1. Privacy in Wingform
This Privacy Policy, as amended or otherwise changed from time to time (the “Privacy Policy”) explains the manner in which Digital Trading Solutions Inc. FZCO (the “Company”, “We”, “Us”, “Our) collects, uses, maintains and discloses Personal Data in Our electronic platform (“Wingform”) and through the provision of Our services (the “Services”).
We routinely collect and use personal data about individuals, including our customers, business partners and service provider representatives (“you”). We are aware of Our responsibilities to handle your personal data with care, to keep it secure, and comply with applicable privacy and data protection laws, including the UAE Federal Law (45) of 2021 on the Protection of Personal Data (the “Data Protection Law”).
The purpose of this Privacy Policy is to provide a clear explanation of when, why and how we collect and use information that may relate to you including, but not limited to, personal data collected via our website (https://wingform.com/) (the “Site”) or Our platform Wingform. Do read this Privacy Policy carefully. It provides important information about how we use personal data and explains your statutory rights. This Privacy Policy is not intended to override the terms of any contractual agreement you have with us, nor rights you might have available under applicable data protection laws, including the Data Protection Law.
Definitions:
“Consent”: is the consent by which an individual authorizes third parties to process Personal Data relating to him or her. Consent must be clear, simple, specific, unambiguous and accessible. It can be given electronically.
“Data Controller”: anyone who determines the means, methods, standards and purposes of the processing of an individual’s Personal Data.
“Data Processor”: which is anyone who processes Personal Data on behalf of a Data Controller and under their supervision and instruction.
“Personal Data”: which is any data relating to an identified natural person, or a natural person who can be identified, directly or indirectly, through the linking of data, by reference to an identifier such as his or her name, voice, picture, identification number, electronic identifier, geographical location, or one or more physical, physiological, cultural or social characteristics. Personal Data includes Sensitive Personal Data and biometric data.
2. Contact information
If you have any questions regarding this Privacy Policy, or how we use your personal data, you can contact us by:
(a) Email: [email protected]
(b) Post: Digital Trading Solutions Inc. FZCO, HD-180, Sheikh Rashid Tower, Dubai World Trade Centre (DWTC), Dubai, United Arab Emirates, Shared PO Box: 416654
Data Protection Officer (DPO): You may contact Our DPO by email at [email protected]
3. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in law, Our Personal Data collection and use practices, the features on the Site, or advances in technology. If material changes are made to this Privacy Policy, the changes will be prominently posted on the Site. Please ensure that you visit the Site regularly to ensure that you are familiar with the most current version of this Privacy Policy.
4. Data Controller
Digital Trading Solutions Inc. FZCO is the Data Controller of your Personal Data. As Data Controller subject to the Data Protection Law, We must ensure that any Personal Data We Process are:
processed fairly, lawfully and securely;
for specified, explicit and legitimate purposes in accordance with the data subject's rights and not further processed in a way incompatible with those purposes or rights; and that it is
adequate, relevant and not excessive in relation to the purposes for which they were collected or further processed;
accurate and, where necessary, kept up to date; and
kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data were collected or for which they are further processed.
5. What personal data do we collect?
We collect the following categories of Personal Data to provide you with Our Services:
Identity Data: This includes information that identifies, relates to, describes or is capable of being associated with, a particular individual such as full name or its parts, username or similar identifier, title, proof of address, date and place of birth, nationality, tax number and residence, occupation, gender, information from your identity document(s), and related information and your pictures / pictures of your identity (including biometric information such as a visual image of your face) or other document(s) we may request from time to time.
Contact data includes billing address, residential address, email address and
telephone number.
Screening data and Risk assessment data includes close connections, your status as a politically exposed person, and information pertaining to sanctions and adverse media, client risk score and client risk categorisation.
Financial Data: This includes form of payment information, bank accounts, and transaction details.
Commercial Information: This includes details regarding the purchase, inquiry or consideration of our services.It also includes data regarding bid history, information about personal property you own or wish to sell or buy, etc.
Technical data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, data/time stamp, browser plug-in types and versions, cookie IDs, search history, operating system and platform, and other technology on the devices you use to access the Services.
Profile data includes your username and password, your interests, preferences, feedback and survey responses.
Communication data includes communication between you and Us, including chats, call recordings and emails.
We may also collect other Personal Data provided by third party identity verification, market surveillance providers, and sanctions screening services, service providers, regulators or via social networking websites.
Some information is collected automatically by Our servers: a) We gather certain information automatically and store it in log files. This information includes IP addresses, browser type, Internet service provider (“ISP”), referring/exit pages, operating system, date/time stamp, and clickstream data; b) We use cookies to collect information. “Cookies” are small pieces of information that a website sends to your computer’s hard drive while you are viewing the website.
