We recognise the importance of your privacy and understand your concerns about the security of your Personal Data. We are committed to ensuring that when you share Personal Data with us or we collect Personal Data about those who visit our websites, we do so in accordance with applicable and relevant privacy laws and principles.
This Privacy Notice details how we generally collect, hold, use and disclose Personal Data, your rights in relation to the Personal Data that we hold about you and the third parties to whom it may be disclosed. We do this in compliance with our obligations as a data controller under the Dubai International Financial Centre (“DIFC”) Data Protection Law No.5 of 2020 (“DPL”).
It is important that you read and retain this notice, together with any other Privacy Notice we may provide on specific occasions.
Any reference to “us”, “our”, “we” or “the Company” in this Privacy Notice is a reference to Magellan Capital Limited, as the context requires unless otherwise stated.
The Privacy Notice may form among other documents an integral part of the master agreement we have with you. However, it does not form part of any contract to provide services for which we have signed the contract with you.
This Privacy Notice applies to the following individuals (“you”):
We comply with the DIFC DPL. This ensures your Personal Data is:
Personal Data means any information about an individual from which that person can be identified, directly or indirectly. It does not include data where the identity has been removed (anonymous data).
We collect your Personal Data from various sources, such as through our company website, consent driven mailing lists for marketing purposes, and our interactions with you. We may also obtain Personal Data from other sources, background and/or identity checks or via cookies on our website.
The services we provide fall under the scope of our regulated activities and as such we generally have obligations to ask for a range of Personal Data from you which could include:
Our website is not targeted, intended or expected to be of use to children. Apart from providing information for specific services or purposes, as directed by DIFC processes, user-provided contributions of content or contact information regarding or about children are expressly prohibited.
If you choose not to provide the Personal Data we request, we may not be able to provide you with the product or service you need.
When we use the term “Processing” or “Process” this means any activity that can be carried out in connection with Personal Data such as collecting, recording, storing, adjusting, organizing, using, disclosing, transferring or deleting it in accordance with applicable laws.
We only use your Personal Data under one of the following legal grounds:
We may also use your Personal Data for the future planning of our business, including product development and research.
“Special Categories" of particularly sensitive Personal Data require higher levels of protection. We have justification for collecting, storing, and using this type of Personal Data. We have in place an appropriate policy document and safeguards in compliance with the law. We are likely to Process Special Categories of Personal Data in the following circumstances where:
Less commonly, we may Process this type of Personal Data where it is needed in relation to legal claims, where it is needed to protect your interests (or someone else's interests) and you are not capable of giving your consent, or where you have already made the information public.
For marketing purposes, we would not obtain Special Categories of Personal Data, however, if we do, we will issue a separate notice on how we would use the data.
We envisage that we may hold information about criminal convictions. We will only collect Personal Data about criminal convictions if it is appropriate and where we are legally able to do so. For example, to determine whether we can onboard you as a client or enter in to an agreement with you.
We may be required to retain and use Personal Data to meet our internal and external audit requirements, for data security purposes and as we believe to be necessary or appropriate:
In general, we do not rely on consent as our Processing reason and also would not require consent if we use Special Categories of your Personal Data in accordance with our written policy to carry out our legal obligations.
In limited circumstances, we may approach you for your written consent to allow us to Process certain particularly sensitive data. If we do so, we will provide you with full details of the Personal Data that we would like and the reason we need it so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your relationship with us that you agree to any request for consent from us.
To comply with our regulatory obligations, we may disclose Personal Data to the relevant government, supervisory and judicial authorities such as:
When we use third parties to carry out certain activities in the normal course of business, we may have to share Personal Data required for a particular task. For instance:
As we continue to develop our business, we may sell or purchase assets. If another entity acquires us or merges with us, your Personal Data will be disclosed to such entity. Also, if any bankruptcy or reorganization proceeding is brought by or against us, all such information will be considered an asset of ours and as such it is possible it will be sold or transferred to third parties.
The third parties or group entities may located in a jurisdiction that does not have the same level of data protection as the DIFC. In such cases the third parties or group entities will be required to abide by standard data protection clauses or the Personal Data transfer may be subject to a lawful derogation. You may ask us for further details of these safeguards, where required.
