Data Protection Policy

Effective Date: 05 December 2022

DIFC Courts and/or its affiliates (collectively “We”, “Us” or “Our”) value Your security and privacy.

In accordance with Dubai International Financial Centre (“DIFC”) Data Protection Law No. 5 of 2020 (and its related regulations, as amended from time to time) (the “DP Law”) as well as other data protection laws from relevant jurisdictions and, as applicable, Our Terms and conditions, We process information about You when You access and use the Tejouri digital vault service (the “Service”) through Our website: https://tejouri.com (the “Website”).

This data protection policy (the “Policy") sets out the basis on which any information, including any personal data, We collect from You, or You provide to Us, will be processed by Us. Each time You access or use the Service or provide Us with information, by doing so You acknowledge the practices described in this Policy.

For the purposes of this Policy, DIFC Courts is the data controller in relation to Your Personal Data (as defined below).

1. Scope and Application

This Policy applies to persons anywhere in the world who access or use the Service.

2. Collection of Information

Information You Give Us

This is personal data You give Us by providing information or by corresponding with Us (for example, by telephone, e-mail or any other digital or electronic form). It includes, for example, information You provide when You register to use the Service and / or any information contained in documents that You have uploaded onto the Service. If You contact Us, We will keep at least an electronic record of such correspondence, including personal data shared at that time, in order to reply or process it as per Your request. The personal data You give Us may include Your name, address, nationality, Emirates ID, passport details, e-mail address and phone number, certain device information (including username and password), photograph or facial biometrics for verification purposes, payment details and other registration information You choose to provide (together “Personal Data”). Kindly note that Personal Data will also be collected and processed from information provided for recipients of documents uploaded onto the Service. This may include their name, e-mail address and phone number. It may also include Personal Data included in any documents uploaded onto the Service. We process all such Personal Data on the understanding that consent has been obtained from the recipients or individuals whose Personal Data is included in any documents and You hereby confirm that all such consents, in accordance with all applicable data protection laws, have been secured and will provide Us with evidence of these consents promptly on request.

The Service is not targeted, intended, or expected to be of use to children, however, Personal Data of children may be collected depending on the documents provided and uploaded whilst accessing or using the Service.

Information We Collect about You and Your Device

Each time You access or use the Service, We may and often will automatically collect the following information:

• technical information, including the type of mobile device You are using, a unique device identifier (for example, mobile network information, Your mobile operating system, the type of mobile browser You use, device token, device type, time zone setting, etc.);
• details of Your use of the Service including, but not limited to, traffic data, weblogs and other communication data, and the resources that You access;
• location information if the Service uses GPS technology to determine Your current location. If You wish to use the particular feature, You may be asked to opt-in to Your data being used for this purpose.

If You do not wish to share certain data with Us or do not want Us to use / share it for certain purposes (to the extent possible, in accordance with applicable laws and information in this Policy), You can alter Your preferences at any time.

Other Information We May Collect Through Your Use of the Service

When You access or use Our Service, We may collect Personal Data including demographic information; for example, information that You submit, or that We collect, which may include, but is not limited to: age/birth date, hometown, gender, username, mobile network information, Your mobile operating system, the type of mobile browser You use, time zone setting, device location, IP address, SMS data, transaction information, business activities and services / distribution locations, browsing history information, searching history information, and registration history information.

3. Use of Personal Data

We may use Personal Data which You provide to Us or We collect from You to:

• provide, maintain, and improve the Service, including, for example, to develop new features that will enhance Your user experience and Our efficiency, provide customer support, facilitate payments, authenticate users of the Service, and send administrative messages;
• perform internal regulatory, administrative and operational requirements, including, for example, to prevent fraud or abuse of the Service; to troubleshoot software bugs and operational problems; to conduct data analysis, testing, and research; to ensure You and Us are complying with internal or external legal requirements, including those that necessitate use of digital systems; and to monitor and analyse usage and activity trends;
• send You communications about the Service;
• notify You about changes to this Policy, or to the Service;
• allow You to participate in any interactive features of the Service;
• keep the Service safe and secure; or
• personalize and improve the Service,

to the extent permitted by applicable law.

We process Your Personal Data for the reasons set out above and otherwise in this Policy as necessary, in accordance with the Terms and conditions, to enable Us to provide the Service to You and otherwise in relation to Our legitimate interests as the provider of the Service. In certain circumstances, and for specific purpose(s), as set out in this Policy, We process Your Personal Data based on Your consent.

4. Processing, Storage and Transfer of Personal Data

We will take all steps reasonably necessary to ensure Your Personal Data is processed fairly and lawfully, in accordance with the DP Law, other applicable laws and this Policy.

