Our Polices
CFS (DIFC) Limited (CFS) respects your privacy and is committed to protecting it. We provide this Privacy Notice to inform you of our privacy procedures and practices, including what information we collect about you, how we obtain your information and how we use your information.
For the purposes of this Privacy Notice “we”, “our” and “us” refer to CFS (registered number CL5696 and registered office at Unit 1102B, Level 11, Burj Daman, Dubai International Financial Centre, Dubai, United Arab Emirates as the controller in respect of the personal data that we receive in connection with the services we provide under the relevant engagement with our clients; “this website” refers to the https://www.cfsgroup.com/ website; and “you” and “your” refers to a specific individual accessing the website or a client of our services.
“Personal data” means any information that we process that relates to identifiable or identifiable individuals (i.e. you).
Principles We Adhere To
We will comply with applicable data protection laws that apply to our processing of your personal data. We will:
(a) process your personal data in a lawful, fair, transparent and secure way;
(b) collect your personal data only for specific, explicit and legitimate purposes as explained to you when collecting your personal data;
(c) not use your personal data in any way that is incompatible with those purposes;
(d) process your personal data in a manner that is adequate and relevant to the purposes for which we have collected it and limited only to those purposes;
(e) keep your personal data accurate and, where necessary, up to date;
(f) keep your personal data in a form that identifies you only as long as necessary for the purposes we have informed you and/or as permitted by law.
Data Collection And Use
The personal data we may collect from you includes:
(a) information establishing your identity (for example, name, address, email address, phone number, date of birth, passport or ID);
(b) socio-demographic data (for example your gender, education, job position and marital status including whether you have children);
(c) financial information (for example, payment card number, bank account details, income and salary certificates, invoices, credit notes, payslips, payment behaviour, the value of your property or other assets, your credit history, credit capacity, tax status, income and other revenues and/or financial products you have with us and other financial information);
(d) policy information (for example, information about the quotes received and the policies obtained);
(e) credit and anti-fraud information (for example, credit history and credit score, information about fraud convictions, allegations of crimes and sanctions details received from regulatory or law enforcement agencies and anti-fraud / sanctions databases);
(f) information relating to your use of our website (for example, domain name, IP address and cookies);
(g) any information you independently choose to provide to us (for example, if you send us an email or call us or when you contact our call centre or fill in an online survey or when you use our platforms or fill in surveys).
We also collect the following special categories of personal data or sensitive personal data:
(a) health information (for example, current or former physical or mental medical conditions, health status, injury or disability information, medical procedures performed, relevant personal habits such as smoking or consumption of alcohol, prescription information, medical history);
(b) criminal records data (for example, criminal convictions such as driving offences, etc).
We may also collect personal data about children if they have an CFS product or if you provide us with personal data about your own children in relation to a product you obtain from us. We will seek parental consent when it is required by local law.
(a) information establishing your identity (for example, name, address, email address, phone number, date of birth, passport or ID);
(b) socio-demographic data (for example your gender, education, job position and marital status including whether you have children);
(c) financial information (for example, payment card number, bank account details, income and salary certificates, invoices, credit notes, payslips, payment behaviour, the value of your property or other assets, your credit history, credit capacity, tax status, income and other revenues and/or financial products you have with us and other financial information);
(d) policy information (for example, information about the quotes received and the policies obtained);
(e) credit and anti-fraud information (for example, credit history and credit score, information about fraud convictions, allegations of crimes and sanctions details received from regulatory or law enforcement agencies and anti-fraud / sanctions databases);
(f) information relating to your use of our website (for example, domain name, IP address and cookies);
(g) any information you independently choose to provide to us (for example, if you send us an email or call us or when you contact our call centre or fill in an online survey or when you use our platforms or fill in surveys).
We also collect the following special categories of personal data or sensitive personal data:
(a) health information (for example, current or former physical or mental medical conditions, health status, injury or disability information, medical procedures performed, relevant personal habits such as smoking or consumption of alcohol, prescription information, medical history);
(b) criminal records data (for example, criminal convictions such as driving offences, etc).
We may also collect personal data about children if they have an CFS product or if you provide us with personal data about your own children in relation to a product you obtain from us. We will seek parental consent when it is required by local law.
How Do We Obtain Your Data?
We may collect your personal data during the course of our relationship with you and will only use your personal data in accordance with applicable data protection laws.
In some circumstance, we may also obtain this information from a variety of sources, including:
(a) from you (for example, when you access our services, when you make an inquiry about a service, send emails, or otherwise provide us with your personal data);
(b) from our group companies;
(c) anti-fraud databases;
(d) credit reference agencies and regulatory authorities.
