Effective August 2024
This is the Privacy Notice (the “Notice”) of Callidus Consulting (DIFC) Limited (“Callidus”, “we”, “us” or “our”) which is registered to provide compliance services in the Dubai International Finance Centre (“DIFC”). Callidus is part of a multi-jurisdictional consultancy also operating out of Dubai, London and Chennai. It is committed to protecting your privacy and processing personal data in a fair, lawful and transparent manner.
This Notice sets out the basis on which we process the personal data of our clients and the customers of our clients as part of our delivery of services. We do so from our offices in the DIFC and Dubai. The Notice, therefore, complies with the Data Protection law, DIFC Law No.5 of 2020 (the “DP Law”) as amended. In the UAE, it also complies with Federal Decree Law No.45 of 2021 on personal data protection (the “PDPL”) together Federal Decree Law No. 34 of 2021 on Countering Rumours and Cybercrimes which criminalises collecting and processing personal data and information in violation of the PDPL.
Processing of Personal Data
When we are appointed to provide services to our clients, we process personal data as a processor, acting upon the instructions of our clients, who are the data controllers. This may include the sharing of personal data with sub-processors appointed by us who act on our behalf. The basis on which we process personal data is set out in the service level agreements we have in place with our clients. These reflect the laws and regulations to which we are subject. This Notice does not apply to the processing of personal data of employees where Callidus is the controller of that data. Such processing is governed by the internal Privacy Notice set out in the Employee Handbook.
Types of Personal Data
In order to provide services to you, we transfer data out of the DIFC to countries which may not provide the same level of protection to your personal data as the DIFC. A current list of the relevant countries where data is transferred is available on the Callidus page of the DIFC Public Register. We seek to ensure that all adequate safeguards are in place, such as using standard contractual clauses, and that all applicable laws and regulations are complied with in connection with such transfers which are primarily intra-group. There are no international data transfers from Dubai and, therefore, the provisions of the PDPL do not apply.
Your Rights as a Data Subject and Complaints
You have a number of rights under the DP Law and the PDPL including the following:
If you wish to exercise any of your rights as a data subject, please contact us via please contact us by telephone on +971 4 261 5559 or by email at dataprotection@callidusmena.com.
If you wish to make a complaint about how we are processing your personal data in contravention of the DP Law or the PDPL, please contact the relevant authority as set out below:
DIFC Commissioner of Data Protection
Dubai International Financial Centre Authority Level 14, The Gate Building DIFC, UAE
Tel. +971 4 362 2222 | Email: commissioner@dp.difc.ae
Tel. +971 (0) 2 333 8888 | Email: data.protection@adgm.com
UAE Data Office
The UAE Data Office is the federal data regulator for the purposes of the PDPL.
Retention of Personal Data
We retain your personal data for as long as required to satisfy the purpose for which it was collected and used unless a longer period is necessary to comply with our legal obligations.
Security
We take reasonable steps to ensure that your personal data is properly secured using appropriate technical, physical, and organisational measures, so that they are protected against unauthorised or unlawful use, alteration, unauthorised access or disclosure, accidental or wrongful destruction, and loss.
Cookies
A cookie is a small text file that is unique to the web browser on your computer or mobile device, which is used to retain user preferences, and enhance browsing experience. Our website automatically collects data on a user’s IP address, their environment (such as browser type and operating system) and timestamps associated with the user’s use. This data helps us to monitor systems performance, identify usage patterns and troubleshoot issues to enhance user experience.
Changes to this Notice
This Notice may be revised by us when required by changes in law and/or regulation. We encourage you to periodically review this Notice to be informed of how we are processing personal data.
Contact Information
If you wish to contact us about this Notice or our handling of your personal date in general, please contact by email at dataprotection@callidusmena.com.
This is the Privacy Notice (the “Notice”) of Callidus Consulting (DIFC) Limited (“Callidus”, “we”, “us” or “our”) which is registered to provide compliance services in the Dubai International Finance Centre (“DIFC”). Callidus is part of a multi-jurisdictional consultancy also operating out of Dubai, London and Chennai. It is committed to protecting your privacy and processing personal data in a fair, lawful and transparent manner.
This Notice sets out the basis on which we process the personal data of our clients and the customers of our clients as part of our delivery of services. We do so from our offices in the DIFC and Dubai. The Notice, therefore, complies with the Data Protection law, DIFC Law No.5 of 2020 (the “DP Law”) as amended. In the UAE, it also complies with Federal Decree Law No.45 of 2021 on personal data protection (the “PDPL”) together Federal Decree Law No. 34 of 2021 on Countering Rumours and Cybercrimes which criminalises collecting and processing personal data and information in violation of the PDPL.
Processing of Personal Data
When we are appointed to provide services to our clients, we process personal data as a processor, acting upon the instructions of our clients, who are the data controllers. This may include the sharing of personal data with sub-processors appointed by us who act on our behalf. The basis on which we process personal data is set out in the service level agreements we have in place with our clients. These reflect the laws and regulations to which we are subject. This Notice does not apply to the processing of personal data of employees where Callidus is the controller of that data. Such processing is governed by the internal Privacy Notice set out in the Employee Handbook.