By submitting Your Personal Data, We expect You to understand that such transfer, storing or processing undertaken by Us will be done in a proportionate, lawful manner. Unless otherwise notified to You, We do not ordinarily rely solely on automated decision making when processing Your Personal Data.

We store Your Personal Data in a DIFC data centre; however, in order to provide the Service to You, We may transfer Your Personal Data to and from, and process and store it in, secondary United Arab Emirates-based data centres. In all such cases, and generally for any processing operations, We take appropriate security measures to protect Your Personal Data in accordance with this Policy and the DP Law. We adopt technical measures including multiple factors of authentication, encrypted data, block chain security, personalised biometric information and safe-keeping ledgers to secure Your Personal Data. Please see section 7 below for further details.

To preserve the integrity of the Service, for research, analytics and statistics purposes and to ensure compliance with applicable laws, We retain Personal Data submitted by You so long as You have an active account for the Service with Us, unless otherwise prescribed by applicable laws. After Your account is terminated, We retain certain limited Personal Data submitted by You to ensure compliance with applicable laws.

We are not responsible for the accuracy of the Personal Data You provide and will only modify or update Your Personal Data on the Service when You provide updated information or on an ad hoc basis upon Your request, as further outlined below. We will erase, or put beyond active use, Your Personal Data upon request, unless We are required to retain it in accordance with applicable laws or to perform agreed services, in which case We align with applicable principles such as purpose specification and data minimization.

We may process special category data that You share with Us, including facial biometrics, for the purposes set out in this Policy. We process special category data based on the consent You provide to Us by ticking the consent box relating to the processing of special category data. You have the right to withdraw Your consent at any time by using the contact details below. Any withdrawal of consent is without prejudice to any processing of Your special category data that We have undertaken prior to Your withdrawal of consent. Please note that by withdrawing Your consent, We may not be able to provide certain Service features or functionality to You.

By accessing or using the Service, We can reasonably expect that You understand that all information submitted by You may be used by Us to support these processing operations, in accordance with applicable laws and Our policies.

5. Sharing of Personal Data

We may share Personal Data which We collect about You as described in this Policy or as described at the time of collection or sharing, including as follows:

• with Our subsidiaries and affiliated entities, to the extent permissible by applicable laws;
• with individuals who You have identified as recipients, in accordance with the Terms and conditions, of the documents You have uploaded to the Service;
• with vendors, consultants, marketing and advertising partners, and other service providers who need access to such Personal Data to carry out work on Our behalf or to perform a contract We enter into with them;
• if We otherwise notify You and You provide Your affirmative opt-in to share Your Personal Data, where needed;
• in response to a request for information by a competent authority or government entity if We determine that such disclosure is in accordance with, or is otherwise required by, any applicable laws and/or legal process;
• with law enforcement officials, government entities or authorities, or other third parties as required by applicable laws; or
• with third parties in an aggregated and/or anonymized or pseudonymized form that cannot reasonably be used to identify You.

6. Your Rights and Choices

Marketing and Preferences

We support Your legal rights, under applicable law, to opt-out of receiving marketing communications from Us. You have the option to ask Us not to process Your Personal Data for marketing purposes and to not receive future marketing communications.

You may change Your preferences at any time.

Please note that We may continue to send You transactional or service-related e-mails despite Your desire to not receive promotional or marketing e-mail messages. Additionally, please note that if You elect to opt-out of or unsubscribe from receiving promotional or other similar e-mails or messaging from or about the Service, You may continue to receive promotional emails from Our other websites, providers, or other, non-affiliated marketers whose services You may have accessed via the Service.

Finally, while We may remove Your individual contact information from Our professional contacts database, please be aware that if such information is in a different third party’s directory through Your request or election, You will need to request removal with such third party directly.

Access to and Correction of Your Personal Data

You have the right to access information held about You. Your right of access can be exercised for any reason, at any time, in accordance with DIFC and other applicable laws.

You have the right to ask Us to rectify information You think is inaccurate. You also have the right to ask Us to complete information You think is incomplete.

You may also request that We restrict the processing of, erase, transfer the information You gave Us from one organisation to another, or otherwise process Your Personal Data in line with the relevant articles providing for such rights set out in the DP Law or other applicable laws.

Any access request generally comes at no cost to You and We must respond within one month unless provided otherwise by the DP Law or other applicable laws. We may, where permissible, impose a reasonable fee to meet any extraordinary administrative costs in providing You with details of the information We hold about You.

When You contact Us about a potential Personal Data error or query, We will endeavour to confirm or verify the information in question, then correct verified inaccuracies and respond to the original inquiry. We will endeavour to send a correction notice to businesses or others whom We know to have received the inaccurate data, where required and / or appropriate. However, some third parties and third party sites may continue to process inaccurate data about You until their databases and display of data are refreshed in accordance with their update schedules, or until You contact them personally to ensure the correction is made in their own files.

