The Family Office Co. BSC(c), The Family Office Company B.S.C. and certain of its affiliates ("TFO", "we" or "us"), acting as a data controller, have prepared this Privacy Policy to explain how we use any personal information we collect about you when you use this Website, and the choices you have concerning how the data is being collected and used.
This Website is not intended for children and minors and we do not knowingly solicit or collect personal data from children and minors. As a parent or legal guardian, please do not allow your children to submit Personal Data without your permission.
By submitting your Personal Data to us, you agree to the processing set out in this Privacy Policy. Further notices highlighting certain uses we wish to make of your Personal Data together with the ability to opt in or out of selected uses may also be provided to you when we collect Personal Data from you.
This Privacy Policy contains general and technical details about the steps we take to respect your privacy concerns. We have organised the Privacy Policy by major processes and areas so that you can review the information of most interest to you.
We may provide supplemental privacy policies on specific occasions when we are collecting or processing Personal Data about you so that you are fully aware of how and why we are using your Personal Data. Those supplemental policies should be read together with this Privacy Policy.
This policy may be updated from time to time. We therefore ask you to consult it on a regular basis. The last line of this Privacy Policy indicates when it was last updated. TFO reserves, in its sole discretion, the right to revise this Privacy Policy at any time by updating this posting.
The term "Personal Data" refers to any information that can be used to identify you, or that can be linked to you, as an individual.
In some cases, we are legally required to collect Personal Data, or your Personal Data may be needed before we may perform certain services and provide certain products. We undertake to request only the Personal Data that is strictly necessary for the relevant purpose. Failure to provide the necessary Personal Data may cause delays or lead to refusal of certain products and services.
1.1 We may collect and process the following Personal Data about you.
(a) Personal information about you: personal information that you provide to us when you apply to open an account (e.g. personal/identification information, name, date of birth, nationality residential address, gender, country of residence, accredited investor status, tax residential status, tax identification numbers, income and wealth information, annual income, net worth, source of funds and wealth, employment activity, investment risk appetite, passport, national ID (or equivalent documents), bank details, IBAN details, and proof of address, etc), as well as any additional information provided by or through TFO, or submitted through a question, such as your e-mail address, or submitted through the uploading of personal documents in order to comply with KYC checks requirements in the jurisdictions where we operate;
(b) Our correspondence: if you contact us such as when you make a general inquiry or request technical support, we may keep a record of that correspondence;
(c) Survey information: we may also ask you to complete surveys that we use for research purposes. In such circumstances we shall collect the information provided in the completed survey; and
(d) Your use of our Website: details of your visits to our website and information collected through cookies and other tracking technologies including, but not limited to, your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access.
(e) Do-not-track: Because there is not yet a consensus on how companies should respond to web browser-based "do-not-track" ("DNT") mechanisms, we do not respond to web browser-based DNT signals at this time. Please note that not all tracking will stop even if you delete cookies.
1.2 We may collect your Personal Data from you directly. We may also collect Personal Data from third parties including agents that give instructions on your behalf or any other governmental, quasi-governmental bodies that may provide Personal Data on your behalf. As well as this, we may also collect Personal Data from third party service providers as part of your application process, such as from third party video authentication providers as part of our KYC checks.
1.3 If you provide us with Personal Data about other individuals, you must inform such individuals that you have provided us with their details and let them know where they can find a copy of this Privacy Policy.
1.4 If you choose not to provide certain Personal Data, this may mean that we are not able to provide you with all of our services.
2.1 We may use your Personal Data in the following ways:
Please note that use of Personal Data under applicable data protection laws must be justified under one of a number of legal "grounds" and we are required to set out the grounds in respect of each use in this Privacy Policy.
(a) To process your application to become a user: to evaluate and process your application to open an account. If you are approved, you can set up, review or update your account information once your account has been opened (including your Personal Data) online at any time or, through your dedicated Relationship Manager.
Use justification: consent, contract performance, legitimate interests (to allow us to evaluate your eligibility as a user)
(b) To provide marketing materials to you: to provide you with updates and offers, where you have opted in to receive these. We may contact you by phone, real-time messaging platforms or via third party service providers to send digital communications. These service providers are contractually prohibited from using your personal data for any purpose other than to send communications on behalf of TFO. We provide you the ability to unsubscribe from all marketing communications, without any costs. Every time you receive a communication from us, you will be provided with the choice to opt-out of future communications. You may also opt-out of receiving promotional materials by contacting us.