These companies acting on our behalf are required to keep your Personal Data confidential.
We take our obligations to protect your Personal Data seriously and as such we take reasonable steps to hold Personal Data securely in electronic form.
Once we have received your Personal Data, we will take reasonable steps to use technical measures to prevent unauthorised access, modification or disclosure, and take steps to protect the Personal Data we hold from interference, misuse, loss, unauthorised access, modification or unauthorised disclosure.
Some electronic communications through non-secure web platforms may not be secure, virus- free or successfully delivered. If you communicate with us using a non-secure web platform, you assume the risks that such communications between us are intercepted, not received, delayed, corrupted or are received by persons other than the intended recipient.
We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we Process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements. We have a Retention Policy which outlines the applicable periods.
If we change this Privacy Notice we will post the changes on this website, therefore please check back regularly to ensure you are aware of any changes to our Personal Data Processing operations. The changes will take effect as soon as they are posted on our website.
During your interaction with our website, we may use cookies to improve security, enhance functionality, and remember your preferences. A cookie is a small text file containing a unique identification number that helps our website recognise your browser and respond accordingly.
We use the following types of cookies:
Name: | Purpose: | Expires: |
---|---|---|
Security Cookies: XSRF-TOKEN | Help protect your information by ensuring that interactions with our website are secure. They prevent unauthorised actions by verifying that requests are made by legitimate users. | 120 minutes post opening the website and then reset |
Preference Cookies: CookieConsent | Store your preferences, such as your acceptance of cookies on our website. This ensures that you don’t need to confirm cookie consent each time you visit. | 120 minutes post opening the website and then reset |
These cookies do not track your browsing behaviour or collect personally identifiable information. You may choose to adjust your browser settings to refuse cookies or to notify you when a cookie is being set. However, please note that if you refuse certain cookies, parts of the website may not function as intended.
We may use your Personal Data to offer you products and services that we believe may interest you. If you do not wish to receive marketing offers from us, you can let us know by emailing us at dpo@magellancap.com. Note however that we have no control over the way social media sites target and market our paid advertising, to its audience.
Under certain circumstances, and where the conditions specified in the DIFC Data Protection Law No. 5 of 2020 (DIFC Law) are met, by law, you have the right to:
We may need to request specific Personal Data from you to help us confirm your identity and ensure your right to access the Personal Data (or to exercise any of your other rights). This security measure ensures that Personal Data is not disclosed to an unauthorised person.
You will not have to pay a fee to exercise your rights. However, we may charge a reasonable fee if your request for access is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances, where permitted by law.
Upon your request we will remove your personal contact details from our database, however, you may continue to receive promotional emails from our other websites, providers, or other non-affiliated marketers whose services you may have accessed via Magellan’s website. You can request them directly to remove your data from their system.
If you have any concerns or questions regarding this notice, you may contact our Data Protection Officer (“DPO”) through the contact methods below.
DPO Contact Details:
Nora O’ Dwyer
dpo@magellancap.com
Office 04, Level 5,
Gate District Precinct Building 03,
Dubai International Financial Centre, Dubai,
United Arab Emirates
We will make every effort to resolve your complaint internally and as soon as practicable and as prescribed by law.
However, if we are unable to satisfactorily resolve your complaint you have the right to make a complaint to the DIFC Data Protection Commissioner.
DIFC Data Protection Commissioner Contact Details:
Dubai International Financial Centre Authority
Level 14, The Gate Building, DIFC, UAE
+971 4 362 2222
commissioner@dp.difc.ae
This Privacy Notice (hereinafter referred to as this ‘Notice’) is intended to inform you that Magellan Capital Limited (hereinafter referred to either as ‘Magellan or ‘the Firm’ or “we” or ”us” or “our”) is consider the Data Controller of your Personal Data and will therefore be responsible for deciding how your Personal Data is processed, and protecting this data, during and after your employment relationship with us, in accordance with the DIFC Data Protection Law No. 5 of 2020 (‘DPL 2020’).
We are required under this law to notify you of the information contained in this Notice. We may update this Notice at any time, but if we do so, we will provide you with an updated copy of this Notice as soon as reasonably practical via our website.
