Welcome to A1 Global Formations (trading name of Emford Global DMCC), a company incorporated in the Dubai Multi Commodity Centre. Emford Global DMCC (Company No: 0122) is an approved Registered Agent licensed by the RAK International Corporate Centre, Government of Ras Al Khaimah, United Arab Emirates. We are committed to protecting and respecting your privacy. This Privacy Policy, in compliance with GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act), explains how we collect, use, and protect your personal data when you use our services and website.
1. Definitions
1.1 Personal Data: Any information relating to an identified or identifiable natural person (‘data subject’). 1.2 Processing: Any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means. 1.3 Controller: The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. 1.4 Processor: A natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller. 1.5 Data Subject: Any living individual who is the subject of personal data. 1.6 GDPR: General Data Protection Regulation. 1.7 CCPA: California Consumer Privacy Act.
2. Data Collection
2.1 Information You Provide: We collect personal data directly from you through forms on our website, email communications, phone conversations, or other interactions. This may include:
- Name
- Contact information (email address, phone number, postal address)
- Financial information (bank account details)
- Identification documents (passport, driver’s license)
- Employment details
- Other information relevant to the services we provide
2.2 Information We Collect Automatically: When you visit our website, we may collect certain information automatically, including:
- IP address
- Browser type and version
- Time zone setting
- Browser plug-in types and versions
- Operating system and platform
- Information about your visit, including the URL clickstream to, through, and from our site, pages viewed, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page
2.3 Information from Third Parties: We may receive information about you from third parties, such as:
- Business partners
- Subcontractors in technical, payment, and delivery services
- Advertising networks
- Analytics providers
- Search information providers
- Credit reference agencies
3. Use of Personal Data
3.1 Service Delivery: We use your personal data to:
- Perform our contractual obligations
- Provide you with information, products, and services you request from us
- Manage our relationship with you, including processing your requests and orders
- Administer and protect our business and website
3.2 Legal Compliance: We process personal data to comply with legal obligations, such as:
- Anti-Money Laundering (AML) requirements
- Reporting to regulatory authorities
3.3 Improving Services: We analyze your personal data to understand how our services are used and to improve our offerings, including:
- Conducting surveys and research
- Evaluating and improving our business operations
- Developing new products and services
3.4 Marketing: With your consent, we may use your personal data to:
- Provide you with information about other services we offer
- Inform you about services and products available within the group
4. Legal Basis for Processing Personal Data (GDPR)
4.1 Consent: We may process your personal data if you have given your explicit consent for a specific purpose. 4.2 Contractual Obligations: Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract. 4.3 Legal Obligations: Processing is necessary for compliance with a legal obligation to which we are subject. 4.4 Legitimate Interests: Processing is necessary for the purposes of the legitimate interests pursued by us or a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.
5. Your Rights (GDPR)
5.1 Right to Access: You have the right to request access to your personal data that we hold. 5.2 Right to Rectification: You have the right to request the correction of inaccurate personal data we hold about you. 5.3 Right to Erasure: You have the right to request the deletion of your personal data under certain conditions. 5.4 Right to Restrict Processing: You have the right to request the restriction of processing of your personal data under certain conditions. 5.5 Right to Data Portability: You have the right to request the transfer of your personal data to another organization, or directly to you, under certain conditions. 5.6 Right to Object: You have the right to object to the processing of your personal data under certain conditions. 5.7 Right to Withdraw Consent: You have the right to withdraw your consent to processing your personal data at any time.
6. CCPA Privacy Rights
6.1 Right to Know: You have the right to request that we disclose what personal information we collect, use, disclose, and sell. 6.2 Right to Delete: You have the right to request the deletion of your personal information that we have collected or maintained. 6.3 Right to Opt-Out: You have the right to opt-out of the sale of your personal information. 6.4 Right to Non-Discrimination: You have the right to not be discriminated against for exercising your rights under the CCPA.
7. Data Sharing and Disclosure
7.1 Internal Sharing: We may share your personal data internally within our company to fulfill our contractual obligations and improve our services. 7.2 Third-Party Service Providers: We may share your personal data with third-party service providers who assist us in providing our services. These providers are required to comply with our privacy policies and data protection measures. 7.3 Regulatory Authorities: We may disclose your personal data to regulatory authorities if required by law or for compliance purposes. 7.4 Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred to the acquiring organization. 7.5 Legal Obligations: We may disclose your personal data to third parties if we are under a duty to disclose or share your data to comply with any legal obligation or to protect the rights, property, or safety of our company, our customers, or others.
8. International Data Transfers
8.1 Data Transfers Outside the EEA: Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure that such transfers are compliant with data protection laws and that appropriate safeguards are in place. 8.2 Standard Contractual Clauses: We may use standard contractual clauses approved by the European Commission to ensure that your personal data is protected when transferred outside the EEA.
9. Data Security
9.1 Technical and Organizational Measures: We have implemented appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. 9.2 Access Controls: Access to your personal data is limited to those employees, agents, contractors, and other third parties who have a business need to know. 9.3 Data Breach Procedures: We have put in place procedures to deal with any suspected data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
10. Data Retention
10.1 Retention Periods: We retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. 10.2 Deletion of Data: When we no longer need to retain your personal data, we will securely delete or anonymize it.
