- The Federal Decree-Law No. (45) of 2021 Concerning the Protection of Personal Data, which prescribes the protocols for processing personal data within the United Arab Emirates.

- The Federal Decree-Law No. (46) of 2021 on Electronic Transactions and Trust Services, which legitimizes and secures the electronic transactions and communications facilitated through our platform.

- Personal Data: Any information relating to an identified or identifiable natural person (“Data Subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

- Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

- Data Controller: The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. For the purposes of this Privacy Policy, BEM Funding is the Data Controller.

- Data Processor: A natural or legal person, public authority, agency, or other body which processes personal data on behalf of the Data Controller.

- Consent: The Data Subject’s freely given, specific, informed, and unambiguous indication of their wishes by which they, through a statement or a clear affirmative action, signify agreement to the processing of personal data relating to them.

- Data Protection Officer (DPO): The individual appointed by BEM Funding to ensure the organization’s compliance with the applicable data protection laws and to oversee the management of personal data, address data protection inquiries from data subjects, and liaise with regulatory authorities as necessary.

- Sensitive Personal Data: Special categories of personal data which require higher levels of protection, such as information about an individual’s health, racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic and biometric data, or sexual orientation.

- Data Breach: A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

- User Account: The personalized access granted to users that enables them to use the services of the platform, involving data like usernames, passwords, and transaction histories.

- Encryption: The process of converting information or data into a secure format for transmission, preventing unauthorized access.

- International Data Transfers: Any transfer of personal data which is subjected to processing or intended for processing after transfer to a foreign country or international organization.

- Identifying Information: Full name, date of birth, and gender.

- Contact Details: Email address, telephone number, mailing address.

- Trading Activity: Information related to transactions, trading behavior, and preferences.

- Financial Information: Bank account details, payment card details, income, and other financial data necessary for processing transactions and conducting due diligence.

- Technical Data: IP addresses, login data, browser types and versions, time zone settings, and other technology on the devices used to access our platform.

- Profile and Usage Data: Username and password, purchases made, interests, preferences, feedback, and survey responses.

- Compliance Data: Information required for identity verification and background checks, including national identification numbers and copies of government-issued identification, necessary to comply with legal and regulatory obligations.

- Direct Interactions: You may provide personal data when you complete online forms, subscribe to our services, create an account, participate in discussion boards or other social media functions on our site, enter a competition, promotion or survey, and when you report a problem with our site.

- Automated Technologies or Interactions: As you interact with our website, we may automatically collect technical data about your equipment, browsing actions, and patterns. We collect this data by using cookies, server logs, and other similar technologies. We may also receive technical data about you if you visit other websites employing our cookies.

- Third Parties or Publicly Available Sources: We may receive personal data about you from various third parties and public sources as set out below:

- Technical Data from analytics providers, advertising networks, and search information providers.

- Contact, Financial and Transaction Data from providers of technical, payment, and delivery services.

- Identity and Contact Data from data brokers or aggregators.

- Identity and Contact Data from publicly available sources such as Companies House and the Electoral Register.

At BEM Funding, we utilize the personal data we collect for several specific purposes, which are integral to providing you with a high-quality trading experience and complying with our legal obligations:

Account Management: To register you as a new user, manage your account, provide customer support, and ensure the overall management of our services including administering your investments and transactions.

Legal Compliance: To verify identity, conduct necessary background checks, and ensure compliance with legal, regulatory, and financial requirements. This includes anti-money laundering (AML) checks, fraud prevention, and adherence to financial services regulations

Service Improvement: To analyze and understand market trends, monitor and analyze the usage of our services, and conduct analytics to improve the quality, safety, and efficiency of our services.

Communication: To provide you with updates about our services, changes to terms and policies, security alerts, and support and administrative messages. Also, to respond to your comments, questions, and customer service requests.

Marketing and Promotions: To send promotional communications that may be of specific interest to you, including information about special offers and events. We also use your personal data to communicate with you about promotions and special offers that may be of interest. You have the right to opt-out of receiving marketing communications at any time by contacting us or using the unsubscribe links in the emails you receive.

- Consent: For certain specific purposes such as direct marketing and certain types of cookies and similar technologies, we process your data with your explicit consent. You have the right to withdraw this consent at any time.

- Contractual Necessity: Processing your data is necessary for the performance of a contract to which you are a party, or to take steps at your request before entering into such a contract. This includes providing the services you request from us and managing our contractual relationship with you.