We also collect other types of Personal Data that you provide to Us voluntarily when seeking support and other Services, such as email, chat name and logs, information submitted via online form, video conferencing service information, other contact information, or other information provided to support services staff.
6. Purposes and legal bases for using your personal information
We use your personal information on the following legal bases
Consent. We may process your personal data only if we obtain your prior consent;
Performance of a Contract. Processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into an agreement or legal documentation;
Compliance with a legal obligation. Processing is necessary for compliance with any regulatory or legal obligation to which We are subject as Data Controller; as well as compliance with the relevant legal or regulatory obligation that we have, including regulations for anti-money laundering, countering the financing of terrorism, and countering the financing of proliferation of weapons of mass destruction (AML/CFT/CPF), as well as sanction compliance and fraud prevention;
Legitimate Interest. Processing is necessary to support ‘legitimate interests’ that we have as a business (for example, to improve our products and services, or to provide certain services to our clients, where you are aware of the provision of those services and have given your permission for those services to be provided, to the extent they relate to you), provided it is conducted at all times in a way that is proportionate, and that respects your privacy rights.
You will need to give Us Personal Data about yourself or other individuals in order to create and secure an account and access Our Services, and you may give Us Personal Data about yourself, the legal entity that you represent, or other individuals to help Us provide you with or improve the Services you have asked Us for.
Below you will find a table describing how we may use your personal data and which of the legal bases are used by Us to ensure lawful data processing.
Purpose/Activity | Type of data | Lawful basis for processing |
To create your account |
|
|
To verify your identity, carry out checks that we are required to conduct by applicable laws and regulations, including: “know your customer” (KYC), anti-money laundering, fraud, sanctions, politically exposed person (PEP) and liveness checks and perform client risk categorisation |
|
|
To provide, manage and administer Our services |
|
|
To process transactions including payments, fees and charges. |
|
|
To monitor your transactions for the purposes of detection, storage and reporting of fraudulent activities |
|
|
To provide customer support |
|
|
To send you service notifications related to your use of the Services |
|
|
To record and store communication with you |
|
|
To send you updates and marketing communication as well as to deliver relevant content to you, including ads, suggestions, personalized offers and recommendations |
|
|
To perform data analytics with respect to our Services for improvement purposes |
|
|
To manage and protect our business and website including system maintenance |
|
|
To help us improve our Services by completing a survey, feedback, or review |
|
|
7. How do we obtain your personal data?
Most of the personal data we process about you is received directly from you. For example, when you register to use the Services or communicate with us, we may receive your identity
and contact data from you.
In other cases, we may receive personal data about you from various third parties and publicly accessible sources, including but not limited to social media, search engines, company registers, banks, payment service providers, KYC service providers, advertising networks, analytics providers, screening data vendors, and from other users, where you have given your permission for them to share that with Us.
We may obtain Personal Data about you from other sources, including national credit agencies, third-party services such as AML-sanctions screening services and other organizations to supplement information provided by you. This supplemental information allows Us to verify the information that you have provided to Us and to enhance Our ability to provide you with information about Our business, products, and Services.
When you use the Services we may also automatically collect technical data through the use of cookies and similar technologies.
8. Who do we share your personal data with?
We do not share your personal information with third parties, except as described in this
Privacy Policy
We may share your Personal Data with:
Other users, including potential sellers and buyers. For example, when you notify a seller about an aircraft you wish to purchase.
Our Third Party Service providers, including KYC-AML providers, information technology service providers, closing agents, title companies, professional advisers, and other people of businesses who help Us provide Our services.
Advertising networks and Data analytics providers.
any third party you instruct us to share your personal data with in relation to the provision of Our Services, including our users.
Law enforcement and governmental agencies, to the extent we are legally required to do so.
9. How do we protect your personal data?
We take all reasonable and appropriate technical and organizational measures to protect all personal data collected by us from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction.
10. How long do we keep your personal data?
In accordance with our legal data protection and privacy obligations, we will only retain your information for as long as we need it to achieve the purpose(s) for which we obtained it in the first place, as required by law, and for the exercise or defense of legal claims. In some circumstances, we may retain your personal data for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax or accounting requirements. In specific circumstances we may also retain your personal data for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal data or dealings. Where your personal data is no longer required we will ensure it is securely deleted.
11. Cookies
We may use cookies for various purposes when you access or use the Services. Please review our Cookie Policy to find out more about our use of cookies.
12. Minors
We are not structured or intended to attract any person under the age of 18. We do not knowingly solicit or collect information from anyone under 18. If We become aware that a person under the age of 18 has provided Us with Personal Data, We will delete it immediately.
13. Direct Marketing
We may use your personal data to send you direct marketing communications about our products and services. This may be in the form of email, post, SMS, telephone or targeted online advertisements. In most cases, our processing of your personal data for marketing purposes is based on our legitimate interests to provide information in relation to our services that may be of interest to you, although in some cases (such as where required by law) it may be based on your consent. You have a right to prevent direct marketing of any form at any time by contacting us using the details set out in Section 2 (Contact). We take steps to limit direct marketing to a reasonable and proportionate level and to send you communications that we believe may be of interest or relevance to you, based on the information we have about you.
