(This version of the Policy is in effect as of October 29, 2021)
This Privacy & Cookie Policy (this “Policy”) describes how the Dubai International Financial Centre (“DIFC”) branch of Fisher Asset Management, LLC, which trades as Fisher Investments (registered number 1544, the “Company”), uses Personal Data in accordance with the DIFC Data Protection Law No. 5 of 2020 and the DIFC Data Protection Regulations.
In this Policy, “Personal Data” means any information referring to an identified or identifiable individual. The Company uses Personal Data relating to the following natural people (“Individuals”):
The Company can be contacted about this Policy using the following details:
Fisher Investments DIFC Branch
Attn: Data Privacy Office
Unit 15511, Level 15, Gate Building
Dubai International Financial Centre
Dubai, 121208, United Arab Emirates
privacy@fi.com
The Company collects the following types of Personal Data for the following categories of Individuals:
a. Representatives of prospective clients and clients:
b. Website users:
c. Business contacts at service providers and vendors:
d. Employees and Contractors:
The Company processes Individuals’ Personal Data for the purposes, and upon the legal bases set out in the table below:
a. Purposes and Lawful Bases
Purpose for which the Company uses Personal Data |
Legal Basis upon which the Company relies |
To meet the Company’s obligations under Applicable Law This includes verifying identity of certain individuals and conducting sanctions and anti-money laundering checks, which may reveal data concerning criminal convictions or offences. |
The Company can use Personal Data for this purpose to comply with applicable financial services laws and regulations (“Financial Services Laws”), AML Laws, and other applicable laws and regulations (collectively, “Applicable Law”). In addition, the Company can use Personal Data for this purpose beyond the legally mandated record retention period because it is in the Company’s legitimate interest to keep data for as long as the statute of limitations so that the Company can enforce and defend its legal rights. |
To carry out direct marketing This includes sending mail and emails to Individuals representing organisational prospective clients. |
The Company can use Personal Data for this purpose because it has a legitimate interest in promoting its business. |
To manage the recruitment process This includes making decisions about hiring Employees or engaging Contractors, arranging travel, and reimbursing expenses. |
The Company can use Personal Data for this purpose because it is necessary to take steps at the request of the Individual prior to entering into a contract. |
To market employment opportunities at the Company This includes contacting candidates by email, phone or mail who have consented to be considered for future employment or engagement opportunities. |
The Company can use Personal Data for this purpose with the consent of the Individual. |
To make decisions about Individuals’ fitness for work This includes making decisions about Individuals’ competence and qualifications to carry out roles, including conducting background checks on candidates for employment or engagements. |
The Company can use Personal Data for this purpose where required to comply with Financial Services Laws. |
To administer the Company’s relationship with Individuals This includes administering payroll, processing invoices and reimbursements, providing support services, and, if relevant, pension, medical insurance and similar benefits. |
The Company can use Personal Data for this purpose because it is necessary to perform a contract to which the Individual is a party. |
To fulfilling legal obligations This includes verifying identify and work authorization, complying with social security and tax requirements, and providing information to governmental and quasi-governmental bodies and law enforcement agencies. |
The Company can use Personal Data for this purpose where required to comply with Applicable Law. |
To obtain work authorisation or visas for Employees |
The Company can use Personal Data for this purpose because it is necessary to take steps at the request of the Employee. |
To train, evaluate performance and recognise Employees and Contractors This includes training and surveying Individuals, monitoring and analysing performance, carrying out performance reviews, and making decisions about recognition, rewards, discipline and termination. |
The Company can use Personal Data for this purpose because it is in the Company’s legitimate interest to evaluate its Employees and Contractors, and to give Individuals opportunities to improve performance. |
To administer Employees’ sick leave and absence The Company may ask for Employee Health Data where such information impacts the Employee’s ability to perform his or her role. |
The Company can use Personal Data for this purpose where required to comply with employment laws or to protect the health and safety of employees or others. |
To accommodate religious requests The Company does not ask for this type of Personal Data, but it may be provided by an Individual as part of a request for religious accommodation or for processing work authorizations and visas. |
The Company can use Personal Data for this purpose because it is necessary to take steps at the request of the Individual. |
To monitor systems and Employees and Contractors This includes supervising Employees and Contractors, including monitoring emails, voicemails and other activities as recorded on computer, telecommunications and security systems, and carrying out the Company’s compliance plan. |
The Company can use Personal Data for this purpose where required to comply with Financial Services Laws. In addition, the Company has legitimate interests in using Personal Data for the purposes of ensuring network and information security. |
To provide references to future employers and other third parties This includes providing employment or earnings confirmation letters to banks, mortgage lenders and landlords at the request of the Individual. |
The Company can use Personal Data for this purpose with the consent of the Individual. |
To keep records |
The Company can use Personal Data for this purpose where required to comply with Financial Services Laws and other Applicable Law. In addition, the Company can use Personal Data for this purpose beyond the legally mandated record retention period because it is in the Company’s legitimate interest to keep data for as long as the statute of limitations so that the Company can enforce and defend its legal rights. |
To share data with courts and tribunals |
The Company can use Personal Data for this purpose because it is in the Company’s legitimate interests to enforce and defend its legal rights. |
To use photos and contact information to enable effective communication across the Fisher Group |
The Company can use Personal Data for this purpose because it is in the Company’s legitimate interests to ensure effective communication across the Fisher Group. |
To use images and recordings to promote the Company in internal and external materials and advertising |
The Company can use Personal Data for this purpose with the consent of the Individual. |
To engage with service providers and vendors This includes making payments and contacting business contacts at service providers and vendors using their business contact information. |
The Company can use Personal Data for this purpose for its legitimate interest in engaging with its service providers and vendors. |
To suppress Individuals from being contacted |
The Company can use limited Personal Data for this purpose because it is in the Company’s legitimate interest to refrain from contacting Individuals who have requested not to be contacted or who the Company believes should not be contacted. |
Where the Company has relied upon its ‘legitimate interests’ as a legal basis for a particular purpose, it has performed a ‘balancing test’ to ensure that Individuals’ rights and interests are taken into account when their Personal Data is used. Further information on the balancing test can be obtained by contacting the Company’s Data Privacy Office.
