Table of Contents
|Document Custodian and Maintenance
|ADGM Supervisory Authority
|Other Supervisory Authorities
Personal Data you provide to us
Information we collect from you automatically
Information collected from Third Parties
|To maintain legal and regulatory compliance
To provide Matrix’s Services
To provide service communications
To provide customer Service
To ensure quality control
To ensure network and information security
For research and development purposes
To enhance your experience
To facilitate corporate acquisitions, mergers or transactions
To engage in marketing activities and make automated decisions
Bases on which we process your Personal Data
Sharing within Group Companies
Third Party Operations and transfers outside ADGM
To Detect and Prevent Fraud and / or Funds Loss
To enforce our terms in our user agreement and other agreements
Information with us
Information with third party
Right to Access
Right to Rectification
Right to Erasure
Right to Data Portability
Object to any Automated Individual Decision-making, Including Profiling
Right to Withdraw
1. Document Administration
Abu Dhabi Global Market
Application Program Interface
Board or BOD
Board of Directors
Chief Compliance Officer
Chief Risk Officer
ADGM Data Protection Regulations 2021, as amended or updated from time to time
Data Protection Officer
Financial Services Regulatory Authority
General Data Protection Regulation
Money Laundering Reporting Officer
Payment Card Industry
Senior Executive Officer
A file of letters and numbers that is downloaded onto a computer when visiting a website. Cookies have a number of functions, including but not limited to, remembering user preferences, recording incomplete transactions (such as maintaining items in a shopping cart), and counting the number of individuals looking at a website.
According to the DP Law, the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
A natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.
Data Protection Officer
An enterprise security leadership role required by the DP Law under certain circumstances. Data Protection Officer is responsible for overseeing data protection strategy and implementation to enable compliance with regulatory requirements.
An identified or identifiable natural person whose personal data is processed by Matrix or third parties contracted by Matrix. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Any information relating to a data subject.
Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Special Categories of Personal Data
Any data that could reveal a specific individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, genetic data or biometric data for the purpose of uniquely identifying a natural person, data relating to the physical or mental health of a natural person, including the provision of health care services, which reveals information about the data subject’s health status, and criminal convictions and offences or related security measures.
1.3. Document Custodian and Maintenance
- The types of Personal Data we collect and how it may be used;
- How and why we may disclose your Personal Data to third parties;
- The transfer of your Personal Data within and outside of ADGM;
- Your rights concerning your Personal Data;
- The security measures we use to protect and prevent the loss, misuse, or alteration of your Personal Data; and
- Our retention of your Personal Data.
2.3 ADGM Supervisory Authority
We are registered as a Data Controller with the ADGM Office of Data Protection. The ADGM Office of Data Protection is responsible for promoting data protection within ADGM, maintaining the register of Data Controllers, enforcing the obligations upon Data Controllers and upholding the rights of individuals. The ADGM Office of Data Protection is headed by the ADGM Commissioner of Data Protection (the “Commissioner”).
2.4.Other Supervisory Authorities
Although we are based in, and operate from, ADGM we offer our Services globally. Consequently, we are also subject to compliance obligations in relation to the Processing of Personal Data in jurisdictions other than ADGM. For individuals who are located in the European Economic Area, United Kingdom or Switzerland (collectively “EEA Residents”) at the time their personal data is collected, we rely on legal bases for processing your information under Article 6 of the EU General Data Protection Regulation (“GDPR”) and the equivalent basis as set out in the UK GDPR. If you are located within the European Union or European Economic Area, you may the right to make a complaint at any time to the Supervisory Authority established for the purposes of the European GDPR in the country in which you are based. If you are based in the United Kingdom, then you may also (or alternatively) make a complaint to the Information Commissioner's Office (ICO) (the UK supervisory authority for data protection issues under UK GDPR). We also ensure compliance with Singapore Personal Data Protection Act 2012 (PDPA) for Singapore residents.
3. Types of Information
3.1. Personal Data you provide to us
We collect the Personal Data you provide directly to us or which we generate when you apply to open an Account with us for using our services (“Account”), perform any transactions through your Account, use other services that we may provide from time to time, those provided through our website and otherwise supplied by us on an ongoing basis. The Personal Data we collect may include, but are not limited to:
3.1.1.Personal Identification documents:
- Full name of the Client including any alias;
- Date and place of birth;
- Nationality and dual nationality status;
- US Person Declaration;
- Contact details (telephone number and email address)
- Current residential address (a post office box number is not sufficient);
- Valid documentary evidence for proof of address (such as utility bills, tenancy contract etc.); and
- Government-issued ID or other proof of their identity.
