1. 1. Our Privacy Policy 

This Privacy Notice applies to anyone whose Personal Data (as defined in section 1.3 below) is provided to us in the Abu Dhabi Global Market (“ADGM”), pursuant to our obligation(s) under the ADGM Data Protection Regulations 2021 (referred to herein as “Applicable Data Protection Law”). This Privacy Notice sets out how and why we collect store, use, and share your Personal Data. It also tells you about your privacy rights and how the law protects you.  

“We” “us” or “our” means Barrenjoey Markets Pty Limited, ADGM Branch. We explain in this Privacy Notice what is considered Personal Data, methods of collection, the purposes for which it is used, the third parties to whom it may be disclosed and how individuals can exercise their rights in relation to their Personal Data.  It is important that you read this notice, together with any other Privacy Notice we may provide to you on specific occasions, so that you are aware of how and why we are using your Personal Data. 

1.1 Recitals 

Barrenjoey Markets Pty Limited, ADGM Branch and its affiliates shall usually be the controller of your Personal Data. We may engage third party service providers to process Personal Data on our behalf and those third parties act as processors of your data.   

1.2 Scope  

This Privacy Notice applies to the following individuals (“you”): 

• a) Our prospective employees (job applicants); 

• b) Anyone involved in any transaction or interaction with us, whether it is in your personal capacity or as a representative of a legal entity (for example, director, a company manager, agent, legal representative, operational staff, other authorised representative, etc.);  

• c) Our customers; 

• d) Our business partners; 

• e) Our suppliers, advisors, consultants and/or secondees; and  

• f) Website visitors. 

This Privacy Notice applies to all Personal Data collected, maintained, transmitted, stored, retained, or otherwise used (i.e. processed) by us regardless of the media on which that Personal Data is stored.  

1.3 What is “Personal Data”? 

“Personal Data” means data related to an identified natural person, or related to a natural person who can be identified directly or indirectly by linking the data, through the use of identification elements such as their name, voice, image, identification number, or electronic ID, geographic location, or one or more of their morphological, physiological, economic, cultural or social characteristics, including sensitive personal data and biometric data. 

1.4 Data protection principles 

Applicable Data Protection Law requires us to demonstrate that any Personal Data we hold about you is: 

1.5 Obtaining Personal Data 

We may obtain your Personal Data as follows: 

• a) From the information you provide to us when you meet or interact with us; 

• b) From information about you provided to us by your company or an authorised intermediary; 

• c) When you visit our website, we collect cookie data; 

• d) When you communicate with us by telephone, email or other forms of electronic communication; in this respect, we may monitor, record and store any such communication; 

• e) When you complete (or we complete on your behalf) client on-boarding or applications, or other forms; or 

• f) From publicly available sources or from third parties, most commonly where we need to conduct background checks about you. 

1.6 Collection of Personal Data 

The Personal Data we may collect from or in relation to you includes for example: 

• a) Information establishing your identity (for example your name, address, email address, date of birth, passport or photograph); 

• b) Documents to verify information supplied to us, such as bills issued by third parties or endorsements issued by employers or institutions such as banks; 

• c) Reference checking information obtained via third parties such as credit reference agencies, and sanctions lists; 

• d) Financial information (for example, bank account details); 

• e) Information provided so that we are able to fulfil our regulatory compliance obligations including anti-money laundering and “know your client” checks (for example the information establishing your identity as set out above); 

• f) Information you provide when you enter into any agreement or provide other documentation or information in respect of your interactions with us, or when you use our services; 

• g) Any information you independently choose to provide to us (for example, if you send us an email or call us); and 

• h) Information relating to your use of our website (for example, domain name, IP address and cookies) or information you provide when you register for alerts and subscriptions and when you report a problem with any of our website services. 

Under certain circumstances, we may also collect “Special Categories” of Personal Data. Special Categories of particularly sensitive Personal Data require higher levels of protection. We will only process Special Categories of Personal Data when we have a justification for collecting, storing, and using this type of Personal Data. We have in place an appropriate policy document, where necessary, and safeguards in compliance with the Applicable Data Protection Law. We are likely to process Special Categories of Personal Data in limited circumstances where:  

• a) we have your explicit written consent;  

• b) it is necessary to comply with the applicable law in relation to anti-money laundering or counter-terrorist financing obligations or the prevention, detection, or prosecution of any crime; 

• c) it is required for the performance of a contract or prior to entering into a contract; or  

• d) it is necessary for the compliance with specific requirements pursuant to applicable law. 