How Do We Use Your Data And On What Legal Basis We Use The Information?
We only use your personal data for the following purposes and under following legal bases:
If you fail to provide the necessary information for generating a quote, two possible outcomes may occur: we may be unable to provide you with a quote, or the premium offered could be higher than if you had supplied the requested information. Additionally, specific categories of information are essential for the proper administration of your policy, and without these details, we may be unable to extend a contract to you.
In the event that you do not provide the information required to process your claim, it may hinder our ability to effectively handle your claim. Furthermore, the terms of your policy obligate you to promptly inform us of any circumstances that could potentially lead to a claim against your policy and cooperate with us in managing any such claim that may arise.
We collect and process your special categories of personal data or sensitive personal data for the following bases:
(a) for reasons of substantial public interests, namely because it is necessary for the wide range of insurance-related activities that we undertake or because it is necessary for fraud prevent purposes;
(b) because you have given your explicit consent (if we expressly ask for explicit consent to process your sensitive personal data, for specific purposes);
(c) to comply with applicable laws relating to anti-money laundering or counter-terrorist financing obligations.
| Purpose | Legal Basis |
|---|---|
| To detect and prevent fraud, money laundering and other offences and to assist law enforcement authorities or any other authorised investigatory body or authority with any inquiries or investigations. | Legal Obligation Legitimate Interest |
| To evaluate the nature and level of the risk associated with your proposed insurance policy to determine your eligibility and your premium, including carrying out credit rating searches and making decisions about you in this regard. | Contract Legal Obligation |
| To make or receive any payments, whether in relation to your policy, a claim or any other reason and to make decisions regarding deferred payment arrangements. | |
| To handle and investigate any claim made by or against you or anybody insured under your insurance policy. | |
| To manage products and services you have obtained from us, including by making contact with you. | |
| To manage and investigate any complaints and respond to any queries, requests, or comments that you may have. | |
| To provide you with information about our services, the relevant insurance products and other information that we think may be valuable to you, unless you have advised otherwise. | Consent Legitimate Interests |
| To communicate between you and third parties, such as the insurers and financial advisors. | Contract Legitimate Interests |
| To personalise our services to you and your geographic region (including but not limited to advertisements and promotions). | Legitimate Interests |
| To review, develop and improve the services which we offer and our systems, processes, websites, for market research and for other statistical purposes. | Legitimate Interests |
| To verify your (or your authorised representative’s) identity in any interactions between CFS and you (or your authorised representative). | Legal Obligation |
| For reinsurance purposes. | Contract |
| To comply with all relevant legal obligations. | Legal Obligation |
If you fail to provide the necessary information for generating a quote, two possible outcomes may occur: we may be unable to provide you with a quote, or the premium offered could be higher than if you had supplied the requested information. Additionally, specific categories of information are essential for the proper administration of your policy, and without these details, we may be unable to extend a contract to you.
In the event that you do not provide the information required to process your claim, it may hinder our ability to effectively handle your claim. Furthermore, the terms of your policy obligate you to promptly inform us of any circumstances that could potentially lead to a claim against your policy and cooperate with us in managing any such claim that may arise.
We collect and process your special categories of personal data or sensitive personal data for the following bases:
(a) for reasons of substantial public interests, namely because it is necessary for the wide range of insurance-related activities that we undertake or because it is necessary for fraud prevent purposes;
(b) because you have given your explicit consent (if we expressly ask for explicit consent to process your sensitive personal data, for specific purposes);
(c) to comply with applicable laws relating to anti-money laundering or counter-terrorist financing obligations.
Cookies
Cookies are small pieces of information that your browser stores on your computer or mobile device, which is used to assist user in the navigation, retain user preferences, and enhance browsing experience (“Cookie”). CFS uses Cookies to track overall site usage and enables us to provide a better user experience.
Types of cookies we drop, and the information collected using them include but are not necessarily limited to:
(a) Performance Cookies
Performance cookies are cookies used specifically for gathering data on how visitors use a website, which pages of a website are visited most often, or if they get error messages on web pages.
The following are first party performance cookies:
(b) Functionality Cookies
Functionality cookies allow websites to remember the user’s site preferences and choices they make on the site including username, region, and language. This allows the website to provide personalized features like local news stories and weather if you share your location.
The following are first party functionality cookies:
(c) Targeting Cookies
Targeting and advertising cookies are specifically designed to gather information from you on your device to display advertisements to you based on relevant topics that interest you.