Use justification: consent (which can be withdrawn at any time);
(c) For analytics and profiling: to tailor our marketing to you. In connection with our marketing activities, we analyse information that we collect about customers to determine what offers are most likely to be of interest to different categories of customers in different circumstances and at different times. We call this the creation of "segments". Such Personal Data include customer behavioural information such as transaction history, preferences, service requests and interactions with us. From time to time, we will assess the Personal Data that we hold about you in order to assign you to a particular segment. We may use the segment that you have been assigned to you in order to tailor our marketing communications to include offers and content that are relevant to you. We may also use this method to avoid sending you offers that are inappropriate or unlikely to be of interest to you. You have the right to opt out of such analysis of your Personal Data that we use to tailor the direct marketing that we send to you, at any time.
Use justification: consent (which can be withdrawn at any time); legitimate interests (to enable us to tailor our marketing to you);
(d) To comply with our legal and regulatory obligations: to comply with our legal and regulatory obligations such as financial reporting requirements imposed by our auditors and government authorities, and to cooperate with law enforcement agencies, government authorities, regulators and/or the court in connection with proceedings or investigations anywhere in the world where we are compelled to do so (e.g. to comply with anti-money laundering, KYC obligations).
Use justification: legal obligation, legal claims, legitimate interests (to cooperate with law enforcement and regulatory authorities);
(e) To handle incidents and process any claims we receive: to handle any accidents and incidents such as liaising with emergency services, and to handle any claims made by customers;
Use justification: vital interest, legal claims, legitimate interests (to ensure that incidents and accidents are handle appropriately and to allow us to assist our customers);
(f) To improve our services and products: to assist in developing new services and products and to improve our existing services and products.
Use justification: legitimate interests (to allow us to continuously improve and develop our services);
(g) To help our Website function correctly and to provide account maintenance activities (if your application is approved): to help content from our Website get presented in the most effective manner for you and for your device, and if your application is approved, to upkeep and maintain your user account.
Use justification: contract performance, legitimate interests (to allow us to provide you with the content and services on this Website);
(h) In connection with any reorganization of our business: To analyse, or enable the analysis of, any proposed sale, merger, asset acquisition, or reorganization of our business.
Use justification: contract performance, legitimate interests (to allow us to continue providing services to you).
(i) To process a commitment, subscription, redemption or withdrawal: to evaluate and process your commitment, subscription, redemption or withdrawal
Use justification: consent, contract performance, legitimate interests (to allow us to continue providing services to you).
In the event that we intend to further process your Personal Data for a purpose other than as set out in section 2 above, we shall provide you with information on that other purpose before this additional processing takes place.
3.1 We may share your Personal Data in the following ways:
(a) Third party service providers who process Personal Data on our behalf to help us undertake the activities described in section 2: We may permit selected third parties such as business partners, suppliers, service providers, agents, contractors and other TFO affiliates to use your Personal Data for the purposes set out in section 2, including mail houses and e-mail service providers that we engage to send and disseminate promotional materials for TFO products, data center providers that host our servers and third party agents that process mailing, requests, and transactions on our behalf. These parties are contractually prohibited from using Personal Data for any purpose other than for the purpose specified in their respective contracts, and will be subject to obligations to process Personal Data in compliance with the same safeguards that we deploy. We also provide non-personally identifiable information to these parties for their use on an aggregated basis for the purpose of performing their contractual obligations to us. We do not permit the sale of Personal Data to entities outside of TFO for any use unrelated to our group operations or use of Personal Data by third party for their own purposes.
(b) Law enforcement agencies, government authorities, regulators and the court in order to comply with our legal obligations or to handle incidents/claims: We may disclose your Personal Data when required by relevant law or court order, or as requested by other government or law enforcement authorities, or any agency, court, regulator or other third party where we believe this is necessary to assist with proceedings or investigations. Where permitted, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime. This also applies when we have reason to believe that disclosing the Personal Data is necessary to obtain legal advice, to identify, investigate, protect, contact, or bring legal action against someone who may be causing interference with our guests, visitors, associates, rights or properties, or to others, whether intentionally or otherwise, or when anyone else could be harmed by such activities.
(c) Third parties who require such data in connection with a change in the structure of our business: In the event that we (or a part thereof) are (i) subject to negotiations for the sale of our business or (ii) sold to, merge with, or sell substantially all of our assets to a third party or (iii) undergo a reorganization, you agree that any of your Personal Data which we hold may be transferred to that reorganized entity or third party and used for the same purposes as set out in this Privacy Policy, or for the purpose of analysing any proposed sale or re-organisation. We will ensure that no more of your Personal Data is transferred than necessary.
