CCL Compliance* recognises the importance of your privacy. This Privacy Policy is meant to inform you about the information we collect about you and how that information will be used. If you have additional questions about CCL Compliance’s data collection practices after reading this notice, please contact us.

CCL Compliance will use the personally identifiable information we collect about you to communicate with you with regards to your enquiry, to carry out our engagement with you, or to send you information about firm events or publications. We do, however, provide you the opportunity to decline to be included in our marketing database. The data we hold is kept securely and only accessed by authorised personnel. The data gathered also will be shared appropriately between our offices in the E.E.A. and the Middle East.

Other than to the extent permitted by law, CCL Compliance will not sell, share, or otherwise disclose any of the information it collects about you without your permission, though from time to time we may disclose your Personal Data to third parties who assist in preparing marketing mailings. We may also share personal data, with your permission, to processors who act on our behalf as per our engagement with you, details of which are enclosed in our contract.

CCL Compliance may revise this policy or any part of it at any time. We suggest you review the policy periodically for changes. If you no longer wish us to hold data about you, or wish to change the type of information we send to you, please contact us.

All CCL Compliance  websites are owned and managed by CCL Compliance .

Privacy Notice

This Privacy Notice explains how CCL Compliance (“CCL Compliance”, “we”, “us”, “our”), collects, uses, shares and otherwise processes your Personal Data in connection with your relationship with being generally interested in our services and our publications in accordance with applicable data privacy laws and regulations relevant to your jurisdiction, such as the General Data Protection Regulation (“GDPR”), the Data Protection Law, DIFC Law No.5 of 2020 (“DPL”) and the ADGM Data Protection Regulations 2021 (“DPR”).

Should you have any questions about this Privacy Notice you can contact us.

We may provide supplemental privacy notices on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your personal data. Those supplemental notices should be read together with this Privacy Notice.

CCL Compliance 

CCL Compliance  is made up of different legal entities registered in different jurisdictions. This Privacy Notice is issued on behalf of all CCL Compliance entities, and to the extent we are a data controller, each of our entities is a joint data controller of your Personal Data. You can contact us for further details.

Personal Data

The term “Personal Data” as used in this Privacy Notice means any information relating to you such as your name and professional contact details such as your business address, business email address and telephone number and information such as your job title. Personal Data does not include data from which you can no longer be identified such as anonymised aggregate data.

What we use your Personal Data for

We will process your Personal Data if and to the extent applicable law provides a lawful basis for us to do so. We will therefore process your Personal Data only:

a) if you have consented to us doing so;
b) (DIFC and ADGM only) if we need it to take steps to enter into a contract to which you are a party, at your request;
c) if we need it to perform the contract we have entered into with you;
d) if we need it to comply with a legal obligation; or
e) if we (or a third party) have a legitimate interest that is not overridden by your interests or fundamental rights and freedoms. Such legitimate interests will be the providing of compliance consultancy and training services by us, administrative or operational processes within CCL Compliance and direct marketing.

We will use your Personal Data to deliver compliance consultancy and training services to the institution you work or act for. We may also use your Personal Data to inform you about our services, new regulatory developments in the jurisdictions we act and our marketing events.

Please note that we may use or disclose Personal Data if we are required by law to do so or if we reasonably believe that use or disclosure is necessary to protect our rights and/or to comply with judicial or regulatory proceedings, a court order or other legal process.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access Personal Data (or to exercise any of your other rights). This is another appropriate security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it.

Accuracy of information

It is important that the Personal Data we hold about you is accurate and current. Please let us know if your Personal Data changes during your relationship with us.

What if you do not provide the personal data we request?

It is in your sole discretion to provide Personal Data to us. If you do not provide us with all or some of the Personal Data we request, we may not be able to send you any publications or marketing information about services we believe may be of interest to you.

Change of purpose, anonymisation

We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason which is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

In some circumstances, we may anonymise your Personal Data so that it can no longer be associated with you, in which case it is no longer Personal Data.