The following are first party targeting cookies:
The following are third party targeting cookies:
Most browsers accept and maintain Cookies by default. The DIFC Data Protection Law requires that CFS sets such collection methods to collect the bare minimum, necessary cookies in order to operate the relevant website or app. Check the ‘Help’ or ‘Settings’ menu of your browser to learn how to change your Cookie preferences. You can choose to alter Cookies settings related to the use of our Website Services, but this may limit your ability to access certain areas of the Website.
Types of cookies we drop, and the information collected using them include but are not necessarily limited to:
(a) Performance Cookies
Performance cookies are cookies used specifically for gathering data on how visitors use a website, which pages of a website are visited most often, or if they get error messages on web pages.
The following are first party performance cookies:
| Cookie Name | Description |
|---|---|
| _gat | This cookie name is associated with Google Universal Analytics.It is used to throttle the request rate – limiting the collection of data on high traffic sites. |
| _hjAbsoluteSession InProgress | This cookie is used by HotJar to detect the first pageview session of a user. This is a True/False flag set by the cookie. |
| _hjFirstSeen | Identifies a new user’s first session on a website, indicating whether or not Hotjar’s seeing this user for the first time. |
| __hssc | This cookie name is associated with websites built on the HubSpot platform. It is used for website analytics. |
| _hjSessionUser_xxxxxx | Hotjar cookie that is set when a user first lands on a page with the Hotjar script. It is used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID. |
| _hjSession_xxxxxx | A cookie that holds the current session data. This ensues that subsequent requests within the session window will be attributed to the same Hotjar session. |
| __hstc | This cookie name is associated with websites built on the HubSpot platform. It is used for website analytics. |
| _hjTLDTest | When the Hotjar script executes we try to determine the most generic cookie path we should use, instead of the page hostname. This is done so that cookies can be shared across subdomains (where applicable). To determine this, we try to store the _hjTLDTest cookie for different URL substring alternatives until it fails. After this check, the cookie is removed. |
| __hssrc | This cookie name is associated with websites built on the HubSpot platform. It is used for website analytics. |
| _gid | This cookie name is associated with Google Universal Analytics. It stores and update a unique value for each page visited._gid |
| _ga | This cookie name is associated with Google Universal Analytics. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. |
| _ga_xxxxxxxxxx | This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site’s analytics report. The cookies store information anonymously and assigns a randomly generated number to identify unique visitors. |
(b) Functionality Cookies
Functionality cookies allow websites to remember the user’s site preferences and choices they make on the site including username, region, and language. This allows the website to provide personalized features like local news stories and weather if you share your location.
The following are first party functionality cookies:
| Cookie Name | Description |
|---|---|
| _hubspotutk | This cookie name is associated with websites built on the HubSpot platform. It Is for user authentication. |
| _hjHasCached UserAttributes | It is used to provide the prevention of cached pages. |
| _hjUserAttributes Hash | It is used to provide the prevention of cached pages. |
(c) Targeting Cookies
Targeting and advertising cookies are specifically designed to gather information from you on your device to display advertisements to you based on relevant topics that interest you.
The following are first party targeting cookies:
| Cookie Name | Description |
|---|---|
| _ln_or | This is a LinkedIn cookie used to determine if Oribi analytics can be carried out on a specific domain |
| _fbp | Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers |
| _hjIncludedIn SessionSample_xxx | Collects information about the users, which is used for market analytics and reporting purposes. |
The following are third party targeting cookies:
| Cookie Name | Description |
|---|---|
| cf_bm | This is a CloudFoundry cookie |
| UserMatchHistory | These domains are owned by LinkedIn. They act as a third-party host where website owners have placed one of its content sharing buttons in their pages, although its content and services can be embedded in other ways. Although such buttons add functionality to the website they are on, cookies are set regardless of whether or not the visitor has an active Linkedin profile or agreed to their terms and conditions. For this reason, it is classified as a primarily tracking/targeting domain. |
| li_gc | |
| AnalyticsSyncHistory | |
| bscookie | |
| lidc | |
| li_sugr | |
| bcookie |
Most browsers accept and maintain Cookies by default. The DIFC Data Protection Law requires that CFS sets such collection methods to collect the bare minimum, necessary cookies in order to operate the relevant website or app. Check the ‘Help’ or ‘Settings’ menu of your browser to learn how to change your Cookie preferences. You can choose to alter Cookies settings related to the use of our Website Services, but this may limit your ability to access certain areas of the Website.