- Legal Obligations: We are required to process your personal data to comply with legal obligations, such as maintaining records for tax purposes or providing information to a public body or law enforcement agency.

- Legitimate Interests: We process your data when it is necessary for the purposes of our legitimate interests or the interests of a third party, provided those interests are not overridden by your interests or fundamental rights and freedoms. This basis allows us to manage our relationship with you, to administer and improve our services and business, and to protect our business interests.

BEM Funding employs cookies and similar tracking technologies to track the activity on our web app and hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our service.

The information gathered through these technologies helps us manage sessions, provide personalized web content, tailor our interactions with you, enhance the performance and usability of our web app, measure the effectiveness of our promotions, and ensure trust and safety across our services.

- Session Cookies. We use Session Cookies to operate our service.

- Persistent Cookies. We use Persistent Cookies to remember your preferences and various settings.

- Essential Cookies: These are necessary for the platform’s basic functionality and are therefore always enabled. They include cookies that allow for memory of your site use during a session or, if requested, from session to session.

- Performance and Functionality Cookies: These are used to enhance the performance and functionality of our web app but are non-essential to its use. However, without these cookies, certain functionalities like videos may become unavailable.

- Analytics and Customization Cookies: These collect information that is used either in aggregate form to help us understand how our web app is being used or how effective our marketing campaigns are, or to help us customize our web app for you.

- Advertising Cookies: These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and selecting advertisements that are based on your interests.

- Browser Settings: You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. The Help feature on most browsers provides information on how to accept cookies, disable cookies, or to notify you when receiving a new cookie.

- Direct Opt-Outs: For cookies used by our tracking and analytics services, and our advertising partners, you can manage your preferences directly on their websites.

- Privacy Enhancements: We support tools that effectively limit tracking, such as browser incognito mode and blocking third-party cookies.

- Service Providers: We engage various service providers, contractors, and third-party service vendors to assist us in operating our platform, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. This includes hosting and maintenance, error monitoring, debugging, performance monitoring, billing, customer relationship, database storage and management, and direct marketing campaigns. We may share your data with third-party service providers who perform various functions to enable our services. These include payment processors, marketing platforms, and data analytics providers. Our agreements with these partners ensure they uphold the same standards of data protection as we do. We may also share your data with third parties when you engage in promotions hosted or co-sponsored by third parties. Such engagements may require sharing your information with them, and we recommend reviewing their privacy policies to understand their data protection practices.

- Legal Requirements: We may disclose your Personal Data in the good faith belief that such action is necessary to:

- Comply with a legal obligation such as a court order or a governmental request

- Protect and defend the rights or property of BEM Funding

- Prevent or investigate possible wrongdoing in connection with the service

- Protect the personal safety of users of the service or the public

- Protect against legal liability

- Business Transfers: If we are involved in a merger, acquisition, or asset sale, your Personal Data may be transferred as part of that transaction. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.

- Aggregated or Anonymized Data: We may share aggregated or anonymized information with partners or others for business or research purposes. This data does not identify you individually but may include usage, viewing, and technical data collected from your use of the service.

- Data Processing Agreements: Before sharing your data with third parties, we ensure that Data Processing Agreements (DPAs) are in place which require them to maintain the confidentiality and integrity of the data and to process it only as per our documented instructions.

- Security Measures: We require all third parties to implement robust technical and organizational security measures to protect your data against unauthorized access, alteration, disclosure, or destruction.

- Compliance Monitoring: We regularly review our third-party service providers for compliance with our data protection standards and other legal requirements.

- Transparency: We will always inform you of any changes in the way we share your data, including providing information about any new third-party service providers, through updates to this Privacy Policy.

- Service Providers and Partners: To facilitate our global operations, we may transfer your personal data to service providers and partners located in countries outside of your country of residence. This includes countries that may not have laws providing the same level of data protection as your own.

- Legal and Regulatory Requirements: We may transfer personal data to comply with legal obligations, respond to lawful requests by public authorities, including to meet national security or law enforcement requirements, or as required for the protection of our legal rights in foreign jurisdictions.

- Adequacy Decisions: Where possible, we transfer personal data to countries that have been deemed to provide an adequate level of data protection by relevant authorities, such as countries in the European Economic Area (EEA).