This Notice applies to all employees, employees on contract, temporary workers, secondees, directors, authorised individuals and officers who process Personal Data and are employed by us. Any reference to ’you’, ‘your’, ‘yours’ or ‘yourself’ in this Privacy Notice is a reference to any of our employees (full-time and contractors), directors, authorised individuals and officers, as the context requires unless otherwise stated.
We are required under the DPL 2020 to notify you of the information contained in this Notice.
The DPL 2020 requires the Firm to demonstrate that any Personal Data we hold about you is:
The Firm is required to keep and Process your Personal Data for employment purposes. The information that we hold, and Process will be used for management and administrative use only. We will keep and use your Personal Data to enable us to carry out our business and management of the employment relationship with you effectively, lawfully, and appropriately, during the recruitment process, whilst you are employed by us and at the time your employment ends. This includes information that enables us to comply with the employment contract, any legal requirements, and for us to protect our legal position in the event of any legal proceedings. If you do not provide this data, we may in some circumstances be unable to comply with our legal and regulatory obligations. Under such circumstances, we will inform you of the implications of that decision.
We may from time to time need to process your data in order to pursue legitimate business interests. The Firm however will not process your data where these interests are overridden by your own interests.
The sort of information the Firm holds with regard to your Personal Data includes your application form and references; your right to work in the country such as a copy of a passport and / or birth certificate and your valid visa; your contract of employment and any amendments to it; all correspondences with or about you; salary information, contact and emergency contact details; records of holiday, sickness and other absences; information required for equality monitoring policy, training records, appraisals; undertakings/ declarations and where appropriate disciplinary, grievances and any other formal action.
There are certain types of more sensitive personal data which require a higher level of protection, such as information relating to your health, which could include reasons for absence, medical certificates, and/or other health reports. These will be used in order to comply with health, safety and occupational health obligations to consider (if ever required) how your health affects your ability to do your job and whether any adjustments may be required. The Firm also uses this information to administer its policy relating to sick leave for employees, as well as any health and life insurance policies (if applicable).
Where the Firm is processing your Personal Data based on your consent, you have the right to withdraw that consent at any time.
We will process your personal data in connection with the management of our relationship with you, for the following purposes and in reliance of the listed legal bases:
Personal data type: | Purpose: |
---|---|
Personal details such as name, last name, date of birth, gender, contact details (such as phone number(s), email address(es)), and residential and/or business address(es) |
|
ID and Visa details such as passport, national ID card, labor card, residence Visa or similar documents Previous ID and new ID details (ID Number, Name, Expiry date) |
|
Emergency contact details (Name, Relationship, address, Contact Number) |
|
Fin Financial information such as Salary, bank account details, payroll records and bonuses |
|
Employment Contract between the Firm and the employee that includes: (Name, agreement starting date, start date, position, salary: {Basic wage, benefits, bonuses, allowances}, reporting line manager) Start date and, if different, the date of your continuous employment |
|
Leave Information and reason for leaving (Sick leave, Annual leave, personal leave, no show leave) |
|
Personal photo (Photograph) |
|
Education certificate photocopy |
|
Recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process) |
|
Employment records (including job titles, work history, working hours, holidays, training records and professional memberships) |
|
Compensation history |
|
Performance information |
|
Disciplinary and grievance information |
|
Information about your use of our information and communications systems |
|
Results of background check, including screening and previous employer cancelation details |
|
Dependent information and details (Name, Identification details and documents copy such as Passport, Residence Visa, National Identity card, Health care Insurance) |
|
Health care Insurance certificate |
|
Non Disclosure agreement, Non compete agreement |
|
Personal Account Transactions - Personal Account Transactions relate to all trading accounts, statements and transactions that employees hold/carry out with other brokers, |
|
Special Category Data | |
Information about your health, including any medical condition, health, and sickness records, including: where you leave employment and under any share plan operated by a group company the reason for leaving is determined to be ill-health, injury or disability, the records relating to that decision. Details of any absences (other than holidays) from work including time on statutory parental leave and sick leave; and where you leave employment and the reason for leaving is related to your health, information about that condition needed for pensions and permanent health insurance purposes. Declaration of fitness. |
|
Information about criminal convictions and offences |
|
Religion (for Visa application purposes) |
|
The above list is by no means exhaustive and should be used merely as a point of reference from which a working definition of business purposes can be established and further developed.
