1. Introduction
GMB Limited (“we”, “us”, or “our”) is committed to protecting and respecting your privacy. This Privacy Notice explains how we collect, use, and protect your personal data in accordance with the ADGM Data Protection Regulations 2021. As an ADGM Category 2 licensed firm, we act as a Data Controller.
2. The Data We Collect
To provide our services, we collect:
-
Identity Data: Full name, passport details, Emirates ID, and proof of address.
-
Financial Data: Audited Financials (or Bank statements), credit history, and tax residency.
-
Contact Data: Email address, phone numbers, and residential address.
-
Transaction Data: Details of funds held in client’s CMA accounts and credit repayment history.
-
Due Diligence Data: Information required for AML and KYC checks.
3. How We Use Your Data
We process your information for the following legal bases:
-
Performance of a Contract: To assess your creditworthiness, arrange credit facilities, manage your Client Money Accounts and execute transactions.
-
Legal Obligation: To comply with ADGM Financial Services Regulatory Authority (FSRA) requirements, AML regulations, and tax reporting (CRS/FATCA).
-
Legitimate Interests: To improve our services and protect against fraud.
4. Disclosure of Your Data
We may share your information with:
-
Regulators and Public Authorities: Including the ADGM Financial Services Regulatory Authority (FSRA) and the UAE Central Bank, where required for regulatory reporting or compliance.
-
Service Providers: Third-party IT providers, auditors, or legal advisors.
-
Sub-Custodians: Where necessary to facilitate the “Providing Custody” activity.
-
Financial Institutions: We provide information to other financial institutions (including banks, correspondent banks, and investment firms) to facilitate the provision of credit, the arrangement of credit facilities, the opening of Client Money Accounts and the processing of transactions . This includes sharing data for credit assessments, anti-money laundering (AML) verification, and transaction processing.
5. International Transfers
If we transfer your data outside the ADGM, we ensure a similar degree of protection by ensuring the destination country is deemed “adequate” by the ADGM Commissioner or by using specific Standard Contractual Clauses (SCCs).
6. Data Security
We have implemented stringent security measures to prevent your personal data from being accidentally lost, used, altered, or accessed in an unauthorized way. Access is limited to employees and partners who have a “need to know” basis.
7. Your Legal Rights
Under the ADGM Data Protection Regulations, you have the right to:
-
Request access to your personal data.
-
Request correction of incomplete or inaccurate data.
-
Request erasure (subject to legal retention periods).
-
Object to processing or request restriction of processing.
-
Data portability.
8. Data Retention
We do not keep your personal data for longer than is necessary for the purposes for which it was collected. However, as a regulated entity holding Client Money in the ADGM, we are subject to statutory record-keeping obligations under the FSRA Rulebook and ADGM Commercial Licensing Regulations.
-
Account & Identity Information: We will generally retain your KYC and onboarding documentation for 6 years following the formal closure of your account.
-
Financial & Transactional Records: Records of all deposits, withdrawals, and ledger entries related to your funds will be held for 6 years from the date of the transaction.
Once these statutory periods have expired, we will securely delete or anonymize your data, unless a longer retention period is required for ongoing legal proceedings or a specific regulatory investigation.
9. Contact Us
If you have any questions about this Privacy Notice or our data practices, please contact our Data Protection Officer (DPO):
Address: Office 1602, Addax Tower, Al Reem Island, Abu Dhabi (UAE)
