services to us

- you are an applicant for a job with us

8. What personal information do we collect about you?

The types of information we process about you may include:

Types of Personal Information

Details

Individual details:

Name, address (including proof of address), other contact details (e.g. email and telephone numbers), gender, marital status, date and place of birth, nationality, employer, job title and employment history, and family details, including their relationship to you.

Identification details:

Identification numbers issued by government bodies or agencies, such as your national insurance number, passport number, tax identification number and driving license number, biographical data and, where applicable, your photograph, utility bills.

Financial information:

Bank account or payment card details, investment risk tolerance, financial investment experience income or other financial information.

Credit, anti-fraud and sanctions data:

Credit history and information received from various anti-fraud and sanctions databases relating to you.

Sensitive personal data:

Information about your health, racial or ethnic origin, political opinions, religious or philosophical beliefs and trade union membership; your genetic and biometric data; and information about your sex life or sexual orientation.

Identifiers:

Information which can be traced back to you, such as an IP address, a website tracking code or electronic images of you.

Contacts with GMG:

A note or recording of a call you make to one of our contact centers, an email or letter you send to us and other records of any contact you have with us.

9. Where do we collect your personal information from?

We collect your personal information from various sources, including:

- you

- your employer

- our clients and our service providers

- other third parties

- anti-fraud databases and other databases

- government agencies and publicly accessible registers or sources of information

- by actively obtaining your personal information ourselves, for example through the use of website tracking devices

Which of the sources apply to you will depend on why we are collecting your personal information. Where we obtain your information from a third party, in particular your employer or our client, we may ask them to provide you with a copy of this privacy notice (or a shortened version of it) to ensure you know we are processing your information and the reasons why.

OUR USE OF YOUR PERSONAL INFORMATION

10. How do we use your personal information?

In this section we set out in more detail:

- the main purposes for which we use your personal information

- the legal bases upon which we are using your personal information

Purpose

Legal Basis

Know Your Client and other legal obligations

We may hold information relating to you that you have provided to us on “KYC AND SUITABILITY ASSESSMENT QUESTIONNAIRE - CORPORATE/LEGAL ENTITIES” or “KYC AND SUITABILITY ASSESSMENT QUESTIONNAIRE – INDIVIDUALS” or that we may have obtained from another source such as our suppliers or from marketing organizations and credit agencies. We may also collect your personal information when you use our services, websites or otherwise interact with us during the course of our relationship.

As an investment service provider, we (GMG) are subject to various legal obligations, i.e. legal requirements as well as supervisory requirements. The purposes of the processing include identity and age checks, KYC process, prevention of fraud and money laundering, the fulfillment of reporting obligations as well as the evaluation and management of risks within the company.

For all information - legitimate interests or in compliance with a legal obligation or in the public interest.

We are a regulated inter-dealer brokerage firm. We have a legitimate interest in using your information where this is necessary or appropriate to provide services to our clients.

Contractual obligations

For all information - legitimate interests

The processing of data is carried out to provide and mediate financial services, as part of the execution of our contracts with our customers or to carry out pre-contractual actions, which are carried out on request. The purposes of data processing are primarily based on the specific agreement. Further details on the data processing purposes can be found in the relevant contract documents and terms and conditions.

We are a regulated inter-dealer brokerage firm. We have a legitimate interest in using your information where this is necessary or appropriate to provide services to our clients, through the performance of contractual obligations.

Service providers

Legitimate interests.

We collect information about you in connection with your provision of services to us or your position as a representative of a provider of services to us. We do not generally look to collect sensitive personal data for this purpose, other than where we are required to do so to meet our legal obligations (see 'Know Your Client and other legal obligations' above).

We have a legitimate interest in contacting and dealing with individuals involved in providing services to us.

Visitors to our websites

Legitimate interests.

A facility on our website invite you to provide us with your personal information. Where you provide us with information, we will only use it for the purpose for which it has been provided by you.

We may use cookies and other interactive techniques to collect personal and non-personal information about you. The cookies mean that our website platforms may remember you to personalize the content and how you've used the site every time you come back; understand what you like and use about our website; understand what you do not like and do not use on our website; provide a more enjoyable, customized service and experience, and help us develop and deliver better products and services tailored to our customers’ interests and needs.

We may sometimes use a persistent cookie to record details such as a unique user identity and general registration details on your PC. This helps us recognize you on subsequent visits to this website. This data is stored for 2 years.