We may not discriminate against You for exercising Your rights by denying services or changing prices or quality of service, unless reasonable to do so in general, as objectively determined, and applicable to all individuals offered or receiving such benefits.

For access to Your Personal Data, and other requests, You may contact Us using the information provided below.

7. Security Precautions

We make every effort to ensure that Your Personal Data is secure. We have staff dedicated to maintaining Our data protection and security policies, periodically reviewing them and making sure that Our employees are aware of Our data protection and security practices. Unfortunately, no data transmission over the internet can be guaranteed to be 100% secure. As a result, We cannot warrant or guarantee the security of any Personal Data You transmit to Us, and You do so at Your own risk.

We have established appropriate, industry standard, security protocols for managing information and protecting Personal Data against unauthorized access. We continually assess Our data privacy, information management and security practices and train Our employees on these requirements. Our security protocols relating to the Service include:

• incorporating cloud storage infrastructure with advanced KYC mechanisms. Access is multi-faceted with biometric authentication and facial recognition processes that go beyond standard password-protected login;
• utilising elliptic curve cryptography, a highly advanced key-based technique for data encryption, with a unique secure key for each user of the Service; and
• having distributed ledger technology which uses a database shared amongst multiple participants. Here, each participant maintains and updates a synchronised copy of the data. We use this system to securely verify, execute, and record every transaction.

If You have any further questions about Our security and processing activities, please contact Us using the contact details below or refer to Our Terms and conditions. To the extent permitted by applicable law, We expressly disclaim any liability that may arise should any other third parties obtain the Personal Data You submit through fraud or otherwise where We are not at fault.

8. Cookies

A cookie is a small text file that is unique to the web browser on Your computer or mobile device, which is used to retain user preferences, and enhance browsing experience ("Cookie"). We use Cookies to track overall site usage which enables Us to provide a better user experience. We do not use Cookies to “see” other data on Your computer or determine Your email address.

Types of Cookies We drop and the information collected using them include, but are not necessarily limited to:

Essential

Google Tag Manager - helps make tag management simple, easy and reliable by allowing marketers and webmasters to deploy website tags all in one place.

Site Analytics

Google Analytics - gives website owners the digital analytics tools needed to analyse data from all touchpoints in one place, for a deeper understanding of the customer experience.

Advertising

• DoubleClick - a subsidiary of Google which develops and provides Internet ad serving services.
• Twitter Advertising - enables website owners to track and measure the actions users take after viewing or engaging with ads on Twitter.
• Facebook Advertising - lets website owners measure, optimise and build audiences for advertising campaigns.
• LinkedIn Analytics - enables website owners to promote their company updates to targeted audiences on desktop, mobile, and tablet.

Most browsers accept and maintain Cookies by default. The DP Law requires that DIFC entities set such collection methods to collect the bare minimum, necessary Cookies in order to operate the relevant website or app. Check the ‘Help’ or ‘Settings’ menu of Your browser to learn how to change Your Cookie preferences. You can choose to alter Cookies settings related to the use of the Service, but this may limit Your ability to access certain areas of the Service.

9. External Links

The Service may contain links to other websites on the Internet that are owned and operated by third parties (the "External Sites"). These links are provided solely as a convenience to You and not as an endorsement by Us of the contents of or reliability on such External Sites. You acknowledge that We are not responsible for the availability of, or the information and content of any External Sites. You should contact the site administrator or webmaster for those External Sites if You have any concerns regarding such links or the content located on such External Sites.

If You decide to access linked third party websites, You do so at Your own risk. We do not accept liability, and shall not be liable to You, for any loss or damage arising from or as a result of Your acting upon the content of another website to which You may link from the Service or any loss and damage that may result from the way that any third party processes Your Personal Data.

10. Changes to this Policy

We may change this Policy from time to time and without notice. If We make significant changes in the way We treat Your Personal Data, or to the Policy, We will endeavour to provide You notice through the Service or by some other means, such as email. Your continued use of the Services after such notice constitutes Your understanding of the changes. We encourage You to periodically review this Policy for the latest information on Our privacy practices. We provide links to it through the Service:

Contact Us

If You have any questions, comments and requests related to this Policy, or if You have any complaints related to how We process Your Personal Data, please contact Us as follows:

Ayesha Bin Kalban
Registrar
dp@difccourts.ae
Direct: +971 4 427 3323
Mobile: +971 50 213 8049

Ground Level, Building 4
The Gate District
Dubai International Financial Centre (DIFC)
P.O. Box 211724, Dubai, United Arab Emirates

If You have any complaints related to how We process Your Personal Data, please contact the Commissioner of Data Protection’s Office at:

Dubai International Financial Centre Authority
Level 14, The Gate Building
+971 4 362 2222
commissioner@dp.difc.ae