It also describes your data protection rights, including a right to object to some of the processing which we carry out. More information about your rights, and how to exercise them, is set out in the ‘What are your rights in relation to the personal data we hold about you?’ section below.
Who are we?
These controllers are referred to as ‘we’, ‘our’ and ‘us’ in this Policy. We are committed to protecting your privacy and personal data in accordance with the Bahrain Personal Data Protection Law (No. 30, 2018) and its Executive Decisions. We take seriously our responsibility to hold your personal data securely and confidentially.
What personal data do we process about you?
We and our service providers collect the above information in a variety of ways. This includes from you directly and:
If you correspond with us via e-mail, we retain a copy of such correspondence for internal use. The information collected is also used to provide a record of communications between you and us and to comply with any applicable legal and/or regulatory requirements.
Do we collect personal data about you from third parties?
We also collect your personal data from third parties:
How do we use your personal data?
We use your personal data:
In relation to b), we have carried out balancing tests for all the data processing we carry out on the basis of our legitimate interests. You can obtain information about the balancing test we have undertaken by contacting us using the details at the end of this Policy.
In order for us to provide you with certain services, including but not limited to brokerage and research services, which require us to process your personal data due to regulatory and legal requirements (for example KYC and AML) the provision of information is mandatory.
If relevant data is not provided to us, then we will not be able to provide you with the full range of our services meaning that our services may only be offered with a limited scope or not at all. All other provision of your information is optional.
Cookies and similar technologies
Cookies are small pieces of information sent by a web server to a web browser which allows the server to uniquely identify the browser on each page. Other tracking technologies are also used which are similar to cookies. This can include pixel tags and tracking URLs. All these technologies are together referred to in this Policy as “Cookies”.
The types of Cookies that we use on our website, and the purposes for which they are used, are set out below:
To find out more about Cookies please visit: www.allaboutcookies.org or see www.youronlinechoices.eu which contains further information about behavioural advertising and online privacy.
For how long do we keep your personal data?
We only keep your personal data for as long as is necessary to fulfil the purposes for which it has been collected. When determining the appropriate retention period, we consider the risks of the processing, our contractual, legal and regulatory obligations, internal data retention policies and our legitimate business interests as described in this Policy.
Where we process data for: (i) registration purposes, (ii) support purposes or (iii) in order to customize your website experience, we keep this data for the duration of the period where you are a user and for an additional five-year period from when you cease to be a user in compliance with the applicable laws.
Where we process data for marketing purposes we will do so unless we receive a request from you to stop. We will respond to any request from you to stop processing your data for direct marketing purposes, within a maximum of 10 business days from the date of receipt of the request. We will hold a record of such data for five years from when you request us to stop.
Where we process data for website security, we hold this data for a maximum period of one year.
Who do we share your personal data with?
Where we send direct marketing materials to you, we send your personal data to third parties with whom we have contracted to provide these materials to you on our behalf and in our name. These third parties may be located inside or outside the EEA and/or Bahrain.
We also share your personal data with:
(a) to enable you to receive the services provided by our affiliate entities which may cover different financial services or be in different jurisdictions to those that we cover;
(b) to allow us to improve the services that we provide across the EFG Holding; and
(c) to allow us to produce analytical reports reflecting the services provided throughout the EFG group.
We also disclose your personal data to:
If it becomes relevant, we will share your personal data with a potential buyer and their advisers in connection with any proposed purchase, merger or acquisition of any part of our business.
Where is your personal data transferred?
When we share your personal data with the parties listed above, it involves transferring your personal data outside Bahrain and/or the European Economic Area (EEA), to countries where the level of protection of personal data might not be deemed adequate by the European Commission and/or competent Bahraini Data Protection Authority. In particular, your personal data may be transferred to EFG Holding or, subject to the terms of this Policy, to our outsourced service providers located overseas. In these circumstances we will, as required by applicable law, ensure that your privacy rights are adequately protected by appropriate technical, organization, contractual or other lawful means.
The location of EFG Holding is Egypt.
Our third party service providers are located in “Service Providers In our sole discretion we, or SAXO or EFG Holding may appoint third party sub-processors. Where a third party sub-processor is so appointed, e.g. by way of a cloud computing agreement, we shall, with respect to such data protection obligations:
We only permit your personal data to be processed by persons who are bound by enforceable obligations of confidentiality and we take steps to ensure such persons only act on the sub-processor’s instructions in relation to the processing.
Your Data security
We take the security of your personal data very seriously. We have implemented a number of security measures to protect your data from unauthorized access, use, disclosure, alteration, or destruction. These measures include:
We regularly review and update our security measures to ensure that they are effective in protecting your data. If we know or have reason to believe that your personal data has been compromised, we will immediately notify you and take steps to mitigate the impact of the breach.
What are your rights in relation to the personal data we process about you?
Subject to the conditions prescribed in applicable laws, you have the right: (i) to access, rectify or request erasure of your personal data; (ii) to ask us to restrict processing of it; and (iii) to request portability of it; and (IV) to request a copy of your personal data in a structured, machine-readable format and to have it transmitted to another data controller.
Subject to the conditions prescribed in applicable laws, you have the right (i) to object, on grounds relating to your particular situation, to processing of your personal data which is based on our or a third party’s legitimate interests; and (ii) to object to processing of your personal data for direct marketing purposes.
These rights may be limited, for example if fulfilling your request would reveal personal data about another person, where they would infringe the rights of a third party (including our rights) or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. Relevant exemptions are included in PDPL. We will inform you of relevant exemptions we rely upon when responding to any request you make.
You can exercise these rights by contacting us using the contact details provided in the Annex below.
You also have the right to lodge a complaint with the supervisory authority “Bahrain PDPA” about our use of your personal data , place of work or place where you consider an alleged infringement has taken place.
Amendments to this Policy
This Policy was last updated on November 2023. We reserve the right to revise this Policy at any time by posting a revised Policy and, if we consider it necessary, we will notify you of changes.
How can you contact us?
If you have any questions about this Policy, or would like to make any requests as described in this Policy, please contact us using the details in the Annex to this Policy.
Office #31, Level 5, MJ Tower 2, Bldg 943 Block 436, Road 3620, Seef District, Manama, Bahrain