- Standard Contractual Clauses (SCCs): For transfers to countries without adequacy decisions, we use Standard Contractual Clauses approved by the European Commission or other relevant authorities as a basis for data transfer, ensuring that personal data is protected according to legally binding standards.

- Binding Corporate Rules (BCRs): For transfers within our corporate group, we may use Binding Corporate Rules that have been approved by competent data protection authorities to ensure consistent and secure data handling practices across our global operations.

- Privacy Shield Framework: If transferring data to entities in the United States, we ensure that they participate in the Privacy Shield Framework which requires them to provide similar protection to personal data shared between Europe and the US.

- Information Access: You can request details about the safeguards in place for transferring your personal data internationally.

- Objection and Restriction: You have the right to object to or restrict certain types of transfers if you feel your data may not be adequately protected.

- Right to Access: You have the right to request access to the personal data we hold about you, including information on how it is used and whom it is shared with.

- Right to Rectification: If you believe that any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or complete it.

- Right to Erasure ("Right to be Forgotten"): You can request the deletion or removal of personal data where there is no compelling reason for its continued processing.

- Right to Restrict Processing: You have the right to 'block' or suppress further use of your data. When processing is restricted, we can still store your data but will not use it further.

- Right to Data Portability: You have the right to obtain and reuse your personal data for your own purposes across different services. This means you can transfer, copy, or move personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability. You have the right to request a structured, commonly used, and machine-readable format of the data you provided to us, which we will provide without hindrance. You also have the right to direct us to transmit this data to another controller.

- Right to Object: You have the right to object to the processing of your personal data based on grounds relating to your particular situation, especially if data is processed for direct marketing purposes.

- Rights Related to Automated Decision Making and Profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. If we make a decision based solely on automated processing that affects your legal rights or significantly impacts you, you may request human intervention, express your point of view, and contest the decision.

1. Contact Us: Submit a request via our designated contact form, email address, or through our customer support portal. Please provide sufficient information that allows us to verify your identity.

2. Verification of Identity: We take the privacy and security of your data seriously and will need to verify your identity to protect your data from unauthorized access.

3. Response Time: We aim to respond to all legitimate requests within one month. Occasionally, it might take us longer if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.

4. No Fee Usually Required: You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

- Encryption: We use strong encryption to protect data during transmission and storage.

- Access Controls: Access to personal data is strictly limited to personnel who need access to perform their job functions. We enforce strict password policies, multi-factor authentication, and role-based access controls.

- Network Security: We utilize firewalls, intrusion detection systems, and regular security audits to protect against potential vulnerabilities.

- Secure Software Development: Our development practices include regular security testing, code reviews, and updates to ensure our software is secure against emerging threats.

- Data Minimization: We limit the collection, use, and retention of personal data to what is strictly necessary for the legitimate purposes of processing.

- Incident Response Plan: We maintain an incident response plan that outlines procedures to detect, report, and investigate a data breach.

- Notification Procedures: Should a data breach occur, we will notify affected individuals and relevant authorities without undue delay, in accordance with applicable laws and regulations.

- Individuals: Affected individuals will be informed of the nature of the breach, data involved, possible consequences, and measures taken to address the breach.

- Regulatory Authorities: We will report breaches to the appropriate regulatory authorities as required by law, typically within 72 hours of becoming aware of the breach.

- Mitigation Measures: After a breach, we will take immediate steps to mitigate any damage by securing our systems, identifying the cause of the breach, and preventing further unauthorized access.

- Review and Adjustments: Following a breach, we will review our policies and procedures and implement necessary improvements to our security measures.

- Legal and Regulatory Obligations: We retain personal data for the period required by law or to comply with our regulatory obligations. For instance, laws related to anti-money laundering, financial reporting, or fraud and crime prevention may require us to retain certain information for a fixed period after a transaction has occurred.

- Contractual Necessities: Personal data provided to us for the performance of a contract may be retained for as long as the contract remains in effect plus a period afterward to handle any post-contractual claims or inquiries.

- Operational and Business Purposes: Data used for business purposes, such as providing customer support, managing accounts, or facilitating ongoing business relations, is retained according to the amount of time necessary to achieve these purposes.

- Consent-Based Retention: When we process personal data based on your consent, such as for marketing purposes, we retain the information until you withdraw your consent.

- Deletion: Data is permanently deleted from all our systems and backups, ensuring that it cannot be restored or accessed.

- Anonymization: We transform personal data into a state where the data subject is not or no longer identifiable, thereby preventing any future re-identification.