11. Cookies and Similar Technologies
11.1 Use of Cookies: We use cookies and similar technologies to enhance your browsing experience and improve our services. For detailed information on the cookies we use and the purposes for which we use them, please refer to our Cookie Policy. 11.2 Managing Cookies: You can manage your cookie preferences through your web browser settings. Most browsers allow you to block or delete cookies. However, blocking or deleting cookies may impact your experience on our website.
12. Children’s Privacy
12.1 Children Under 13: Our website and services are not intended for children under 13 years of age. We do not knowingly collect personal data from children under 13. If we learn that we have collected personal data from a child under 13 without verification of parental consent, we will delete that information. 12.2 Parental Consent: If you believe that we might have any information from or about a child under 13, please contact us at [email protected].
13. Changes to This Privacy Policy
13.1 Updates: We may update this Privacy Policy from time to time. Any changes will be posted on this page, and the updated policy will be effective as of the date of posting. We encourage you to review this policy periodically to stay informed about how we are protecting your personal data.
14. Contact Information
14.1 Data Protection Officer: If you have any questions or concerns about our use of your personal data, please contact our Data Protection Officer at [email protected]. 14.2 Complaints: If you believe that your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. In the EU, this is typically the Data Protection Authority in the country where you live or work, or where the alleged infringement occurred. In California, you may contact the California Attorney General’s Office.
15. Legal Basis for Processing Personal Data
15.1 GDPR: Under the GDPR, the legal bases for processing personal data include:
- Consent: You have given your consent for processing your personal data for one or more specific purposes.
- Contract: Processing is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into a contract.
- Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject.
- Vital Interests: Processing is necessary to protect the vital interests of you or another person.
- Public Task: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
- Legitimate Interests: Processing is necessary for the purposes of the legitimate interests pursued by us or a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.
15.2 CCPA: Under the CCPA, the legal bases for processing personal data include:
- Consent: You have given your consent for processing your personal data for one or more specific purposes.
- Contract: Processing is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into a contract.
- Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject.
- Vital Interests: Processing is necessary to protect the vital interests of you or another person.
- Public Task: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
- Legitimate Interests: Processing is necessary for the purposes of the legitimate interests pursued by us or a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.
16. Third-Party Links
16.1 External Websites: Our website may contain links to third-party websites. We are not responsible for the privacy practices or the content of those websites. We encourage you to read the privacy policies of any third-party websites you visit.
17. Data Protection by Design and Default
17.1 Privacy by Design: We implement appropriate technical and organizational measures, such as pseudonymization, which are designed to implement data-protection principles, such as data minimization, in an effective manner and to integrate the necessary safeguards into the processing to meet the requirements of GDPR and CCPA and protect the rights of data subjects. 17.2 Privacy by Default: We ensure that, by default, only personal data which are necessary for each specific purpose of the processing are processed. This applies to the amount of personal data collected, the extent of their processing, the period of their storage, and their accessibility. In particular, such measures ensure that by default personal data are not made accessible without the individual’s intervention to an indefinite number of natural persons.
18. Data Protection Impact Assessments (DPIA)
18.1 When DPIA is Required: We conduct Data Protection Impact Assessments (DPIAs) when the processing of personal data is likely to result in a high risk to the rights and freedoms of natural persons. 18.2 DPIA Process: The DPIA includes:
- A systematic description of the envisaged processing operations and the purposes of the processing.
- An assessment of the necessity and proportionality of the processing operations in relation to the purposes.
- An assessment of the risks to the rights and freedoms of data subjects.
- The measures envisaged to address the risks, including safeguards, security measures, and mechanisms to ensure the protection of personal data and to demonstrate compliance with GDPR and CCPA.
19. Data Subject Rights Request Handling
19.1 Request Submission: Data subjects can submit requests to access, rectify, erase, restrict processing, object to processing, or request data portability by contacting us at [email protected]. 19.2 Response Time: We respond to all legitimate requests within one month. If the request is complex or you have made a number of requests, it may take us longer, but we will keep you informed. 19.3 Verification: We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data or exercise any of your other rights.
20. Training and Awareness
20.1 Employee Training: We provide training to our employees on data protection and privacy practices to ensure compliance with GDPR and CCPA. 20.2 Awareness Campaigns: We conduct regular awareness campaigns to keep our employees informed about the importance of data protection and the measures they must take to safeguard personal data.
21. Contact Information
21.1 Data Protection Officer: If you have any questions or concerns about our use of your personal data, please contact our Data Protection Officer at [email protected]. 21.2 Supervisory Authority: If you believe that your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. In the EU, this is typically the Data Protection Authority in the country where you live or work, or where the alleged infringement occurred. In California, you may contact the California Attorney General’s Office.
We are committed to protecting your personal data and complying with GDPR and CCPA. This Privacy Policy outlines how we collect, use, and protect your personal data. We encourage you to review this policy periodically to stay informed about how we are protecting your personal data. If you have any questions or concerns, please contact us at [email protected].
By using our services and website, you consent to the processing of your personal data as described in this Privacy Policy. If you do not agree to our use of your personal data, please refrain from using our services and website.