Most browser technologies (such as Internet Explorer, Chrome, etc.) allow you to choose whether to accept cookies or not – you can either refuse all cookies or you can set your browser to alert you each time that a website tries to set a cookie.

We have a legitimate interest in providing to you the facilities on our websites that you have requested and in understanding how our websites are used and the relatively popularity of the content on our websites.

Visitors to our offices

Legitimate interests.

We have security measures in place at our offices, which include building access controls and finger print access for employees.

The company building requires visitors to sign in at reception and provide an ID. The building can be accessed only via badge.

We have a legitimate interest in making sure our offices, and the people that visit and work at our offices, are safe and secure.

Staff Recruitment

For all information - legitimate interests

We ask you to provide or we receive personal information pertaining to yourself from qualified recruitment agencies as part of the recruitment process. We are not responsible for data handling of external providers.
We will also conduct checks in order to verify your identity and the information in your application, and obtain further information about your suitability for a role within our company.

As a regulated company, we have a legitimate interest in knowing the identity and background of the individuals we employ to ensure we have the appropriate staff to comply with our various legal and regulatory obligations and ethical duties.

11. Consent

We process your Personal Information only when there is a lawful basis. In some instances, we have to process your personal information without your consent, provided that there is a determined legal ground. In cases where you have to give consent to the Processing of your Personal Data for specific purposes, you shall have the right to withdraw this consent at any time. To withdraw your consent please email us at mohamed.hafit@gmg-brokers.com or, to stop receiving our marketing emails or company news, please click on the unsubscribe link in the relevant email you receive from us.

12. Do we share your information with anyone else?

We do not sell your information nor make it generally available to others. But we do share your information with the following parties or in the circumstances set below:

Authorized Third Parties:

GMG may at its discretion employ, contract or include third parties external to itself for strategic, tactical and operational purposes. We may disclose and/or transfer your personal information or other information collected (as defined in section: Personal information that we collect and methods of collection), stored and processed by us to such third parties. Such third parties though external to GMG, will always be entities which are covered by contractual agreements. These agreements in turn include GMG’s guidelines to the management, treatment and secrecy of personal information. This may also include:

Authorized third-parties include our subsidiaries, divisions, and third-party business affiliates but not limited to: Partners or agents who are involved in delivering the products and services you have ordered or used; Customer Verification agencies; Credit-reference agencies, fraud-prevention agencies, business-scoring agencies or other credit-scoring agencies; Debt-collection agencies or other debt-recovery organizations; Our Business partners involved in delivering and improving our services; Our IT vendors hosting our websites and applications; operating various features available on the website and applications; sending emails; analyzing data; providing search results and links and assisting in fulfilling your orders.

Government Agencies:

GMG may also share your personal information with Government agencies or other authorized law enforcement agencies (LEAs) mandated under law to obtain such information for the purpose of verification of identity or for prevention, detection, investigation including but not limited to cyber incidents, prosecution, and punishment of offences.

Data Analytics:

We may permit certain authorized third parties to track your usage, and analyze your personal data. Data Analytics is performed in order to better understand our products and services usage, and enhance them by helping us make better decisions. These include, but not limited to Website Analytics vendors and agencies.

Other Scenarios:

We may transfer personally data as an asset in connection with a merger or sale (including any transfers made as part of an insolvency or bankruptcy proceeding) involving all or part of our business or as part of a corporate reorganization, stock sale or other change in control. GMG may disclose Contact Information in special cases where we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be violating our terms and conditions of use or may be causing injury or interference with our rights, property, our customers or anyone who could be harmed by such activities.

OTHER IMPORTANT THINGS YOU SHOULD KNOW

13. Keeping your personal information safe

We adopt reasonable security practices and procedures, in line with international standard IS/ISO/IEC 27001, to include, technical, operational, managerial and physical security controls in order to protect your personal information from unauthorized access, or disclosure while it is under our control.

  • To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, we maintain appropriate physical, electronic, and managerial procedures to safeguard and secure the information and data stored on our system.
  • We have specialized security teams who constantly review and improve our measures to protect your personal information from unauthorized access, accidental loss, disclosure or destruction.
  • Our security practices and procedures limit access to personal information on a need to know basis. Further, our employees, to the extent they may have limited access to your personal information on a need to know basis, are bound by GMG Code of Conduct and confidentiality policies which obligate them to protect the confidentiality of your personal information.
  • We take steps to ensure that our contracted third parties adopt reasonable level of security practices and procedures to ensure security of personal information. We cannot protect any information that you make available to the general public in any publicly accessible area of our website or any other media.
  • When we dispose of your personal information, we use reasonable procedures to erase it or render it unreadable.
  • No data transmission over the Internet is completely secure and for reasons outside of our control, security risks may still arise. Any personal information transmitted to us or from our online products or services will therefore be at your own risk. However, we will strive to ensure the security of your information. We observe reasonable security measures to protect your personal information against hacking and virus dissemination.

