Privacy Policy

EFG HERMES ONE - PRIVACY POLICY For OLT Privacy Policy

This privacy policy (the “Privacy Policy”) tells you how EFG Holding S.A.E. and its subsidiaries (collectively, the “Company,” “we,” “our,” or “us”) process personal data we collect about you when you use our websites, when you use our mobile apps, and when you interact with us (collectively, the “Services”). This Privacy Policy also describes the manner by way of which we use cookies and employ similar tracking technologies. Additionally, this Privacy Policy sets out your personal data protection rights, including your right to object to some of the data processing which we carry out.

WHO ARE WE?

The controllers of your personal data are listed under Annex 1 of this Privacy Policy.

We are committed to protecting your privacy and your personal data.

WHAT PERSONAL DATA DO WE PROCESS ABOUT YOU?

We collect the following personal data you provide during your use of the Services:

Your name, your date of birth, your gender, data which appears on your government or state issued identification documents (e.g. passport and national ID), the selfie which you provide during the on-boarding process, your phone number, your fax number, your residential address, your postal address, your GPS (Global Positioning System) location, your e-mail address, your demographic information, your bank account, your payment card details, information about your income, information about your account balances, your account details (including your username and your password) in respect of the accounts used to access our website and/or our mobile app, your browser or your device information, information about how you access and/or use our Services, information collected via the employment of cookies, pixel tags, google tags, tracking URLs, and other similar tracking technologies, telephonic or electronic recordings, and survey responses and similar information which reveal your views and preferences.

HOW DO WE COLLECT YOUR PERSONAL DATA?

We and our third-party service providers collect the above information in a variety of ways. This includes from you directly and:

Through your browser and/or your device: Certain information/personal data is collected by most browsers or automatically through devices, including, but not limited to, your Media Access Control (MAC) address, your computer type (Windows or Mac), your screen resolution, your operating system name and version, your device manufacturer and model, the language selected on your browser or device, your internet browser type, the version and the name of the services/applications you use. We also collect your IP address, which is automatically assigned to a computer by an Internet Service Provider. An IP address will be identified and logged automatically in our server log files whenever you access any of our Services, along with the time of the visit and the page(s) that were visited. We use IP addresses for the purposes of, among other purposes, calculating usage levels, diagnosing server problems, and for administrative purposes. We also derive approximate location from IP addresses for the foregoing purposes, and in order to analyze the location from which you are using our Services;
Via e-mail: If you correspond with us via e-mail, we retain a copy of such correspondence for internal purposes. Information collected via e-mail is also used to provide a record of communications between you and us, in order to comply with any applicable legal and/or regulatory requirements;
By way of using cookies and similar tracking technologies: Please refer to the ‘Cookies and Similar Technologies’ section; and
From third parties: Please refer to the ‘Do We Collect Personal Data About You From Third Parties?’ section.

DO WE COLLECT PERSONAL DATA ABOUT YOU FROM THIRD PARTIES?

We also collect your personal data from third parties, such as:

Entities within the Company’s group (the “Group”), whose identities can be found in the link which appears in the 'Who Do We Share Your Personal Data With?' section below; and
Publicly accessible sources, including publicly available online profiles and databases, for the purposes of establishing and verifying your identity, to derive your contact details in order to supplement the contact information we have about you, and to liaise with you in relation to our products and services using third party cookies and similar tracking technologies, as is set out under the ‘Cookies And Similar Technologies’ section.

HOW DO WE USE YOUR PERSONAL DATA?

We collect and use your personal data for the following purposes:

to execute a contractual arrangement with you or to take steps linked to executing a contractual arrangement with you;
subject to the execution of a contractual arrangement with you, and subject to the terms and conditions of that contractual arrangement, to establish an account for you on our Services;
to pursue our legitimate interests which do not override your interests or fundamental rights and freedom, such as:

operating and administering our Services;
providing our products and services to you and/or our clients and to communicate with you and/or our clients about such products and services;
improving and developing products and services we provide;
providing information to you about our and/or our Group’s services and products and/or any additional products and services that we think may be of interest to you and/or our clients. This information may be provided to you in the form of a digital advertisement and campaigns or via e-mail or via Short Message Service (SMS);
identifying which products or services we think you are interested in by using cookies or similar tracking technologies on our Services which track and analyse how you use our Services;
keeping a record of your communication with us;
administrative, assessment, and analysis purposes;
verifying your identity;
monitoring and analyzing the use of our products, services, and Services for system administration, operation, testing and support purposes;
managing our information technology and ensuring the security of our Services and systems;
establishing, exercising, and/or defending legal claims or rights, and/or assisting our clients or others with the foregoing;
investigating and responding to complaints or incidents relating to us or our business, maintaining the Services’ quality, and training our staff to deal with complaints and disputes;
verifying compliance with and enforcing our terms and conditions or other contractual terms; and
in relation to any proposed merger or acquisition of any part of our business,