The Firm may Process personal information lawfully for a number of reasons, including in order to:
Magellan will only disclose your Personal Data to third parties if the Firm is legally obliged to do so or where there is a need to comply with its contractual obligations to you, for instance the Firm may need to pass on certain information to any external Service Providers including the Firm’s group companies, HR and payroll provider, pension, benefits or health insurance providers. Where there is a requirement to use an intermediary, the Firm will ensure that the Personal Data is exported to one who is located in a jurisdiction that is deemed by the DIFC Data Commissioner as having an adequate data protection regime, where this is not possible and a provider in a non-adequate jurisdiction is selected, the Firm will ensure that safeguards are introduced to protection your data, this may include standard contractual clauses or a legal derogation; you may ask us for further details of this. Where we use certain service providers in other jurisdictions/countries that have not been deemed "adequate", we will have other legal mechanisms in place to ensure appropriate processing of your personal data.
If there is a requirement in the future to process your data for a purpose other than for which it was collected, the Firm will always provide you with notice and the information on that purpose and any other relevant information.
Magellan will maintain clear and accessible records of all data processing activities.
Your Personal Data will only be kept for as long as is necessary to fulfil the purpose we collected it for or as required by law. Where there is a legal requirement to keep the data, the Firm will comply with the statutory retention periods. All personnel and pay records will be retained for a period of 6 years from the last date of employment.
All employee leaver information will be retained for a period of 6 years unless the Data Subject requests to be forgotten.
Where the data is required to defend a potential claim, the data will be retained for the required period of time.
Recruitment records such as CVs and application forms on unsuccessful candidates will be kept for a period of 1 year from the date of rejection.
Under the DPL 2020, as a Data Subject, you have a number of rights with regard to your Personal Data. You have the right to request from the Firm to access to and to rectify your data as well as for it to be erased and to restrict processing of your data in certain circumstances.
If you have provided consent for the processing of your data, you have the right to withdraw that consent at any time, which will not affect the lawfulness of the processing before your consent has been withdrawn.
You also have the right to lodge a complaint with the DIFC Data Commissioner if you feel that the Firm has not complied with the DPL 2020 requirements regarding how the Firm deals with your Personal Data.
Your rights pursuant to DPL 2020 amongst others:
In general, there are other legal bases available to process your data for example to fulfil legal or contractual obligations as an employer to provide an employment contract, process salary payment, set up and administer schemes for pension, life cover etc. which mean that relying on explicit consent is not always necessary. However, for most other scenarios, employers will need to show that employees give their consent freely to the specific use, purpose, or processing of that data and the consent will need to be clearly connected to the processing. In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your Personal Data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the Data Protection Officer using the email provided below. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
We are committed to safeguarding and protecting your personal data and implement and maintain appropriate technical and organisational measures to ensure a level of security appropriate to protect any personal data provided to us from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.
It is important that the Personal Data we hold about you is accurate and, where necessary, kept up to date. Please keep us informed if your personal information changes during your working relationship with us and respond promptly to our request for updates of your data.
We may change or update parts of this Notice in order to maintain our compliance with applicable DIFC Data Protection Law and any changes to other laws or following an update to our internal practices. Therefore, please ensure that you regularly check this Notice so you are fully aware of any changes or updates. We will inform you of any material changes to this Notice.
If you have any queries about the contents of this Notice, or wish to inform us of a change or correction to your personal data, would like a copy of the data we collect on you, or would like to raise a complaint or comment, please contact us by:
Nora O’ Dwyer
dpo@magellancap.com
Phone: +971 4323 0800
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can escalate your complaint to the data protection supervisory authority in your jurisdiction. Contacts of the relevant data protection supervisory authority in the DIFC is as follows:
Contact Details:
Dubai International Financial Centre Authority Level 14,
The Gate Building
+971 4 362 2222
commissioner@dp.difc.ae
This notice was last updated on: 27 January 2025