This Privacy Policy (“Policy”) is designed to help you understand how we use your Personal Data, in accordance with the applicable data protection laws and regulations in ADGM (i.e., ADGM data protection regulations 2021) and further guidance thereunder (the “Applicable Laws”)[1].

This Policy applies to Processing of Personal Data [2] by GIGATONS LTD (“GIGATONS”) which is incorporated in the Abu Dhabi Global Market (ADGM). Defined terms in this Policy refer to definitions under the relevant Applicable Laws.

GIGATONS recognises that the privacy of your personal data is important to you. We are committed to treating all personal data with due confidentiality, in accordance with the relevant data protection laws of ADGM.

We, GIGATONS, and our subsidiary companies which are incorporated in ADGM, Abu Dhabi, individually referred to as “we”, “us”, “our”, the “group” or “GIGATONS”, “GIGATONS Group” and as applicable to the respective entity, in this Privacy policy.

Registered office is at ADGM: Cloud Suite 105, Desks D05, D06 & D07, Level 11, Al Khatem Tower, Abu Dhabi Global Market Square, Al Maryah Island, Abu Dhabi, United Arab Emirates

GIGATONS has presence in ADGM in the form of Holding Company. In compliance with the applicable laws and regulations (“Applicable Law”), we collect and process Personal Data for meeting the requirements of the ADGM companies.

This is our general Privacy Policy that applies to our operations.

This Policy may be updated from time to time.

Personal Data is any information referring to an identified or Identifiable Natural Person [3]. This includes information like your name, (e-mail) address and telephone number but can also include less obvious information such as your attendance at a seminar or analysis of your use of our website(s).

Additional protection is afforded under the Law to Special Categories of Personal Data, ie. Personal Data revealing or concerning (directly or indirectly) racial or ethnic origin, communal origin, political affiliations or opinions, religious or philosophical beliefs, criminal record, trade-union membership and health or sex life and including genetic data and biometric data where it is used for the purpose of uniquely identifying a natural person.

We Process your Personal Data in our capacity as a Controller. This means that we are responsible for ensuring that we comply with the Law when Processing your Personal Data.

For any queries relating to our Data Processing activities in relation to our entities in ADGM or other matters under this Policy or the Law, you may contact us by sending an email to: legal@gigatons.com

We only collect Personal Data about you in connection with providing our services and conducting our normal business operations, and/ or communications to invite you to our event or sharing relevant information with you. We may hold information about you:

• When you sign in on our websites
• When you subscribe to our newsletters or magazine
• When you participate in our marketing campaigns, events and programmes
• When you register for our events or programmes
• When you submit your resume for job applications
• When you contact us to share your stories
• When you provide us with your name cards at events, campaigns and meetings

Depending on the purposes, and the information you provide to us, the types of information we may Process about you may include:

Name, address (including proof of address), other contact details (e.g. email and telephone numbers), gender, marital status, date and place of birth, nationality, ID/EID/passport details, and (if relevant) employment details

Information about you which is relevant to a matter on which we are advising you or a client

Anti-money laundering and sanctions data

Screening information received from various anti-money laundering, counter-terrorism financing and sanctions databases relating to you

Identifiers

Information which can be traced back to you, such as an IP address, a website tracking code or any other information that may be automatically collected through our Website(s) or any other digital communication or network security applications used by us.

As a policy, we do not normally collect any Special Categories of Personal Data (such as your political affiliations or opinions or criminal record) unless and to the extent of which is required for compliance with Applicable Law.

GIGATONS may use your personal data for the following purposes:

• To contact you for programs which you have signed up for
• To inform you about program updates and invite you to our events
• To respond to enquiries pertaining to our programs
• To respond to your job application
• To send a newsletter, article, or magazine which you have subscribed to

GIGATONS may use your photographs and videos for our publicity and outreach efforts on the GIGATONS communications platforms.

We will not use your personal data for purposes other than what we have informed you or which are permitted under Applicable Laws.

GIGATONS will not offer or share your personal data with third parties outside of the GIGATONS group for commercial purposes, without seeking your consent.

GIGATONS will not disclose your personal data to third parties unless requested by relevant government or law enforcement agencies to comply with any Applicable Laws, rules, guidelines and regulations or schemes imposed by any governmental authority, including but not limited to when assisting us in fraud prevention or investigation.

We do not generally Process your Personal Data based on your consent (as we can usually rely on another lawful basis). Where we do Process your Personal Data based on your consent, you have the right to withdraw your consent at any time. To withdraw your consent, please contact us using the contact details mentioned in Section 7 above.

In addition to the above, we may share your information in the following circumstances:

• Depending on the situations or on your request, we may transfer Personal Data to countries or jurisdictions with data protection or privacy laws that are not adequate in comparison with the Law. Where any such transfers of Personal Data to non-adequate jurisdictions (as defined by the Commissioner of Data Protection - ADGM) take place, we take appropriate measures to protect Personal Data in accordance with the Law.
• We may Process Personal Data of clients, or representatives or beneficial owners of clients, through screening databases or search engines for identity verification or background screening.
• Depending on the scope of our services, we may require the assistance of various external professional service providers, based in or out of the group. The use of these external service providers may involve the service provider receiving your Personal Data from us, and some transfers of Personal Data may be made to countries or jurisdictions with data protection or privacy laws that are not adequate in comparison with the Law. Where any such transfers of Personal Data to non-adequate jurisdictions (as defined by the Commissioner of Data Protection -ADGM) take place, we take appropriate measures to protect Personal Data in accordance with the Law.
• We use the support services of various external companies to help us run our business efficiently, particularly in relation to our IT systems. Some of these services (such as email hosting and data backups) may involve the service provider Processing your Personal Data. Some transfers of Personal Data may be made to countries or jurisdictions with data protection or privacy laws that are not adequate in comparison with the Law. Where any such transfers of Personal Data to non-adequate jurisdictions (as defined by the Commissioner of Data Protection - ADGM) take place, we take appropriate measures to protect Personal Data in accordance with the Law.
• Where we use external companies to organise or host events for us, we may need to provide these service providers with your Personal Data.