to comply with applicable laws prevailing the Arab Republic of Egypt or in any other jurisdiction where we (or any of our affiliates) may operate; and
to serve the purposes which are set out under the ‘Cookies and Similar Technologies’ section. For the avoidance of doubt, we obtain your consent for the use of non-essential cookies, and you have the right to withdraw your consent at any time. By not providing your consent or withdrawing your consent, certain aspects or features of our Services may not be available to you. The withdrawal of your consent does not affect the lawfulness of processing your personal data which was collected based on your original consent prior to the withdrawal thereof.

In order for us to provide you with certain services, including, but not limited to, the Services, securities brokerage services, and research services, which require us to process your personal data, due to regulatory and legal requirements (for example KYC and AML), the provision of personal data is mandatory.

If the relevant personal data is not provided to us, then we will not be able to provide you with the full range of our services, meaning that our services may only be offered with a limited scope or not at all. All other provision of your personal data is optional.

COOKIES AND SIMILAR TECHNOLOGIES

Cookies are small pieces of information sent by a web server to a web browser which allows the server to uniquely identify the browser on each page. Other tracking technologies, which are similar to cookies, are also employed and used by us. Other similar technologies can include pixel tags, google tags, and tracking URLs. All these tracking technologies shall be collectively referred to as the “Cookies”.

The types of Cookies that we use on our Services, and the purposes for which they are used, are set out below:

Strictly necessary Cookies: These Cookies are essential in order to enable you to move around our Services and use their respective features, such as accessing secure areas of our Services. Without these Cookies, any services on our Services that you wish to access cannot be provided (the “Strictly Necessary Cookies”);

Analytical/performance Cookies:These Cookies collect information about how you and other visitors use our Services, including, for instance, which pages you go to most often, and if you get error messages from certain pages. We use data from these Cookies to help test designs and to ensure a consistent look and feel is maintained on your visit to the Services. All information these Cookies collect is aggregated. It is only used to improve how the Services work. We use Google Analytics, for example, to anonymously track Services usage and activity;

Functionality Cookies: These Cookies allow our Services to remember choices you make (such as your username, language, or the region you are in) and provide enhanced, more personal features. These Cookies can also be used to remember changes you have made to text size, fonts, and other parts of the pages that you can customize. These Cookies are also used to provide services you have asked for, such as watching a video or commenting. Additionally, these Cookies can be used to allow an optional service to function. The information these Cookies collect may be anonymised and they cannot track your browsing activity on other websites;

Targeting Cookies: These Cookies are used to deliver adverts which are more relevant to you and your interests. These Cookies are also used to limit the number of times you see an advertisement, as well as help measure the effectiveness of the advertising campaign. These Cookies are usually placed by advertising networks with the Service operator’s permission. These Cookies remember that you have visited a Service and this information is shared with other organisations such as advertisers. Quite often, targeting or advertising Cookies will be linked to site functionality provided by the other organization;

Social media Cookies: These cookies allow you to share what you’ve been doing on our Services on social media such as Facebook, Instagram and X (previously Twitter). These Cookies are not within our control. Please refer to the respective privacy policies for how their cookies work; and

Pixel tags: Also known as a clear GIF or web beacon. These Cookies are invisible tags placed on certain pages of our Services but not on your computer. When you access these pages, pixel tags generate a generic notice of that visit. They usually work in conjunction with cookies, registering when a particular device visits a particular page. They are used to, among other things, track the actions of users of our Services (including e-mail recipients), measure the success of our marketing campaigns, and compile statistics about usage of our Services and response rates. If you turn off Cookies, the pixel tag will simply detect an anonymous visit.

If you wish to disable Cookies (save for Strictly Necessary Cookies), you can opt to disable the same by choosing “No, I Disagree” when given the option, via the Cookies consent management tool on our Services or you may rely on your browser’s settings to disable all Cookies. You can choose “Yes, I Agree” to accepting all Cookies. You can also accept or decline certain Cookie categories (save for Strictly Necessary Cookies) via the Cookies consent management tool on our Services. Where you delete or disable Cookies, certain features of our Services may not be able to function.