3.2 This Privacy Policy does not apply to our processing of personal information on behalf of, or at the direction of, third party providers who may collect personal information from you and provide it to us. In this situation, we would merely act as a data processor and thus advise you to review applicable third-party providers' privacy policies before submitting your personal information.
Use justifications and legal grounds
We note the grounds we use to justify each use of your information next to the use in the How we use Personal Data and How we share Personal Data sections of this policy. These are the principal legal grounds that justify our use of your Personal Data:
Consent: where you have consented to our use of your Personal Data.
Contract performance: where your Personal Data is necessary to enter into or perform our contract with you.
Legal and regulatory obligation: where we need to use your Personal Data to comply with our legal and regulatory obligations.
Legitimate interests: where we use your Personal Data to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights.
Legal claims: where your information is necessary for us to defend, prosecute or make a claim against you, us or a third party.
Vital interest: where we need to process your Personal Data to protect the vital interest of you or another natural person e.g. where you require urgent assistance.
Security over the internet
4.1 It is important to note that all Internet communication is not secure. There is a risk inherent in the use of e-mail. Please be aware of this when requesting information or sending forms to us by e-mail, for example, from the "Contact Us" section. We recommend that you do not include any sensitive information when using e-mail or using any public computers/public WIFI. Our e-mail responses to you may not include any sensitive or confidential information. Please bear in mind that no security system or system of transmitting information over the Internet is guaranteed to be secure.
4.2 If your application is successful and a user account is set up, you should always close your browsers when you have finished completing a form. Although the session will automatically terminate after a short period of inactivity, it is easier for a third party to gain access to your profile whilst you are logged onto your account.
4.3 We treat all Personal Data that you provide to us as confidential information. To prevent Personal Data from unauthorised access or leakage, we have adopted and regularly monitor our security and data privacy policies and procedures. We use SSL protocol - an industry standard for encryption over the Internet, to protect the Data. When you type in sensitive information, it will be automatically encrypted and transferred over a SSL connection. This ensures that your sensitive Data is encrypted as it travels over the Internet. You will know that you are in a secure mode when the security icon (such as a lock) appears in the screen.
Security controls
4.4 Where we have given you (or where you have chosen) a password, you are responsible for keeping this password confidential and for complying with any other security procedures that we notify you of. We ask you not to share a password with anyone.
4.5 TFO trains its employees and staff on the importance of data privacy and protection. Our Privacy Policy is updated as required to reflect any changes in applicable laws and developments in best practice procedures. Further, we limit the number of individuals within the companies with access to Personal Data to those directly involved in the process of providing quality service to you.
4.6 We store certain customer information in our Customer Information System. Both systems are secure customer databases stored on a dedicated server located in a data centre in Ireland hosted by a third party service provider. Our server resides behind firewalls to protect Personal Data collected from you against unauthorised or accidental access. Because laws applicable to personal information vary by country, our business operations may put in place additional measures that vary depending on the applicable legal requirements.
Data transmission across international borders
4.7 The nature of our business and our operations require us to transfer your Personal Data to other authorized distributors, centres of operations, data centres, or service providers that may be located in countries outside of your own for the purposes mentioned in this Privacy Policy. Although the data protection and other laws of these various countries may not be as comprehensive as those in your own country, TFO will take appropriate measures, including implementing up to date contractual clauses, to secure the transfer of your Data to recipients (which may be internal or external to TFO) located in a country with a level of protection different from the one existing in the country in which your Data is collected.
4.8 Where your Personal Data may be transferred to a country in which data protection laws may be of a lower standard than in the transferor country, TFO will impose the same data protection safeguards that we deploy in the countries in which we operate to ensure an adequate level of protection for this data.
4.9 The Personal Data collected using the means located in Bahrain may be required to be transferred outside Bahrain for processing. As there are no approved jurisdictions that provide adequate level of data protection required under Bahrain law, any transfer of Personal Data outside Bahrain requires your consent. As business requirement we may transfer your Personal Data to Kingdom of Saudi Arabia, Switzerland, and Ireland ("Consented Jurisdictions") and you consent to the transfer of your Personal Data to the Consented Jurisdictions.
4.10 Where Personal Data is transferred by the DIFC Branch or KSA Affiliate to a jurisdiction considered as non-adequate the Branch will ensure that relevant safeguards are in place to protect the transfer, such as standard contractual clauses. You may ask us for further details of these.