Types of Personal Data
-
The personal data we process about you in connection with providing services includes the following:
- Contact details - Name, address (including proof), telephone number, email address and any other contact details you provide to us.
- Personal characteristics – These include your gender, profession, job title, employer, employment history, passport or identification number, marital status, date and place of birth, geographical location. nationality or other personal characteristics that are requested to identify you as a client.
- Financial information – Bank account details, income and source of wealth and other financial information.
- KYC, anti-money laundering and sanctions data
- Information required by law to conduct "know your client" identification procedures and to comply with money laundering, terrorist financing and sanctions screening legislation which includes information on all related third parties through the value chain; their Ultimate Beneficial Owners, executives and representatives.
- Screening information received from various anti-money laundering, counter-terrorism financing and sanctions databases.
- Special Category Data (DP Law) / Sensitive Personal Data (PDPL) – This is not normally collected from our clients unless it is required under specific circumstances.
- Identifiers – Information which may be collected automatically through your use of our website or any other digital communication or network applications which may be used by us.
- For the performance of our agreement with you - We collect and use client personal data, which includes the personal data of our clients’ customers, in order to carry out our obligations and deliver services to you in accordance with our service level agreement. Such collection and use includes the personal data of client employees, representatives (if any) and beneficial owners. If you do not provide us with all of the information that we request, we may not be able to deliver the services that you require or there may be a delay in that delivery.
- To comply with our legal obligations - We collect and use personal data in order to comply with applicable laws and regulations on KYC, money laundering, terrorist financing and sanctions. If required by applicable laws, this may include special category data.
- To receive services from you – We may collect and use personal data from you as you provide services to us in accordance with, and performance of, any relevant agreements.
- To address regulator, government body or court requests – We will process your personal data in accordance with requests or required interaction with the regulator in the DIFC or UAE Central Bank or other government body or the courts.
- Training, events and other marketing activities - If you are a client or a prospective client, and attend training, an event or other function, with your consent, we use your personal data to send you communications via email or other electronic means.
- Website – If you contact us via the website, we will only use your personal data to address your request for reasons of legitimate business interest (not under the PDPL).
- Recruitment – Applicants will be asked to provide personal data to us as part of the recruitment process, whether or not they are successful.
Purposes for which we use your Personal Data
We collect, use or otherwise process personal data only in connection with providing our services and as part of our normal business operations for the purposes set out below:
In order to provide services to you, we transfer data out of the DIFC to countries which may not provide the same level of protection to your personal data as the DIFC. A current list of the relevant countries where data is transferred is available on the Callidus page of the DIFC Public Register. We seek to ensure that all adequate safeguards are in place, such as using standard contractual clauses, and that all applicable laws and regulations are complied with in connection with such transfers which are primarily intra-group. There are no international data transfers from Dubai and, therefore, the provisions of the PDPL do not apply.
Your Rights as a Data Subject and Complaints
You have a number of rights under the DP Law and the PDPL including the following:
- Right to withdraw consent
- Right to access, rectification and erasure of personal data
- Right to data portability
- Right to be forgotten
- Right to object to processing
- Right to restrict the use of personal data
If you wish to exercise any of your rights as a data subject, please contact us via please contact us by telephone on +971 4 261 5559 or by email at dataprotection@callidusmena.com.
If you wish to make a complaint about how we are processing your personal data in contravention of the DP Law or the PDPL, please contact the relevant authority as set out below:
DIFC Commissioner of Data Protection
Dubai International Financial Centre Authority Level 14, The Gate Building DIFC, UAE
Tel. +971 4 362 2222 | Email: commissioner@dp.difc.ae
Tel. +971 (0) 2 333 8888 | Email: data.protection@adgm.com
UAE Data Office
The UAE Data Office is the federal data regulator for the purposes of the PDPL.
Retention of Personal Data
We retain your personal data for as long as required to satisfy the purpose for which it was collected and used unless a longer period is necessary to comply with our legal obligations.
Security
We take reasonable steps to ensure that your personal data is properly secured using appropriate technical, physical, and organisational measures, so that they are protected against unauthorised or unlawful use, alteration, unauthorised access or disclosure, accidental or wrongful destruction, and loss.
Cookies
A cookie is a small text file that is unique to the web browser on your computer or mobile device, which is used to retain user preferences, and enhance browsing experience. Our website automatically collects data on a user’s IP address, their environment (such as browser type and operating system) and timestamps associated with the user’s use. This data helps us to monitor systems performance, identify usage patterns and troubleshoot issues to enhance user experience.
Changes to this Notice
This Notice may be revised by us when required by changes in law and/or regulation. We encourage you to periodically review this Notice to be informed of how we are processing personal data.
Contact Information
If you wish to contact us about this Notice or our handling of your personal date in general, please contact by email at dataprotection@callidusmena.com.