To find out more about Cookies please visit: www.allaboutcookies.org or see www.youronlinechoices.eu which contains further information about behavioral advertising and online privacy.

SECURITY

We take the security of your personal data very seriously. We have implemented a number of security measures to protect your personal data from unauthorized access, use, disclosure, alteration, or destruction. These measures include:

Preventative Measures: We use these measures to proactively prevent threats from reaching your personal data. This includes using advanced security software, firewalls, data encryption, and regular security assessments;
Detective Measures: We use these measures to focus on identifying and responding to security incidents if they occur. This includes continuous system monitoring, brand protection measures, and incident response plans; and
Physical Security Measures: We use these measures to protect the physical infrastructure that houses your personal data. This includes restricted access, environmental controls, and security cameras.

We regularly review and update our security measures to ensure that they are effective in protecting your personal data. If we know or have reason to believe that your personal data has been compromised, we will immediately notify you and take steps to mitigate the impact of the breach.

FOR HOW LONG DO WE KEEP YOUR PERSONAL DATA?

We only keep your personal data for as long as is necessary to fulfil the purposes for which it has been collected. When determining the appropriate retention period, we consider factors such as the risks of the processing, our contractual, legal and regulatory obligations, internal data retention policies, and our legitimate business interests as described in this Privacy Policy.

Where we process data for: (i) registration purposes, (ii) support purposes, or (iii) in order to customize your experience on our Services, we keep this personal data for the duration of the period where you are a user and for an additional five-year period from when you cease to be a user, for anti-money laundry (AML) & compliance purposes, unless a longer retention period is required by applicable laws.

Where we process personal data for marketing/research purposes we will do so unless we receive a request from you to cease such action. We will hold a record of such personal data for five years from when you request us to cease such action.

Where we process personal data for the security of the Services, we hold this personal data for a maximum period of one year.

WHO DO WE SHARE YOUR PERSONAL DATA WITH?

By virtue of acknowledging, agreeing, and declaring to be bound by this Privacy Policy, you hereby consent to receive (i) marketing materials and offers related to the products and services provided by the Group, and (ii) research material, including market and/or product analysis/information, from the Group. If you wish to withdraw your consent, please contact us using the details in Annex 1 to this Privacy Policy.

Where we send direct marketing materials to you, we send your personal data to third parties with whom we have contracted to provide these materials to you on our behalf and in our name. These third parties may be located inside or outside of the European Economic Area (EEA).

We also share your personal data with:

service providers, who provide a service to us or you, including those listed here (the “Service Providers”);
the Service Providers’ service providers, delegates, and agents; and
entities within the Group, which are listed here for the following purposes:
to enable you to receive the services provided by our affiliates which may cover different financial services or be in different jurisdictions to those that we cover;
to allows us to improve the services that we provide across the Group; and
to allow us to produce analytical reports reflecting the services provided throughout the Group.

We also disclose your personal data to:

regulators, exchanges, auditors, courts, the police, or other law enforcement agencies where we are legally obliged to do so;
to other persons where disclosure is required by law or to enable products and services to be provided to you or our clients; and
- our professional service providers (e.g., legal advisors, accountants, auditors, insurers, and tax advisors) where relevant. If it becomes relevant, we will share your personal data with a potential buyer and their advisers in connection with any proposed merger or acquisition of any part of our business.

For the avoidance of doubt, please note that Service Providers do not use/disclose your personal data for marketing purposes or for any other purposes. Personal data received by Service Providers are used by the same for the purposes of performing their designated functions.

WHERE IS YOUR PERSONAL DATA TRANSFERRED?

When we share your personal data with the parties listed above, it involves transferring your personal data outside of the European Economic Area (EEA) to countries where the level of protection of personal data has not been deemed adequate by the European Commission.

The locations of the companies which form part of the Group can be found here.

The locations of our third-party service providers can be found here.

Where information is transferred outside the European Economic Area (EEA) to a country that is not subject to an adequacy decision by the European Commission, personal data is adequately protected by the standard data protection clauses (as approved by the European Commission) or other appropriate transfer mechanisms (e.g., EU-US Privacy Shield, binding corporate rules).