Sharing your information

When using your Personal Data for the purposes and on the legal basis described above, we may share your Personal Data with our other CCL Compliance offices around the world as well as service providers we work with. We may also have to share your Personal Data with regulators, law enforcement agencies and other bodies discharging a public function. If you are based within the European Economic Area ("EEA") or have provided Personal Data to CCL Compliance Limited or any of its Processors, for the purposes described above, we may have to transfer your Personal Data from the EEA/DIFC/ADGM to a CCL Compliance office or a third party outside of those jurisdictions and in a jurisdiction not being subject to an adequacy jurisdiction decision. We will always ensure that there is a legal basis and a relevant safeguard method or a permitted derogation for such data transfer so that your Personal Data is treated in a manner that is consistent with, and respects the laws and other applicable laws and regulations on data protection. We have put in place standard contractual clauses as our safeguard method. If you require further information about this you can request it by clicking here.

Your rights in relation to your information

If you are based within the EEA or have provided Personal Data to CCL Limited or any of its processors, you have rights as an individual which you can exercise under certain circumstances in relation to your Personal Data that we hold. These rights are to:

  • request access to your Personal Data (commonly known as a “data subject access request”) and request certain information in relation to its processing;
  • request rectification of your Personal Data;
  • request the erasure of your Personal Data;
  • request the restriction of processing of your Personal Data;
  • object to the processing of your Personal Data
  • right to data portability.

If you want to exercise one of these rights, please contact us.

If you are within the EEA, or where your data is processed in or through the ADGM or DIFC, and you believe your data is being processed contrary to the Applicable Law and this privacy notice, you have the right to make a complaint at any time to relevant data protection office as listed below.

UK Data Protection Office (ICO)
Information Commissioner’s Office
Wycliffe House Water Lane
Wilmslow
Cheshire
SK9 5AF

+44 (0) 303 123 1113
icocasework@ico.org.uk

ADGM Data Protection Office
Abu Dhabi Global Market Authorities Building
ADGM Square
Al Maryah Island
PO Box 111999
Abu Dhabi, UAE

+971 (0) 2 333 8888
data.protection@adgm.com

DIFC Data Protection Office
Dubai International Financial Centre Authority
Level 14,
The Gate Building
DIFC, UAE

+971 4 362 2222
commissioner@dp.difc.ae

Right to withdraw consent

Where you have provided your consent to the collection, processing and transfer of your Personal Data, you have the right to fully or partly withdraw your consent. To withdraw your consent, please contact us. Once we have received notification that you have withdrawn your consent, we will no longer process your Personal Data for the purpose(s) to which you originally consented unless there are compelling legitimate grounds for further processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. In case we processed your Personal Data for direct marketing purposes, you have the right to object at any time, in which case we will no longer process your Personal Data for such marketing purposes.

CCL Compliance’s retention of your Personal Data

We will only retain your Personal Data for as long as necessary to fulfil the purposes for which it was collected and processed.

To determine the appropriate retention period for your Personal Data, we will consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your Personal Data so that it can no longer be associated with you, in which case it is no longer Personal Data.

Upon expiry of the applicable retention period we will securely destroy your Personal Data in accordance with applicable laws and regulations.

All credit/debit card details and personally identifiable information will not be stored, sold, shared, rented or leased to any third parties.

Cookie, Analytics and Traffic Data

When you visit our site a small text file called a cookie is downloaded to your device to help make our websites and services better for you. A cookie is used to store small amounts of information. Most cookies are ‘session’ cookies which only exist for the duration of your session on our site, for example to pre-load your details into registration forms. Cookies also enable the effective use of the basket function. In addition, we track cookies anonymously for our site analytics. Depending on the browser that you use, you can set your preferences to block cookies, and/or notify you before they are placed.

We also use cookies in our emails to track open rates and other performance indicators so that we can continually improve the relevance and experience of our offering to you.

CCL Compliance do not allow third parties to advertise on our websites.

Links

This site contains links to other websites. We are not responsible for the privacy practices of these websites and you should review their privacy policies. The policy described here, applies only to data collected by CCL Compliance.

Fees

You will in general not have to pay a fee to exercise any of your individual rights mentioned in this Privacy Notice.

Information from Minors

We do not seek to collect personal data from individuals under the age of 18. Individuals under the age of 18 should receive permission from their parent or legal guardian before providing any personal data to us.

Changes to this privacy policy

We reserve the right to update this privacy policy at any time, and we will make an updated copy of such privacy notice available on each of the CCL Compliance entities’ websites. Changes will be effective on the day they are posted.

Further information

If you have any concerns or require any further information, please do not hesitate to contact Contact Us.


*References to CCL Compliance are to CCL Compliance Limited and CCL Limited (which has offices in the ADGM and the DIFC)