This Data Protection Policy outlines how GCC Exchange collects, uses, maintains and discloses your Personal Data. GCC Exchange safeguards your Personal Data in accordance with the Personal Data Protection Act (Article (120) in Decretal Federal Law No. (14) of 2018) (“the Act”). This Data Protection Policy supplements but does not supersede nor replace any other consents which you may have previously provided to us, and your consents herein are additional to any rights which we may have as required by our regulators to collect, use or disclose your Personal Data.
1.Your consent is important
When you request our services, you may be required to provide us with your Personal Data. In doing so, you agree and consent to GCC Exchange and its related corporations (collectively referred to herein as “GCC”, “us”, “we” or “our”) as well as our respective agents, authorized service providers and relevant third parties collecting, using, disclosing and/or sharing your Personal Data in accordance with this Data Protection Policy. Failure to provide such Personal Data or withdrawal of your consent for us to process your Personal Data may result in GCC Exchange being unable to provide you with effective and continuous services.
If you should withdraw your consent to the processing or handling of your Personal Data in respect of any purpose which we may reasonably consider to be essential in order for us to provide you with the services requested / applied for, we may not be in a position to continue to provide our services to you or administer any contractual relationship which may be in place between us. Furthermore, we shall be entitled to treat such withdrawal as your termination of any account / agreement which you may have with us, without prejudice to any rights and remedies which we may have at law against you.
Notwithstanding the generality of the foregoing and for avoidance of doubt, upon the termination or expiry of your contractual relationship with us, we may still continue using or disclosing your personal data as may be necessary, required, authorized or permitted for compliance with applicable law or as may be requested by the relevant regulatory bodies,government agencies, statutory boards, administrative bodies, authorities or law enforcement agencies to comply with any laws, rules, guidelines and regulations or schemes to which we may be subject, whether situated locally or overseas.
2.What types of Personal Data do we collect?
In this Data Protection Policy, “Personal Data” refers to any data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which we have or are likely to have access, including data in our records as may be updated from time to time.
Examples of such Personal Data you may provide to us may include (depending on the nature of your interaction with us) your Name, Emirates ID, Visa Copy, Labor Card Passport or other identification number, telephone number(s), mailing address, email address and any other information relating to any individuals which you have provided us in any forms you may have submitted to us, or via other forms of interaction with you.
The Personal Data we collect can be either obligatory or voluntary. Obligatory Personal Data are those that we require in order to provide you, our services. If you do not provide us with obligatory Personal Data, we would not be able to provide you services. Voluntary Personal Data are those that are not mandatory in order for us to provide you with our services. If you do not provide us with voluntary Personal Data, you can still sign up for our products and services. Obligatory and voluntary Personal Data differ for each product and services and will be indicated in the application forms.
3.How do we collect your Personal Data?
Generally, we obtain your Personal Data in various ways, such as:
- When you submit application forms or other forms relating to any of services
- When you use any of our services in branches including remittances, foreign currencies, payroll processing, any value-added services or in websites, apps and any online accounts established with us)
- When you request that we contact you, be included in an email or other mailing list; or when you respond to our request for additional Personal Data, our promotions and other initiatives.
- When you sign up for or use one of the many services we provide or when you register an account at any GCC Exchange websites
- When you contact any GCC entities through various methods such as application forms, emails and letters, telephone calls and conversations you have with our staff in a branch. If you contact us or we contact you using telephone, we may monitor or record the phone call for quality assurance,training and security purposes
- From our analysis of your transactions (including but not limited to transaction history)
- When you participate in customer surveys or when you sign up for any of our competitions or promotions
- When you submit a job application
- When we receive references from business partners and third parties, for example, where you have been referred by them
- When we seek information from third parties about you in connection with your transaction applications or job applications, for example, from your ex-employer and the relevant authorities
- When you submit your Personal Data to us for any other reasons
- When you submit your Personal Data through our Happiness Dashboard Platforms installed at our Respective branches and available in our online platforms.
4.What is the purpose of processing your Personal Data?
Generally, GCC Exchange collects, uses and discloses your Personal Data for the following purposes:
- Responding to your queries and requests
- Verifying due diligence checks
- Managing the administrative and business operations of GCC Exchange and complying with internal policies and procedures
- Matching any Personal Data held which relates to you for any of the purposes listed herein
- Resolving complaints and handling requests and enquiries
- Preventing, detecting and investigating crime, including fraud and money-laundering, and analyzing and managing commercial risks
- Maintaining security of GCC Exchange premises (including but not limited to CCTV surveillance and issuing building access passes)
- Meeting or complying with any applicable laws, regulations, directives, rules,codes of practice or guidelines issued by any legal or regulatory bodies which GCC may be subject to, whether local or overseas (including but not limited to disclosures to regulatory bodies, conducting audit checks, surveillance and investigation)
- Legal purposes (including but not limited to obtaining legal advice and dispute resolution)
- Purposes which are reasonably related to the aforesaid
If you are an employee of an external service provider of GCC, GCC also collects, uses and discloses your Personal Data for the following purposes:
- Issuing building access pass and maintaining building security
- Managing project tenders
- Processing and payment of vendor invoices
- Profiling in media activities
- Any other purpose reasonably related to any of the above If you submit an application to us as a candidate for an employment or representative position, GCC also collects, uses and discloses your Personal Data for the following purposes:
- Conducting interviews
- Processing your application (including pre-recruitment checks involving your qualifications)
- Providing or obtaining employee references and for background screening
- Evaluating and assessing your suitability for the position applied for
- Any other purposes reasonably related to any of the above. Where permitted under the Act, GCC may also collect, use and disclose your Personal Data as follows:
- Providing cross-referrals to other members of the GCC
- Conducting analytics with regard to services which you might be interested in
- administering contests, lucky draws and competitions’ organizing promotional events and corporate social responsibility projects (including but not limited to taking pictures and recording your video/audio feedback and testimony in relation thereto)
- Providing services, products and benefits to you, including promotions, loyalty and reward programmes
- Matching Personal Data with other data collected for other purposes and from other sources (including third parties) in connection with the provision or offering of services, whether by GCC or other third parties
- Sending you details of products, services, special offers and rewards, either to our customers generally, or which we have identified may be of interest to you (including but not limited to cross selling and telemarketing)
- Conducting market research, understanding and determining customer location,preferences and demographics for us to review, develop and improve our products, services and also develop special offers and marketing programmes.