WHAT ARE YOUR RIGHTS IN RELATION TO THE PERSONAL DATA WE PROCESS ABOUT YOU?

You have the following rights in relation to your personal data:

Right of access: You have the right to access your personal data and to be informed of how it is being processed;
Right to rectification: You have the right to have your personal data rectified if it is inaccurate or incomplete;
Right to erasure: You have the right to have your personal data erased in certain circumstances, such as if it is no longer necessary for the purpose for which it was collected or if you withdraw your consent to processing;
Right to restriction of processing: You have the right to restrict the processing of your personal data in certain circumstances, such as if you contest the accuracy of the personal data or if you object to processing;
Right to object to processing: You have the right to object to the processing of your personal data for certain purposes, such as direct marketing; and
Right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to have it transmitted to another controller.

To exercise any of these rights, please contact us using the details in Annex 1 to this Privacy Policy.

We are entitled to decline your request to exercise your data subject rights if it is not permitted by applicable laws, if it is unreasonably repetitive, or if it would violate the rights of others.

Your request will be answered promptly and within 30 days unless we are legally entitled to an extension of time. If we are unable to grant your request, we will provide you with an explanation.

These rights may be limited, for example if fulfilling your request would reveal personal data about another person, where they would infringe the rights of a third party (including our rights) or if you ask us to delete information which we are required by applicable laws to keep or have compelling legitimate interests in keeping. Relevant exemptions are included in both the General Data Protection Regulation (GDPR) and Member State data protection laws. We will inform you of relevant exemptions we rely upon when responding to any request you make.

If you have any concerns about how we handle your personal data, we encourage you to contact us using the details in Annex 1 to this Privacy Policy. Please also note that you have the right to lodge a complaint with your local data protection authority if you believe we have not addressed your concerns adequately.

AMENDMENTS TO THIS PRIVACY POLICY

This Privacy Policy was last updated in May 2024. We reserve the right to revise this Privacy Policy at any time by posting a revised version and, if we consider it necessary, we will notify you of changes.

HOW CAN YOU CONTACT US?
If you have any questions about this Privacy Policy or would like to make any requests as described in this Privacy Policy, please contact us using the details in Annex 1 to this Privacy Policy.

Annex 1

Personal Data Controllers

#	Data Controller	Address	Jurisdiction	DPO/Contact Details
1	EFG Holding S.A.E.	Building No. B129, Phase 3, Smart Village, Km 28 Cairo Alexandria Desert Road, 6 October 12577, Egypt	Egypt	Group Data Protection Officer EFGHermes_DataProtection@efg-hermes.com
2	EFG Hermes International Securities Brokerage S.A.E.	Building No. B129, Phase 3, Smart Village, Km 28 Cairo Alexandria Desert Road, 6 October 12577, Egypt	Egypt
3	EFG Hermes Promoting & Underwriting S.A.E.	Building No. B129, Phase 3, Smart Village, Km 28 Cairo Alexandria Desert Road, 6 October 12577, Egypt	Egypt
4	EFG-Hermes UAE Limited	Office 301, Level 3, The Exchange ,DIFC P.O. Box 30727 - DIFC, Dubai, UAE	UAE
5	EFG Hermes UAE LLC	106, The offices 3, One Central, DWTC, P.O. Box 112736, Dubai, UAE	UAE
6	EFG Hermes KSA	PO Box 300189 Third Floor, Sky Towers Northern Tower , Riyadh 11372 Kingdom of Saudi Arabia	KSA
7	OLT Investment International Company (B.S.C)	Office #31, Level 5, MJ Tower 2, Bldg. 943 Block 436, Road 3620, Seef District, Manama, Bahrain	Bahrain
8	EFG-Hermes Pakistan Limited	Office # 904, 9th Floor, Emerald Tower Plot No. G-19, Block-5, Clifton, Karachi, Pakistan.	Pakistan
9	EFG Hermes IFA Financial Brokerage	Kuwait Stock Exchange Building 4th floor Safat, 13087 Kuwait	Kuwait
10	EFG Hermes Kenya Limited	8th Floor, Orbit Place, Westlands Road, P.O. BOX 349 00623, Nairobi \| Kenya	Kenya
11	EFG Hermes Nigeria	Postsquare building (7th floor) 1/3 Ologun Agbaje Street off Adeola Odeku	Nigeria

EFG Holding S.A.E. is regulated by the Financial Regulatory Authority.