Data Retention
We will keep your data only for as long as is necessary to perform our services, to respond to any queries or complaints, to improve the services that we offer to you or to comply with any legal obligations to which we may be subject.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve such purposes through other means, and the applicable legal requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve such purposes through other means, and the applicable legal requirements.
Your Rights
Please contact us if you would like to:
(a) Access your data – request a copy of your personal data that we process about you.
(b) Rectify your data – request us to amend or update your personal data where it is inaccurate or incomplete.
(c) Erase your data – request us to delete your personal data where it is no longer necessary for the purpose(s) for which your data was originally collected.
(d) Restrict your data – request us temporarily or permanently to stop processing all or some of your personal data.
(e) Object to the use of your data – at any time, object to us processing your personal data where it is based exclusively on our legitimate interests (see above) or for direct marketing purposes.
(f) Receive or transmit your data in a machine-readable and structured format (otherwise known as “data portability”) – request the receipt or transmission of your personal data to another organisation, in a structured and machine-readable format.
(g) Withdraw your consent – withdraw your consent at any time to the use of your personal data for a particular purpose (where we have asked you for consent to use your information for that particular purpose).
For any of the above, please email us at dpo@whitelabelconsultancy.comor send postal mail to the following address:
CFS (DIFC) Limited
Unit 1102B, Level 11, Burj Daman, Dubai International Financial Centre, Dubai, United Arab Emirates
Subject to any overriding legal obligations, requirements and/or exemptions, we will endeavour to respond to your request within thirty (30) days of receipt, unless we require further information from you. We may ask you to provide proof of your identity. If you feel that we do not comply with applicable data protection and privacy rules, you may lodge a complaint with the DIFC Commissioner of Data Protection.
(a) Access your data – request a copy of your personal data that we process about you.
(b) Rectify your data – request us to amend or update your personal data where it is inaccurate or incomplete.
(c) Erase your data – request us to delete your personal data where it is no longer necessary for the purpose(s) for which your data was originally collected.
(d) Restrict your data – request us temporarily or permanently to stop processing all or some of your personal data.
(e) Object to the use of your data – at any time, object to us processing your personal data where it is based exclusively on our legitimate interests (see above) or for direct marketing purposes.
(f) Receive or transmit your data in a machine-readable and structured format (otherwise known as “data portability”) – request the receipt or transmission of your personal data to another organisation, in a structured and machine-readable format.
(g) Withdraw your consent – withdraw your consent at any time to the use of your personal data for a particular purpose (where we have asked you for consent to use your information for that particular purpose).
For any of the above, please email us at dpo@whitelabelconsultancy.comor send postal mail to the following address:
CFS (DIFC) Limited
Unit 1102B, Level 11, Burj Daman, Dubai International Financial Centre, Dubai, United Arab Emirates
Subject to any overriding legal obligations, requirements and/or exemptions, we will endeavour to respond to your request within thirty (30) days of receipt, unless we require further information from you. We may ask you to provide proof of your identity. If you feel that we do not comply with applicable data protection and privacy rules, you may lodge a complaint with the DIFC Commissioner of Data Protection.
Security
We are committed to protecting the information you provide us. We have implemented security policies, rules and technical measures to protect the personal data that we have under our control, in accordance with applicable data protection laws. The security measures are designed to prevent unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Hyperlinks
Our website may provide links to third-party websites for your convenience. If you access those links, you will leave our website. We do not control those websites or their privacy practices, which may differ from ours. We do not endorse or make any representations about third-party websites. This Privacy Notice does not cover the personal data you choose to give to unrelated third parties. We encourage you to review the privacy notice of any company before submitting your personal data. Some third-party companies may choose to share their personal data with us; that sharing is governed by that third-party company’s privacy notice.
Notification Of Changes
We may be required to update or change our Privacy Notice from time to time. We will upload an updated Privacy Notice on the website. If there are any significant changes to the Privacy Notice (e.g. if we decide to use your personal data in a manner different from that stated at the time it was collected), we will notify you by way of an email.
Contacting Us
This Privacy Notice sets out in broad terms how we handle your personal data and safeguard our privacy. If you have any questions relating to our Privacy Notice, send postal mail to the following address:
CFS (DIFC) Limited
Unit 1102B, Level 11, Burj Daman, Dubai International Financial Centre, Dubai, United Arab Emirates
Data Protection Officer dpo@whitelabelconsultancy.com
CFS (DIFC) Limited
Unit 1102B, Level 11, Burj Daman, Dubai International Financial Centre, Dubai, United Arab Emirates
Data Protection Officer dpo@whitelabelconsultancy.com