Retention
4.11 Your Personal Data will be stored for the period of time required or permitted by law in the jurisdiction of the operation holding the information (for example certain transaction details and correspondence may be retained until the time limit for claims in respect of the transaction has expired or in order to comply with regulatory requirements regarding the retention of such data). So if information is used for two purposes we will retain it until the purpose with the latest period expires; but we will stop using it for the purpose with a shorter period once that period expires.
4.12 Our retention periods are based on business needs and regulatory requirement your information that is no longer needed is either irreversibly anonymised (and the anonymised information may be retained) or securely destroyed once the purpose for which we collected this personal data is no longer applicable. By way of example:
(a) use for marketing: in relation to your Personal Data used for marketing purposes, we may retain your Personal Data for that purpose after we have obtained consent to market to you, or the date you last responded to a marketing communication from us (other than to opt out of receiving further communications);
(b) use to perform a contract: in relation to your Personal Data used to perform any contractual obligation with you, we may retain that Personal Data whilst the contract remains and for a certain period thereafter to deal with any queries or claims thereafter; and
(c) where claims are contemplated: in relation to any information where we reasonably believe it will be necessary to defend or prosecute or make a claim against you, us or a third party, we may retain that information for as long as that claim could be pursued.
Opt-out of marketing
5.1 You have the right to ask us not to process your Personal Data for marketing purposes. You can also exercise the right at any time by contacting us.
Other rights
5.2 Subject to various exceptions and data protection laws in your country, you may have the following rights:
(a) Access: you can ask us to provide you with further details on the use we make of your Personal Data and a copy of the Personal Data we hold about you;
(b) Correction: you can ask us to correct any inaccuracies in the Personal Data we hold about you;
(c) Complaint: if you are not satisfied with our use of your Personal Data or our response to any exercise of these rights, you have the right to complain to the data protection authority in your country (if one exists);
(d) Erasure: you can ask us to delete your Personal Data if we no longer have a lawful ground to use;
(e) Withdrawal of consent: where processing is based on consent (e.g. marketing), you can withdraw your consent to processing so that we stop that particular processing;
(f) Object to processing: you have the right to object to other types of processing (e.g. analytics and profiling activities carried out in relation to your Personal Data or any processing that causes material or moral damage to you), unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights;
(g) Restriction: you can restrict how we use your Personal data, for example whilst we are verifying the accuracy of your Personal Data or where we are verifying the grounds that use as the basis of holding your Personal Data;
(h) Portability: where technically feasible, you have the right to ask us to transmit the Personal Data that you have provided to us to a third party in a structured, commonly use and machine readable form.
We may need to request specific Personal Data from you to help us confirm your identity and ensure your right to access the Personal Data (or to exercise any of your other rights). This security measure ensures that Personal Data is not disclosed to an unauthorised person.
You will not have to pay a fee to exercise your rights. However, we may charge a reasonable fee if your request for access is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances, where permitted by law.
Updating or modifying information
5.3 We will use reasonable endeavours to ensure that your Personal Data is accurate. In order to assist us with this, you should notify us of any changes to the Personal Data that you have provided to us by contacting us.
Notifications in the event of breach
5.4 In the unlikely event of a data breach, we are prepared to follow any laws and regulations which would require us to notify you of the disclosure of private information.
We use autonomous and/or semi-autonomous Systems (referred to as "Systems" or "System") used by the that involve the Processing of Personal Data.
Capitalised terms used in this section have the meanings given to them under the DIFC Data Protection Law (DIFC Law No. 5 of 2020) ("DIFC DPL") and the DIFC Data Protection Regulations ("DIFC DPR") or other applicable data privacy rules and regulations.
The Processing of Personal Data by our AI Systems does not impact the exercise of your rights under the DIFC DPL. We have implemented appropriate measures to honour your rights. You may refer to section above for details of the rights available to you. Where we use AI Systems for automated decision making, we will ensure we seek your consent and that human intervention is available where the System makes decisions that produce legal consequences concerning you or other seriously impactful consequences.
6.1 Intended Purposes of the AI System
In this context, user and client data may be processed by AI Systems to analyze engagement patterns, interactions, and service effectiveness to identify areas for improvement and to enhance overall user experience. Such processing supports responsible personalization initiatives designed to tailor services and content to individual user needs in a proportionate and transparent manner, and solely within the human defined purposes established prior to the deployment of the AI System.