3.1.2.Formal Identification documents:
- Tax identification number;
- Passport copies,
- Driver’s license details;
- National identity card details;
- Photograph identification cards;
- Visa information; and
- Information from any government issued identification document.
- Bank account information;
- Payment card information;
- Primary account number (PAN);
- Transaction history information;
- Tax information (Taxpayer identification number); and
- Details and proof of income / funds/ wealth – salary certificate, SOA, pay slips for the last 3 months.
- Employment status;
- Name of the employer;
- Office location;
- Job title; and
- Annual income.
- Full name of the Body Corporate and any trading name;
- Address of its registered office and, if different, its principal place of business;
- Date and place of incorporation or registration;
- The nature of trade and activity;
- Relevant certified corporate documents of the entity including but not limited to AOA, MOA, corporate structure and board resolution;
- Identifying the ultimate beneficial owners of the legal entity who have 25% or more of ownership
- Place and date of entry in the commercial register, if any, as well as the names of the bodies or trustees formally acting on behalf of the legal entity as well as the information identifying the ultimate beneficial owners of this legal entity;
- Proof of income - SOA for the last 3 months, financial statements;
- Tax documents;
- Authorized signatories as per Board resolution
- W-8BEN E form (to identify a non-US entity);
- Government issued ID or any other proof of identity for UBOs - Passport copies; and
- Board Resolution granted by the Board of Directors of the company identifying the individual(s) with Power of Attorney (POA); and
- the full names of the members of its Governing Body and persons exercising a senior management position.
- Your feedback on surveys;
- Information provided to our support team;
- Information shared through public social networking posts;
- Authentication data;
- Security questions;
- User identification information for Account access;
- Click-stream data; and / or
- Other data collected via cookies and similar technologies; and
3.1.7.Due Diligence Information:
- We shall collect data on any association with known or suspected criminal individuals, entities or events;
- Data relating to the perceived risk of an individual being involved with crime; and
- Other personal data necessary for purposes of the prevention of fraud, misuse of services, or money laundering, or the prevention or detection of crime.
3.1.8.Special Category of Information:
We do not collect any Special Categories of Personal Data about you.
3.2. Information we collect from you automatically
We also automatically collect certain device and browsing information when you access the Account or Website or use our Services. This information is aggregated anonymously to provide statistical data about our users' browsing actions and patterns and does not personally identify individuals. This information may include but is not limited to:
- Computer or mobile device information, including IP address, operating system, network system, browser type and settings;
- Information about the transactions you undertake through your account, such as transactional data including records for trades, timestamps, deposits and withdraws, for you and the counterparty to the transaction and other session data (i.e.) linked to your Account;
- We use various technologies to collect and store information, including cookies (Refer Section 7), pixel tags, local storage, such as browser web storage or application data caches, databases, and server logs; and
- Your geo location tracking details, bio-metric information, software used on a computer system used to access the Account and or your internet protocol address.
3.3. Information collected from Third Parties
From time to time, we may obtain information about you from third party sources as required or permitted by applicable law. These sources may include:
- Public Databases, Credit Bureaus & ID Verification Partners: We obtain information about you from public databases and ID verification partners for purposes of verifying your identity in accordance with applicable law. ID verification partners like World-Check use a combination of government records and publicly available information about you to verify your identity. Such information may include your name, address, job role, public employment profile, credit history, status on any sanction’s lists maintained by public authorities, and other relevant data. We obtain such information to comply with our legal obligations, such as anti-money laundering laws. In some cases, we may process additional data about you to assess risk and ensure our Services are not used fraudulently or for other illicit activities;
- Blockchain Data: We may analyze public blockchain data to ensure parties utilizing our Services are not engaged in illegal or prohibited activity under the terms of the User Agreement, and to analyze transaction trends for research and development purposes;
- Joint Marketing Partners & Resellers: For example, unless prohibited by applicable law, joint marketing partners or resellers may share information about you with us so that we can better understand which of our Services may be of interest to you.
4. Use of Personal Information
Our primary purpose in collecting Personal Data is to provide you with a secure, smooth, efficient, and customized experience. In general, we shall use your Personal Data to create, develop, operate, deliver, and improve our Services, content and advertising, and for loss prevention and anti-fraud purposes. We may use your Personal Data for the following purposes:
4.1 To maintain legal and regulatory compliance
We need to collect certain types of information for compliance with our legal and regulatory obligations relating to Anti-Fraud/ Anti Money Laundering (AML) / Counter Financing of Terrorism (CFT) /Know Your Customer (KYC) /reporting obligations for Foreign Account Tax Compliance Act (FATCA) and Common Reporting Standards (CRS) purposes or any other taxation purposes. If such information is not provided, we may not be able to provide you with access to the Account and or any Service.