1.7 Purposes of processing and legal basis 

As required by the Applicable Data Protection Law, our legal grounds, or “lawful basis”, for processing Personal Data include the following: 

• a) It is necessary for the performance of a contract or to enable us to enter a contract (e.g., providing the services you requested); 

• b) When we have a legitimate interest in processing data about you to operate our business or protect our interests (e.g., to provide, maintain, and improve our services, conduct data analytics, and communicate with you); 

• c) To comply with our legal obligations (e.g., collecting due diligence information and documents to comply with the Financial Services Regulatory Authority (“FSRA”) Anti Money Laundering Rules); and 

• d) When we have your consent to do so (e.g., when you opt in to receive marketing communications from us). When consent is the legal basis for our processing data about you, you may withdraw such consent at any time by contacting us using the details in the Contact Us section below. 

1.8 Sharing and transferring Personal Data  

We will only disclose your Personal Data to third parties if we are legally obliged to do so or where there is a need to comply with our contractual obligations to you, for instance we may need to pass on certain information to any external service providers including consultants or third–party screening platform providers.  

To comply with our regulatory obligations, we may also disclose Personal Data to relevant government, supervisory and judicial authorities such as: 

• a) Public authorities, regulators and supervisory bodies in the countries in which we operate; 

• b) Tax authorities, who may require us to report customer assets or other Personal Data such as your name and contact details and other information about your organisation; for this purpose, we may process your identification data such as national identifier in accordance with applicable law; and 

• c) Judicial/investigative authorities such as the police, public prosecutors, courts and arbitration/mediation bodies upon their express and legitimate request. 

Where there is a requirement to use an intermediary, we will ensure that the Personal Data is exported to one who is either located in a jurisdiction that is deemed by the Commissioner of Data Protection as an adequate jurisdiction or we have a safeguard in place such as standard contractual clauses or a legal derogation. You may request further information on this from our Data Protection Officer (see contact details below). 

1.9 Data retention  

Generally, we will keep information relevant to our dealings with you for at least six (6) years following the termination of our relationship with you. We will retain data about you for as long as necessary to fulfil the purposes for which we collected it, in accordance with our legal obligations, or for the establishment, exercise or defence of legal claims. In doing this, we will consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure of the data, the purposes for which we process the data and whether we can achieve those purposes through other means, and the applicable legal requirements. 

In some circumstances, data about you may be anonymised, so that it can no longer be associated with you, in which case it is no longer Personal Data. 

Once we no longer require data about you for the purposes for which we collected it, we will securely destroy, anonymise, pseudonymise or securely encrypt the data, or otherwise handle your data in accordance with applicable laws and regulations. 

In the case of unsuccessful candidate CV’s, we will only retain these for a period of one year after receiving them in case an alternative suitable position arises. 

1.10 Your Rights as a Data Subject 

As a data subject, you have a number of rights with regard to your Personal Data. You have the right to request to access and rectify your data as well as for it to be erased, and to restrict the processing of your data in certain circumstances. 

You also have the right to lodge a complaint with the ADGM Commissioner of Data Protection (further details below) if you feel that we have not complied with our obligations under Applicable Data Protection Law regarding how we deal with your Personal Data. 

Your rights pursuant to Applicable Data Protection Law include, amongst others, the right to: 

• a) Request access to your Personal Data (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it; 

• b) Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected; 

• c) Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below); 

• d) Object to the processing of your Personal Data. You have the right to object where we are processing your Personal Data for direct marketing purposes; 

• e) Request the restriction of the processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you, for example, if you want us to establish its accuracy or the reason for processing it; 

• f) Request to receive or request transfer of the data you have provided us in a structured, commonly used and machine-readable format; and 

• g) Object to automated processing, including profiling which produces legal or other seriously impactful consequences concerning you. 

We typically do not charge you a fee to respond to one of the above requests. However, we may charge a reasonable fee if your request is unreasonable or excessive, or we may refuse to comply with the request in such circumstances. 

1.11 Consent 

We do not generally rely on consent as our processing reason. However, if we do so, we will provide you with full details of the information that we would like and the reason we need it so that you can carefully consider whether you wish to consent.  You should be aware that it is not a condition of your relationship with us that you agree to any request for consent from us.  

To withdraw your consent, please contact us using the email provided below. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so under an applicable law. 

1.12 To inform us of changes 

It is important that the Personal Data we hold about you is accurate and, where necessary, kept up to date. Please keep us informed if your Personal Data changes during your working relationship with us and respond promptly to our request for updates of your data.  

1.13 Are you obliged to provide us with your Personal Data? 

In some cases, we are legally required to collect Personal Data, or your Personal Data may be needed before we may perform certain services and provide certain products. We undertake to request only the Personal Data that is strictly necessary for the relevant purpose. Failure to provide the necessary Personal Data may cause delays or lead to refusal of certain products and services.