14. Profiling and automated decision making

We do not use profiling (where an electronic system uses personal information to try and predict something about you) or automated decision making (where an electronic system uses personal information to make a decision about you without human intervention).

15. How long do we keep your personal information?

We do not keep your personal information forever.

We keep your personal information in accordance with our data retention schedule which categorizes all of the information held by us and specifies the appropriate retention period for each category of information. Those periods are based on the requirements of relevant data protection laws and the purpose for which the information is collected and used, taking into account legal and regulatory requirements to retain the information for a minimum period, limitation periods for taking legal action, good practice and our business purposes.

Kindly note that once our relationship with you has ended, your Personal Information may still be relevant for our current or future legitimate business purposes. For example we may be required to retain certain Personal Information: (i) for our business records; (ii) to be able to establish, exercise or defend our legal rights; (iii) to show that we are compliant with applicable laws; or (iv) to show that we have fulfilled or continue to fulfill our obligations towards our Clients in relation to Services you may have been involved in.

16. Cross border transfers of your personal information

GMG is an inter-dealer brokerage firm operating throughout the GCC, MENA, and Emerging Market regions, facilitating deals on behalf of its diverse client base, consisting of a vast majority of the world's largest banks, investment banks, hedge funds, and investment firms.

With offices in both Dubai and London, GMG's international team, operating in eight different languages, facilitates for its clients the buying and selling of a variety of financial products across several markets and asset classes.

The global nature of our business means that your personal information may well be transferred intra-group and across national boundaries, including, potentially, to countries that do not require organizations by law to look after your personal information in the way in which you have come to expect in your own country.

Where we transfer your personal information across national boundaries, we will protect your personal information by ensuring that those transfers are made in compliance with all relevant data protection laws. Generally, this means where we transfer your personal information to a third party that is located in a country which does not have adequate privacy protection, we will put in place a contract with the third party that includes the standard international data transfer contractual terms approved by the European Commission/UK GDRP or contractual terms compliant with the DIFC Data Protection Law. 

We may transfer personal information to other countries outside of the European Economic Area. In such circumstances, we will ensure the transfer is lawful and that there are appropriate contractual, legal and security arrangements in place. Unless the recipients are located in countries that have been deemed adequate by the European Commission, we put in place data transfer agreements based on the applicable European Commission-approved Standard Contractual Clauses or rely on other available data transfer mechanisms (Binding Corporate Rules, approved Certifications or Codes of Conduct) to protect the personal data so transferred.  In exceptional cases, we may rely on statutory derogations for international data transfers. The same will apply should the recipients are located outside the DIFC and do not provide an adequate level of protection as per the DIFC applicable laws and regulations.

Our offices in Dubai and London have data protection policies in place, in compliance with the DIFC DP Law and GDPR.

If you would like further details of how your personal information is protected when transferred from one country to another then please email us at mohamed.hafit@gmg-brokers.com.

17. Contacting us and your rights

If you have any questions in relation to our use of your personal information, please email us at mohamed.hafit@gmg-brokers.com 

Under certain conditions, you may have the right to require us to

  • provide you with further details on the use we make of your personal information.
  • provide you with a copy of the personal information we hold about you.
  • update any inaccuracies in the personal information we hold about you.
  • delete any of your personal information that we no longer have a lawful ground to use.
  • where processing is based on consent, stop that particular processing by withdrawing your consent.
  • object to any processing based on our legitimate interests unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights.
  • restrict how we use your personal information whilst a complaint is being investigated.
  • transfer your personal information to a third party in a standardized machine-readable format.

We are obliged to keep your personal information accurate and up to date. Please help us to do this by advising us of any changes to your personal information.

18. Your right to complain

If you are not satisfied with our use of your personal information or our response to any request by you to exercise your rights, or if you think that we have breached any relevant data protection laws, then you have the right to complain to the authority that supervises our processing of your personal information or, where you are based in the EU, the data protection authority in your country. You may also contact the Information Commissioner’s Office in the UK if the Data Breach relates to our UK-based Company. 

If you are unsure of the authority that supervises our processing of your personal information then please email us at mohamed.hafit@gmg-brokers.com.