Matrix shall at all times remain authorized to take such measures that it deems necessary to achieve the discharge of its AML/CFT obligations under applicable laws and regulations, which measure may include verification of your identity information through recognized sources, such as governmental authorities and financial institutions. Your Personal Data may also be processed if it is necessary on reasonable request by a law enforcement, a governmental or regulatory authority, body or agency, or in the defense of legal claims made against Matrix (including its affiliates, associates, subsidiaries, parent entities, as well as their respective shareholders, directors, officers, employees, agents and representatives). We may share your Personal Data with law enforcement, data protection authorities, government officials, and other authorities in instances including when:
- Compelled by an order of court or other adjudicating body;
- Disclosure is necessary to report suspected illegal activity;
- Disclosure is necessary to investigate violations of the terms of our User Agreement; and
- Disclosure is necessary for investigation by our professional advisors who provide banking, legal, compliance, insurance, accounting, or other consulting services in order to complete third party financial, technical, compliance and legal audits of our operations or otherwise comply with our legal obligations.
4.2. To provide Matrix’s Services
We process your Personal Data in order to provide the Services to you (such as to onboard clients, due diligence process, payment process, lodging complaints, etc.). We cannot provide you with the Services without such information.
4.3. To provide service communications
We send administrative or account-related information to you to keep you updated about our Services, inform you of relevant security issues or updates, or provide other transaction-related information. Without such communications, you may not be aware of important developments relating to your Account that may affect how you can use our Services.
4.4. To provide customer Service
We process your Personal Data when you contact us to resolve any questions, disputes, or to collect fees. We may process your information in response to another customer’s request, as relevant and only to the extent as necessary to provide the Services. Without processing your Personal Data for such purposes, we cannot respond to your requests and ensure your uninterrupted use of the Services.
4.5. To ensure quality control
We process your Personal Data for quality control and staff training to make sure we continue to provide you with accurate information. If we do not process Personal Data for quality control purposes, you may experience issues on the Services such as inaccurate transaction records or other interruptions.
4.6. To ensure network and information security
We process your Personal Data in order to enhance security, monitor and verify identity or service access, combat spam or other malware or security risks and to comply with applicable security laws and regulations. The threat landscape on the internet is constantly evolving, which makes it more important than ever that we have accurate and up-to-date information about your use of our Services. Without processing your Personal Data, we may not be able to ensure the security of our Services.
4.7. For research and development purposes
We process your Personal Data to better understand the way you use and interact with our Services. In addition, we use such information to customize, measure, and improve our Services and the content and layout of our Website and applications, and to develop new services. Without such processing, we cannot ensure your continued enjoyment of our Services. Our basis for such processing is based on our legitimate interest in order for us to be able to improve the Services that we offer you.
4.8. To enhance your experience
We process your Personal Data to provide a personalized experience and implement the preferences you request. For example, you may choose to provide us with access to certain Personal Data stored by third parties. Without such processing, we may not be able to ensure your continued enjoyment of part or all of our Services.
4.9. To facilitate corporate acquisitions, mergers or transactions
We may process your Personal Data as is necessary in the context of corporate acquisitions, mergers, or other corporate transactions undertaken by or in respect of Matrix.
4.10 To engage in marketing activities and make automated decisions
Based on your communication preferences, we may send you marketing communications to inform you about our events or our partner events; to deliver targeted marketing; and to provide you with promotional offers based on your communication preferences. We use information about your usage of our Services and your contact information to provide marketing communications. You can opt-out of our marketing communications at any time.
If you choose to limit the use of your Personal Data, certain features or our Services may not be available to you.
We may make automated decisions on certain matters. For example, we may do this to decide whether we can provide our Services to you based on a credit check/risk profiling. Depending on the outcome of the credit check/risk profiling, a decision will be reached automatically as to whether we are able to provide products or services to you based on your credit worthiness.
We may occasionally communicate to you about our company news, updates, promotions and related information relating to similar products and services provided by Matrix based on your Personal Data.
We may share your Personal Data with third parties to help us with our marketing and promotional projects or sending marketing communications. If you want to opt out of receiving promotional and marketing emails, text messages, post and other forms of communications from us or our promotional partners in relation to which you might receive in accordance with this section, you can opt out by using one of the following ways:
- click "unsubscribe" at the bottom of an email we send to you;
- contact us at email@example.com to opt-out;
- log into your account and update your profile.