The AI Systems we use Process Personal Data for the following human defined purposes, as applicable:
supporting business operations and productivity (e.g. document analysis, summarisation, or workflow optimisation)
analysing information to generate insights relevant to the organisation's lawful activities
automating or enhancing administrative, analytical, or decision support processes
improving the quality, consistency, or efficiency of internal processes and services
meeting legal, regulatory, governance, and risk management requirements
generating synthetic data for training our Systems
6.2 Defined Principles or Limits of the AI System
The AI Systems we operate have been developed by providers in accordance with industry standards and where possible, configured by us to ensure compliance with DIFC DPL and Regulation 10. Where we have not built the Systems, we apply strict governance and oversight to their use. Our AI Systems operate within fixed settings and defined limits, and their behavior is designed to be consistent, predictable and explainable, with explainability implemented at a level appropriate for different stakeholders, including users, internal teams, and regulators. This enables a clear understanding of how AI supported outputs are generated and applied, without requiring disclosure of underlying technical model internals.
We ensure that the following principles are embedded into the AI Systems we use:
AI Systems do not have authority to independently define, approve, or implement new or incompatible purposes for Processing Personal Data
AI Systems are restricted to Processing only Personal Data that is authorised, relevant, and proportionate to their defined purpose
AI Systems do not automatically share Personal Data with any third parties or government authorities
AI supported processing and outputs are subject to appropriate human oversight and accountability. Explanations relating to AI use, data inputs, and outcome rationale may be provided, as applicable, to support transparency for users, operational understanding for internal teams, and regulatory review or audit requirements.
Systems are not authorised to take decisions that produce legal effects or similarly significant impacts on individuals without appropriate human involvement
AI Systems operate within an established governance framework that monitors and prevents misuse, bias, drift, or function creep
Personal Data is encrypted in transit and at rest, and is subject to strict access controls
AI Systems apply data minimisation principles and adhere to retention limits aligned with legal requirements, where possible
In addition to the above, the following safeguards apply to the AI systems used by the Group:
Mandatory AI Impact Assessments and/or Data Protection Impact Assessments (DPIAs) are conducted where AI systems process Personal Data or support material decision making.
AI systems are subject to lifecycle controls, covering procurement, deployment, monitoring, modification, and retirement.
Human accountability is assigned for each AI use case, ensuring clear ownership and responsibility for outcomes.
Vendor and third party AI tools are subject to contractual, licensing, and governance controls to ensure compliance with data protection, confidentiality, and intellectual property requirements.
AI use cases are reviewed against applicable legal, regulatory, and ethical frameworks, including data protection, cybersecurity, and regional AI governance requirements.
6.3 Output Produced by the Systems we Use
The Processing of your Personal Data by the AI Systems we use results in the following outputs:
Summaries, transcripts, or structured representations of information
Analytical insights, trends, or patterns derived from input data
Classifications, recommendations, or decision support indicators
Metadata generated to support analytics, quality control, or system performance
Predictive or scenario based outputs, where applicable, used solely for internal analysis or planning purposes and subject to human review.
Where AI Systems generate personalized insights or recommendations, such outputs are non adverse, informational, and decision support in nature. They do not produce autonomous decisions or outcomes with legal or similarly significant effects on individuals and are applied only following appropriate human review, interpretation, or approval.
6.4 AI System Design and Governance Principles
Any AI System developed and utilised within our products, services, or other use cases is designed and operated in accordance with the following AI principles of design, as required under the DIFC DPR and other applicable regulations:
Ethical and Fair Use: Systems are designed to promote ethical outcomes and to treat individuals fairly. We take reasonable steps to identify and mitigate potential bias that could lead to unfair or discriminatory outcomes.
Transparency: Where AI is used to Process Personal Data, we aim to ensure that such Processing is explainable in clear, non technical terms to data subjects, and is sufficiently documented to support internal operational understanding and regulatory oversight. Explanations focus on the purpose of processing, the nature of data used, and the factors influencing AI supported outputs.
Security: Appropriate technical and organisational measures are in place to protect Personal Data processed by AI Systems and to prevent unauthorised access or a Personal Data Breaches.
Accountability: We maintain oversight and governance measures to ensure responsibility for the development, deployment, and outcomes of our AI Systems.
6.5 Codes and Regulatory Standards
Our AI Systems are designed, developed, selected, or operated having regard to relevant national and international standards and principles, which may include, as applicable:
The NIST Artificial Intelligence Risk Management Framework
ISO/IEC 42001:2023 - AI Management System
ISO/IEC 23894 - AI Risk Management
Such other codes, certifications, or principles established or designated by national or international regulatory authorities or bodies as may be applicable from time to time.