b. If Individuals fail to provide Personal Data
Where the Company needs to collect Personal Data to comply with a legal obligation, or under the terms of a contract or upon request prior to entering a contract, and the Individual does not provide such data, the Company may not be able to provide its services and may need to cancel the contract. The Company will notify the Individual if this is the case at the time.
a. Who will the Company share Personal Data with?
The Company will not sell or lease Individuals’ Personal Data to third parties.
For the purposes listed in Section 3 above, the Company may share Individuals’ Personal Data with:
b. What safeguards are in place where data is transferred outside of the DIFC?
Where the Company transfers Personal Data to a data recipient in a jurisdiction outside of the DIFC where the laws do not provide an adequate level of protection, the Company and the data recipient will make the transfer in accordance with standard contractual clauses approved by the DIFC Commissioner of Data Protection (“Model Clauses”). For more information on Model Clauses, please visit https://www.difc.ae/business/operating/data-protection/data-export-and-sharing/.
Please contact the Company using the contact details in Section 1 with any questions about the legal safeguards in place to protect Personal Data when transferred outside the DIFC (including how to obtain a copy or consult these safeguards).
In accordance with applicable data protection laws, Individuals who consent to the Company using their Personal Data may withdraw that consent at any time. Individuals may do so by contacting the Company using the details set out in Section 1 above.
When doing so, Individuals should:
In accordance with applicable data protection laws, Individuals may exercise the following rights in relation to the Personal Data that the Company holds about them:
To exercise these rights, Individuals should contact the Company using the details set out in Section 1 above. In such case, Individuals should ensure that the full name and address and/or email address are provided in exactly the form in which they were originally provided to the Company to avoid any possible confusion with a different Individual. If Individuals are not satisfied with the way the Company handles the request, they may lodge a complaint with the DIFC Commissioner of Data Protection.
The Company is committed to ensuring that Personal Data is secure. In order to prevent unauthorised access or disclosure, the Company has put in place appropriate physical, electronic and managerial procedures to safeguard and secure Personal Data collected. The Company also uses encryption when collecting or transferring sensitive information.
A cookie is a small text file with an identification tag that is created and downloaded to a user’s computer (or other device) when accessing websites that use cookies. Cookies allow a website to, among other things, store and retrieve information about a user’s online activity and browsing habits. Depending on the information they contain and user behaviour, cookies may be used to identify the user.
Cookies can be categorised by who places them:
Cookies can also be categorised by their duration:
Lastly, cookies can be categorised by the function they serve. The Company uses the following types of first- and third-party cookies:
The Company uses first- and third-party required, statistical, marketing and preferences cookies. The following vendors load cookies on this website:
For further information on cookies and to manage them, please click here.
Some browsers have a “Do Not Track” setting that allows users to send a signal to the websites they visit that the user does not wish to be tracked. The Company’s website does not respond to these signals.
The websites used by the Company for job postings and submitting applications have their own privacy and cookie policies, which are listed below:
Personal Data relating to Individuals representing organisational clients will be kept for the duration of the client relationship plus ten years in order for the Company to satisfy its recordkeeping obligations under applicable Financial Services Laws, as well as to enforce or defend its legal rights. Information on identity verification and sanctions and anti-money laundering checks will be kept for the duration of the client relationship plus five years in order for the Company to satisfy its recordkeeping obligations under applicable AML Laws. Personal Data relating to Individuals who have entered into an employment or contractor agreement with the Company will generally be kept for the duration of the employee or contractor relationship plus seven years in order for the Company to satisfy its recordkeeping obligations under Financial Services Laws, as well as to enforce or defend its legal rights. Personal Data of an Employee or Contractor that forms part of the records of clients may need to be kept for a longer period to satisfy the Company’s recordkeeping obligations under Financial Services Laws. Personal Data relating to candidates will generally be kept for a period of up to one year from the date of collection or the date of rejection. Where a candidate consents to have Personal Data retained by the Company for consideration for future positions with the Company, it will be kept for five years unless the Individual requests earlier erasure of their information. Contact information for vendors/service providers and contact information for Individuals on suppression lists (i.e., name, address, email address and/or phone number) will be retained indefinitely.
The Company maintains a presence on various social media platforms. The terms and conditions set by the operators of the various platforms apply to the Company and any Individuals who interact with the Company through the platforms. More information about each of the various platforms is available below.
From time to time, the Company may use Personal Data for new, unanticipated uses not previously disclosed in this Policy to the extent permitted by law. If its practices regarding Personal Data change at some time in the future, the Company will post the policy changes to https://institutional.fisherinvestments.com/en-us/privacy-security/difc.