If you do opt out of receiving promotional and marketing messages, we can still contact you regarding our business relationship with you, such as account status and activity updates, survey requests in respect of products and services we have provided to you after you reserve from us, reservation confirmations or respond to your inquiries or complaints, and similar communications.
4.11. Bases on which we process your Personal Data
We use your Personal Data on the following bases:
a. for our legitimate interests. Using your Personal Data helps us to operate, improve and minimize any disruption to the Services that we offer to you. We also have a legitimate interest in sending you information on the products, services and offerings we believe will be of interest to you;
b. because the information is necessary for the performance of a contract with you or to take steps at your request to enter into a contract;
c. because you have given your consent (if we expressly ask for consent to process your Personal Data, for a specific purpose); and
d. to comply with legal and regulatory obligations.
4.12. Sharing within Group Companies
We may share information about you with other members of our group of companies so we can provide an improved quality of Services to you.
4.13. Third Party Operations and transfers outside ADGM
We may transfer your Personal Data outside the ADGM, but in each instance such transfer shall be done to a recipient that is subject to legal framework of a jurisdiction deemed by the ADGM as having acceptable levels of data protection controls. We may have to transfer Personal Data to territories not deemed to have acceptable levels of data protection controls by ADGM. In that case, we will implement appropriate measures to ensure your Personal Data remains protected and secure when it is transferred outside your home country and you can exercise your rights effectively; for example, by obtaining the necessary permissions from the Commissioner for the transfers, as available on the ADGM public register.
There are certain circumstances where we may need to transfer your Personal Data to employees, contractors and to other parties for purposes of performing our contractual arrangements with you.
They may process your Personal Data for us only in connection with the performance of their function, for example, advertising agencies, IT specialists including IT provides for network infrastructure, database providers, data analysts, document repository services, cloud storage providers, backup and disaster recovery specialists, security providers, email providers or outsourced call centres.
4.14. To Detect and Prevent Fraud and / or Funds Loss
We process your personal information in order to help detect, prevent, and mitigate fraud and abuse of our services and to protect you against account compromise or funds loss.
4.15. To enforce our terms in our user agreement and other agreements
As Matrix handles your personal and financial data, it is very important for us and our clients that we actively monitor, investigate, prevent, and mitigate any potentially prohibited or illegal activities and enforce our agreements with third parties, and/or prevent and detect violations of our posted user agreement or agreements for other Services.
5. Security Measures
5.1. Information with us
We use a variety of security measures to ensure the confidentiality of your Personal Data, and to protect your Personal Data from loss, theft, unauthorized access, misuse, alteration or destruction. These security measures include, but are not limited to:
- Password protected directories and databases;
- Secure sockets layered (SSL) technology to ensure that your information is fully encrypted and sent across the internet securely; and
- Payment Card Industry (PCI) scanning and other cyber security measures to actively protect our servers from hackers and other vulnerabilities.
All financially sensitive and/or credit information is transmitted via SSL technology and encrypted in our database. Only authorized Matrix personnel are permitted access to your Personal Data, and these personnel are required to treat the information as confidential.
You are responsible for keeping your Account passcode, Account name, and pin numbers safe and secure. Do not share those with anyone. If there is an unauthorized use or any other breach of security involving your information, you must notify us below as soon as possible.
5.2. Information with third party
6. Right of Client (Data Subject)
You have certain rights concerning your Personal Data under the DP Law as mentioned below and can exercise them by raising a request or contacting DPO at firstname.lastname@example.org
As a data subject, you have the right to raise a request based on the below right
6.1. Right to Access
You have the right to request a copy of your Personal Data that we process about you.
6.2. Right to Rectification
You have the right to request us to amend or update your Personal Data where it is inaccurate or incomplete.
6.3. Right to Erasure
You have the right to request us to delete your Personal Data where it is no longer necessary for the purpose(s) for which your information was collected and where we do not otherwise have a legal obligation to retain such data.
6.4. Right to Data Portability
You have the right to receive or transmit your Personal Data a structured and commonly used, machine-readable format. You may request the receipt or transmission of your Personal Data to another organization, in a structured and machine-readable format.
6.5. Object to any Automated Individual Decision-making, Including Profiling
You may request us not to subject you to a decision based solely on automated decision making, including profiling, where the decision would have a legal effect on you or produce a similarly significant effect. Profiling is any form of automated processing intended to evaluate certain personal aspects of an individual.