If you have provided your UAE telephone number(s) and have indicated that you consent to receiving marketing or promotional information via your UAE telephone number(s), then from time to time, GCC may contact you using such UAE telephone number(s) (including via voice calls, text, fax or other means) with information about our products and services (including discounts and special offers).
In relation to particular products or services or in your interactions with us, we may also have specifically notified you of other purposes for which we collect, use or disclose your Personal Data. If so, we will collect, use and disclose your Personal Data for these additional purposes as well, unless we have specifically notified you otherwise.
You have a choice to withdraw your consent for receiving marketing or promotional materials / communication. You may contact us using the contact details found below. Please be aware that once we receive confirmation that you wish to withdraw your consent for marketing or promotional materials/communication, we will require some time to process your withdrawal request. During this period of time, you may still receive marketing or promotional materials/communication. Please note that even if you withdraw your consent for the receipt of marketing or promotional materials, we may still contact you for other purposes in relation to the accounts, facilities or services that you hold or have subscribed to with GCC.
5. To whom do we disclose your Personal Data?
Your Personal Data held by us shall be kept confidential. However, in order to provide you with effective and continuous products and services, and for the purposes listed above (where applicable), your Personal Data may be disclosed to the following parties:
- Entities within GCC including our head office and any of its branches,representatives’ offices, subsidiaries, related corporations and affiliates
- Agents, contractors or third-party service providers who provide operational services to GCC, such as courier services, telecommunications, information technology, payment, payroll, processing, training, survey, market research,storage, archival or other services to GCC Exchange vendors and other third-party service providers in connection with promotions, online campaigns,products and services offered by GCC
- Credit bureaus and credit reporting agencies
- Any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset transactions (which may extend to any merger,acquisition or asset sale)
- Other financial institutions, banks and their respective service providers
- Our professional advisers such as financial advisors, auditors and lawyers
- Relevant regulatory bodies, government agencies, statutory boards,administrative bodies, authorities or law enforcement agencies to comply with any laws, rules, guidelines and regulations or schemes to which GCC may be subject, whether situated locally or overseas
- Counterparties, billing organizations and their respective banks or our distribution agents in relation to fund transfers, and payments
- Any other party to whom you authorize us to disclose your Personal Data to.
6. How do we protect your data?
Employee access is only limited to authorized employees who are fully trained in handling your information. These authorized personnel are required to ensure the confidentiality of your information and to respect your privacy at all times. Employees who have access to your information will be subjected to disciplinary action should they fail to observe this Data Protection Policy and other guidelines, codes or policies which we may issue to them from time to time.
If we disclose any of your Personal Data to our authorized agents or service providers, we will require them to appropriately safeguard the Personal Data provided to them.
7. How long may we retain your Personal Data?
We will only retain your Personal Data for as long as necessary to fulfil the purpose(s) for which it was collected or to comply with legal, regulatory and internal requirements.
8. Changes to this Data Protection Policy
Please note that we may update this Data Protection Policy from time to time to ensure that this Data Protection Policy is consistent with our future developments, industry trends and/or any changes in legal or regulatory requirements. If there are material changes to this Data Protection Policy, we will notify you by posting a notice of such changes on our website or by sending you a notification directly. Do periodically review this Data Protection Policy to stay informed on how we are protecting and managing your information.
Subject to your rights at law, you agree to be bound by the prevailing terms of the Data Protection Policy. This Data Protection Policy was last updated in December 2020.
9. Access and correction of your Personal Data
You should ensure that all Personal Data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with products and services you have requested / applied for.
We are committed to ensure that the Personal Data we hold about you is accurate, complete,and up-to date. If there are any changes to your Personal Data or if you believe that the Personal Data, we have about you is inaccurate, incomplete, misleading or not up to date,please contact us so that we may take steps to update your Personal Data.
You have the right to access your Personal Data. If you would like to request access to your Personal Data, please contact us. Please note that depending on the information requested we may charge a small fee. We may also take steps to verify your identity before fulfilling your request for access to your Personal Data.
10. How can you contact us?
If you need to contact us, you may visit our branch, call our Data Protection Officer Alternatively, you may also write to our Data Protection Officer as follows:
#802, 8th Floor
Emirates Islamic Bank Building
Baniyas Road, Near Abra
P.O Box No: 41704
United Arab Emirates
Tel: +971-4-256 6686
Data Protection Officer
Mr. Beni Jeyasingh – Head Information Technology
GCC Exchange | P.O. Box 41704, Dubai, UAE
Tel: +971-4-256 6686
Fax: +971-4-256 6687