In each case where we share your Personal Data with other parties, whether or not in an adequate jurisdiction (as defined by the Commissioner of Data Protection - ADGM), we take appropriate measures and ensure that the relevant party is contractually required to keep such Personal Data safe, secure and confidential in accordance with the minimum standards under the Law.

We implement appropriate steps to help maintain the security of our information systems and processes and prevent the accidental destruction, loss, or unauthorised disclosure of the Personal Data we Process.

We do not use profiling (where an electronic system uses Personal Data to try and predict something about you) or automated decision making (where an electronic system uses Personal Data to make a decision about you without human intervention).

We retain your Personal Data in accordance with our data retention policy which categorises all the information held by us and specifies the appropriate retention period for each category of information. Those periods are based on the requirements of the relevant laws and regulations of the ADGM, and the purpose for which the information is collected and used, taking into account legal and regulatory requirements to retain the information for a minimum period, limitation periods for taking legal action, good practice and our business purposes.

Normally, we do not transfer Personal Data outside the ADGM other than in the specific circumstances indicated in Part C above.

Where any such transfers of Personal Data to non-adequate jurisdictions (as defined by the Commissioner of Data Protection - ADGM) take place, we take appropriate measures in accordance with the Law.

This website may use cookie and tracking technology depending on the features offered. Cookie and tracking technology are useful for gathering information such as browser type and operating system and understanding how visitors use the site. Cookies can also help to customise the site for visitors. Personal data cannot be collected via cookies and other tracking technology. However, if you previously provided personally identifiable information, cookies may be tied to such information. Aggregate cookie and tracking information may be shared with third parties.

Types of cookies we may use:

• Functional cookies: These cookies are essential for the running of our website. Without these cookies our website would not function properly. These are saved temporarily as login information and expire once the browser is closed
• Analytical cookies: The information provided by analytical cookies allows us to analyze patterns of visitor and client behavior and we use that information to enhance the overall experience or identify areas of the website which may require maintenance. The information is anonymous (i.e. it cannot be used to identify you and does not contain personal information such as your name and email address), and it is only used for statistical purposes. Behavioral cookies are similar to analytical and remember that you have visited the website and use that information to provide you with content which is tailored to your interests

You can delete cookies any time you want by using the settings in your web browser. You can also choose to disable cookies from your web browser, but this would mean that our website and other websites that you access may not function properly. If you do this, a potential result is that you may not be able to sign in.

Contacting us and your rights

If you have any questions in relation to our use of your Personal Data, please email us using the contact details provided in Section 7 above.

Subject to certain exceptions outlined in the Law, you have the right to require us to:

• provide you with further details on the nature of your Personal Data held by us and the use we make of your Personal Data, including any sharing or transfer thereof;
• provide you with a copy of the Personal Data we hold about you;
• update any inaccuracies in the Personal Data we hold about you;
• delete any of your Personal Data that we no longer have a lawful basis to use or that you have withdrawn your consent for us to Process;
• where Processing is based only on consent, stop that particular Processing by withdrawing your consent;
• object to any Processing based on our legitimate interests unless our reasons for undertaking that Processing outweigh any prejudice to your data protection rights;
• restrict how we use your Personal Data during such time that the accuracy of the Personal Data, the lawful basis for Processing your Personal Data or our overriding legitimate interest in continuing to Process your Personal Data, is being contested by you; and
• transfer your Personal Data to you or a third party in a structured, commonly used and machine-readable format, to the extent that such Personal Data is automatically Processed and where the lawful basis for such Processing is your consent or for the performance of a contract.
• In certain circumstances, we may need to restrict your rights in order to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. responding to regulatory requests), or in accordance with other exceptions and limitations specified in the Law.

2. Your right to complain

If you are not satisfied with our use of your Personal Data or our response to any request by you to exercise your rights, or if you think that we have breached any relevant provision of the Law, then you have the right to complain to the authority that supervises our Processing of your Personal Data.

Our data protection supervisory authority is the Office of Data Protection in ADGM whose contact details are as follows:

Address:

Office of the Data Protection, ADGM

Abu Dhabi Global Market

Telephone: +971 (2) 333 8888

Website: https://www.adgm.com/operating-in-adgm/office-of-data-protection

Email: Data.Protection@adgm.com

[1] https://www.adgm.com/operating-in-adgm/office-of-data-protection

[2] “Processing” of Personal Data can include any one or more of the following, whether or not by automated means: collection, recording, organization, structuring, storage and archiving, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, transfer or otherwise making available, alignment or combination, restricting, erasure or destruction.

[3] Identifiable Natural Person means a natural living person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one (1) or more factors specific to his biological, physical, biometric, physiological, mental, genetic, economic, cultural or social identity (and "Identified Natural Person" is interpreted accordingly).