14. International Transfers
We may need to transfer your personal information to locations outside the jurisdiction in which you provide it, or from where you are viewing this website, in order to use it on the bases set out above.
From time to time we may need to share your personal data with third parties who may be based outside of the UAE, such as our service providers. We will always take steps to ensure that any international transfer of information is carefully managed to protect your rights and interests. We will only transfer your personal data to countries which are recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights, such as contractual commitments which meet the requirements of the Data Protection Law. We may also, under limited circumstances and further to seeking legal advice as to the necessity and lawfulness of such disclosures, make other disclosures of your personal data overseas, for example if we receive a legal or regulatory request from a foreign law enforcement body.
If you are a UK or EU citizen or reside in the UK or EU we will transfer your personal information outside the UK or EU in accordance with applicable data protection laws to ensure that it remains protected and secure.
15. Your data protection rights
You have several rights in relation to your Personal Data under applicable privacy and Data Protection Law, which may be subject to certain limitations and restrictions. Depending on your country or state of residence or domicile, you may have other legal rights over the information we collect from you and your devices. We will honor all such rights as required by applicable law. Please see the descriptions of the data rights below.
Right to be informed | You have the right to be provided with clear, transparent and easily understandable information about the collection and the user of your personal data. |
Right of Access
| You have the right to request access to your personal data processed by Us.
You can ask Us to:
|
RIght to Rectification | You are entitled to have your information corrected if it is inaccurate or incomplete. You can ask Us to rectify inaccurate personal data. |
Right to Erasure | You can ask us to erase your personal data, but only where:
We are not required to comply with your request to erase your personal data if the processing of your personal data is necessary:
There are certain other circumstances in which we are not required to comply with your erasure request, although these two are the most likely circumstances in which we would deny that request. |
Right of Restrict Processing | You can ask us to restrict (i.e. keep but not use) your personal data, but only where:
We can continue to use your personal data following a request for restriction, where:
|
Right of Data Portability | You have the right to obtain and reuse your Personal Data for your own purposes across different services. You can ask Us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it ‘ported’ directly to another data controller, but in each case only where:
|
Right to Object | You have the right to object to certain types of processing. You can object to any processing of your personal data which has our ‘legitimate interests’ as its legal basis, if you believe your fundamental rights outweigh our legitimate interests. Once you have objected, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights. You can also object to our use of your personal data for direct marketing purposes at any tim |
Right in relation to automated decision making and profiling
| We do not undertake any Automated Decision Making. You can ask not to be subject to a decision which is based solely on automated processing, but only where that decision:
In such situations, you can also obtain human intervention in the decision making, and we will ensure measures are in place to allow you to express your point of view, and/or contest the automated decision. Your right not to be subject to automated decision making does not apply where the decision which is made:
However, in these situations you can still obtain human intervention in the decision making, and we will ensure measures are in place to allow you to express your point of view, and/or contest the automated decision. |
Right to Non-Discrimination | You have the right not to be discriminated against as a result of your exercise any of the aforementioned rights, including by: (a) being denied access to any of our services; (b) being charged a different price for any of our services as a result of your exercising of such rights; (c) being offered any of our services on less favorable terms; or (d) us suggesting that (b) or (c) might occur. Should you be concerned that this is the case, please do not hesitate to let us know. |
Right to Lodge a Complaint | You have the right to lodge a complaint about the way We are processing your Personal Data. |
If you reside in the UK, the EU, or a country with GDPR-standards privacy law, you may have the above rights under applicable data protection laws.
We encourage you to contact us to update your information in the event that it changes, is inaccurate or incomplete. Please advise us of any changes to your personal information by contacting us at [email protected]
16. California Residents
California Civil Code Section § 1798.83, known as the “Shine The Light” law, permits users of our Site who are California residents to request and obtain from us a list of what Personal Information (if any) we have disclosed to third parties for direct marketing purposes in the preceding year, together with the names and addresses of those third parties. You may request this information from us no more than once a year, but such requests will be handled by us free of charge. Please send such requests by email to [email protected]
17. How to complain
If you have any questions about or any concerns or requests in relation to the Privacy Policy or our processing of your personal data, please contact us at [email protected].
Should you wish to report a complaint or feel that we have not addressed your concern in a satisfactory manner, you may contact the UAE Data Office. The UAE Data Office is responsible for promoting data protection in UAE, preparing policies and legislations related to data protection, proposing and approving the standards for monitoring Personal Data Protection Law, preparing systems for complaints and grievances related to data, and issuing guidelines and instructions for the implementation of the law.