Adherence to these frameworks is proportionate to the nature, context, and risks associated with each AI System.
AI Systems apply data minimization and proportionality principles, processing personal data only to the extent necessary to achieve defined purposes. Wherever feasible, insights are generated using aggregated or de identified data, with personal data retained and processed in accordance with applicable legal, regulatory, and retention requirements.
You may contact the Firm at the contact details mentioned below for further information about the use of AI Systems and the Processing of Personal Data, or to exercise your rights under the DIFC DPL.
Our Website uses cookies to collect and store certain information about you, and to distinguish you from other users of this Website. This helps us provide you with a good experience when you browse our Website and also allows us to improve our Website. A cookie is a small text file which is sent by a Website, accepted by a web browser and then placed on your hard drive. The information collected from cookies lets us know that you visited our Website in the past, and helps you avoid having to re-enter information on each visit in order to use some of our products or services, among other things.
We use Usercentrics as our cookie consent management platform. Usercentrics acts as a processor for cookie consent, helping us obtain and manage your choices for each cookie category.
Cookie Categories:
Essential cookies (always active): These are necessary to activate the core functionality of the Website (e.g., security features, load balancing, consent logging). You can set your browser to block these cookies, but some parts of the site will not work.
Functional cookies (require your consent): These help us measure, analyse user behavior in order to measure and improve performance (e.g., Snapchat, TikTok, LinkedIn Plugin, Google Tag Manager, Microsoft Azure). When enabled, these tools may collect aggregated, anonymous data about your use of the Website.
Marketing cookies (require your consent): These enable ad measurement, remarketing, and personalization across our channels (e.g., HubSpot, Hotjar, Google Analytics, Facebook Pixel, Facebook Social Plugins, DoubleClick Ad, Conversion Linker, LinkedIn Insight Tag, Twitter Advertising, Twitter Analytics). When enabled, these technologies may process information about your interactions with our site for marketing purposes.
Your choices:
When you first visit, non-essential cookies are off by default. You can Accept All, or Manage Preferences to consent by category. You may change your choices at any time via the shield icon in the bottom left area of the browser.
More information:
Details of each cookie we use - including provider name, description, data purposes, technologies used, data collected, and retention period etc. are available in the services tab in the cookie selection banner. For information about how Usercentrics processes data as our processor, please see the Usercentrics privacy notice at https://usercentrics.com/privacy-policy/.
Some cookies on our Website are provided by third-party service providers (such as Google Analytics, HubSpot, TikTok Pixel, etc.). These third parties may process information collected via cookies for their own purposes, subject to their own privacy policies.
In the future, we may need to make additional changes. All additional changes will be included in the latest Privacy Policy published on this Website, so that you will always understand our current practices with respect to the information we gather, how we might use that information and disclosures of that information to third parties. You can tell when this Privacy Policy was last updated by looking at the date at the bottom of the Privacy Policy. TFO reserves the right, in its sole discretion, to modify, alter or otherwise update this Privacy Policy at any time. Any changes will be effective only after the effective date of the change and will not affect any dispute arising prior to the effective date of the change.
This Website may contain links to other third-party websites. If you follow a link to any of those third party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your personal information. Please check these policies before you submit any personal information to such third party websites.
Applicable laws may give you additional rights that are not described in this Privacy Policy.
Under certain circumstances, and where the conditions specified in the DIFC Data Protection Law No. 5 of 2020 (DIFC Law), Personal Data Protection Authority established under the provisions of Article (27) of Bahrain Personal Data Protection Law (30 of 2018) (the "Law"), Saudi Data and AI Authority (SDAIA Law M/19 of 2021), are met, by law, in addition to the rights listed above you also have the right to object to automated Processing, including profiling which produces legal or other seriously impactful consequences concerning you.
For further information, or inquiries about this User Agreement or Privacy Policy please contact:
Client Services
[email protected]
+973 1757 8000
Or
Data Protection Guardian/Officer
[email protected]
If you are unhappy with the way TFO treats your data. You have the right to make a complaint to the following authorities:
For Dubai:
DIFC Authority
Level 14, The Gate Building
DIFC
Dubai
United Arab Emirates
Or via email: [email protected]
For Bahrain:
Via email: [email protected]
Via Tel: (+973) 175 133 14, (+973) 175 133 21, (+973) 175 133 41
For Kingdom of Saudi Arabia:
Via email: [email protected], [email protected]
For Kuwait:
Via email: [email protected], [email protected]
Via Whatsapp: +965-22330125
Via phone: 125