6.6. Right to Withdraw
You have the right to withdraw consent for the processing of your Personal Data for a particular purpose at any time (where we have asked you for consent to use your Personal Data for that particular purpose).
Opt-outs of customers for direct marketing are registered in a separate system so the involved individuals will no longer receive direct marketing emails; their email addresses are suppressed when sending out any future direct marketing emails. It is still permitted to store the Personal Data of these customers, but we shall no longer process such Personal Data for marketing activities.
If you wish to complain to Matrix on how your Personal Data has been processed by us, you may lodge a complaint directly with the Complaints Officer via email to email@example.com If you feel that we do not comply with applicable data protection and privacy rules, you may lodge a complaint with the ADGM Commissioner of Data Protection.
Subject to any overriding legal obligations, requirements and/or exemptions, we will endeavor to respond to your request within two (2) months of receipt, unless we require further information from you. We may ask you provide proof of your identity.
Information collected from cookies is used by us to evaluate the effectiveness of our website, analyze trends, and administer the Services. The information collected from cookies allows us to determine including without limitation which parts of our Website are most visited and difficulties our visitors may experience in accessing our Website. You can exercise your preferences to enable, disable or delete cookies served on our web site. The information does not usually directly identify you, but it can give you a safe and more personalized web experience. Because we respect your right to privacy, you can choose not to allow cookies. Blocking cookies may impact your experience on the Website.
Note that Personal Data does not include information relating to a legal person (for example, a company or other legal entity) which does not identify a natural person. In that regard, information such as a company name, its company number, registered address and VAT number does not amount to Personal Data in terms of both the DP Law, the Act and the GDPR. Therefore, the collection and use of information strictly pertaining to a legal person does not give rise to data controller obligations at law (unless such information contains Personal Data; for example, a business email which contains a name that can identify an individual). Naturally, we will still treat any and all such information in a confidential and secure manner.
Your Personal Data, if made anonymous and aggregated, may be shared with third parties, as such anonymity shall result in your Personal Data ceasing to be Personal Data.
However, we cannot guarantee that loss, misuse, unauthorized acquisition, or alteration of your personal information will not occur. The transmission of personal information via the Internet is not completely secure. While we are committed to ensuring that your data is secure, we cannot guarantee the security of your personal information transmitted online or via Matrix.
We do not knowingly request to collect Personal Data from any person under the age of 21. If a user submitting personal information is suspected of being younger than 21 years of age, Matrix will require the user to close his or her Account and will not allow the user to continue using our Services. We will also take steps to delete the information as soon as possible. Please notify us if you know of any individuals under the age of 21 using our Services so we can take action to prevent access to our Services.
9. Data Retention
It is important to note that the Personal Data we collect when you open and operate an Account will be retained for a retention period set forth by applicable law and for as long as necessary for us to perform the terms of our contractual relations with you and to maintain an exhaustive set of documentation of our operations (as required from us by the Financial Services Regulatory Authority (FSRA) of the ADGM) even if your Account has not been successfully activated (e.g., if Account verification has not been completed) or no transaction has been made using it.
In relation to Personal Data provided by you to us from time to time, you permit us to keep records thereof for a duration commencing on the date on which such information is provided to us and ending seven (7) years after the earlier of: (a) the date on which you cease using the Services and or the Account; (b) the date on which we cease the provision of Services to you; (c) the date on which we terminate your Account and or ability to seek any of the Services; and (d) the date on which right to erasure was raised by you.
- Duration of business relationship with Matrix;
- Whether there are contractual or legal obligations that exist that require us to retain the data for a certain period of time;
- Whether there is any ongoing legal or financial claim that relates to your relationship with us;
- Whether any applicable law, statute, or regulation allows for a specific retention period; and
- Expectation for retention when data was provided to us.
- Personal information collected to comply with our legal obligations under financial or anti-money laundering laws may be retained after account closure for as long as required under such laws.
- Contact Information such as your name, email address and telephone number for marketing purposes is retained on an ongoing basis until you unsubscribe. Thereafter we will add your details to our suppression list to ensure we do not inadvertently market to you.
- Content that you post on our Website such as support desk comments, photographs, videos, blog posts, and other content may be kept after you close your account for audit and crime prevention purposes (e.g. to prevent a known fraudulent actor from opening a new account).
- Recording of our telephone calls with you may be kept for a period of up to seven years.
- Information collected via technical means such as cookies, webpage counters and other analytics tools is kept for a period of up to one year from expiry of the cookie.
[Last revised on 19 April 2021]