- Aggregation: Data is aggregated with other data to eliminate identifiable characteristics and produce statistical datasets that cannot be linked back to any individual.

- Verification: In situations where we need to collect personal data from a child under the age of 18, we will take appropriate steps to verify parental consent, considering the available technology to ensure that the person providing consent does indeed hold parental responsibility.

- Limited Collection: For users verified as children under the age of 18, we limit the types of information and the volume of information collected to what is directly necessary to participate in the activity requested.

- Direct Communication: We will not use the personal data of children under 18 to contact them about promotions or for marketing purposes without parental consent.

- Data Minimization: Limiting the collection of personal data from children to only what is necessary in relation to the purposes for which it is processed.

- Security Measures: Applying robust security measures to protect the data of children from loss or unauthorized access.

- Parental Access: Providing parents with the option to review, correct, or request the deletion of the personal information of their children and to refuse further collection or use of the child's information.

- Email Notification: For significant changes, we may notify you by sending an email to the address associated with your account, advising you to review the changes and providing you with the opportunity to consent to them.

- In-Platform Notifications: We may also provide notifications of changes within our platform interface, which you will see when you log in or interact with our services.

- Contract Formation and Signing: All contractual agreements available on our platform, whether with customers, service providers, or business partners, can be legally executed using electronic signatures, thereby simplifying and securing the process of entering into binding agreements.

- Data Integrity and Non-repudiation: Our platform employs advanced cryptographic techniques to maintain the integrity and security of electronic records and signatures. This ensures that once a document is signed electronically, it cannot be denied by the parties involved, providing a reliable audit trail.

- Compliance and Enforcement: We ensure that all electronic records and signatures are created, stored, and managed in compliance with the provisions of Federal Decree-Law No. (46) of 2021. This compliance helps protect against legal risks and enhances trust among our users

- Verification: Verification processes ensure that parties engaging in electronic transactions are duly authenticated, according to industry-standard practices.

- Record Keeping: Electronic records of transactions are maintained in secure systems with restricted access, ensuring their confidentiality, integrity, and availability.

- Transparency: We provide all necessary information about the terms of electronic transactions and the use of digital signatures before you enter into any agreement.

- Digital Signatures: To ensure authenticity and integrity of communications and transactions.

- Timestamping: To provide a verifiable date and time on transactions, ensuring non-repudiation.

- Encryption Services: To secure data in transit and at rest, protecting sensitive information from unauthorized access.

- Identity Verification Services: To confirm the identity of users engaging in transactions, reducing the risk of fraud.

- Electronic Records and Signatures are Legally Binding: All electronic signatures and records produced via trust services are considered legally valid and enforceable, similar to their physical counterparts.

- Service Provider Compliance: All trust services providers we engage with are required to comply with the rigorous standards set forth in the law, ensuring they provide reliable and secure services.

- Secure Communication Channels: All data transmissions are secured using industry-standard encryption protocols.

- Regular Audits: We conduct regular security audits of our trust services providers to ensure their services meet our security requirements and compliance with legal standards.

- Risk Management: We employ comprehensive risk management strategies to identify, assess, and mitigate risks associated with electronic transactions.

- Access Information: Request information on the trust services used in their transactions, including details about the security measures and legal guarantees associated with these services.

- Challenge Transactions: Raise concerns or disputes related to the authenticity or integrity of their electronic transactions. We are committed to investigating and resolving such issues promptly.

- Email: You can contact our Data Protection Officer (DPO) at [email protected]. This email is monitored regularly, and our DPO is equipped to address all your data protection and privacy concerns.

- Mailing Address: If you prefer to contact us by mail, you can send your inquiries to:

- BEM Funding - The Meydan Hotel, Grandstand, 6th Floor, Meydan Road, Nad Al Sheba, Dubai, United Arab Emirates.

- Online Contact Form: We also provide a secure online contact form available on our website under the "Contact Us" section. This form is specifically designed for privacy-related inquiries and ensures that your message is directed to the appropriate department.

- Federal Decree-Law No. (45) of 2021 Concerning the Protection of Personal Data: This law governs the collection, use, storage, and protection of personal data in the UAE.

- Federal Decree-Law No. (46) of 2021 on Electronic Transactions and Trust Services: This law regulates the legality and security of electronic transactions and trust services in the UAE

- BEM Funding

- [email protected]