Task:                     

[02.003-ADGM] REGISTRATIONS: DATA PROTECTION

Purpose:             

The Data Protection Registration Section is embedded in all incorporation, registration and continuance forms to establish an ADGM entity. It is not a standalone application but must be completed as part of the entity formation process.

Legal Entities:    

Companies, Partnerships, Foundations, DLT Foundations

Questions:         

1) Are we handling the incorporation, registration and continuance form on behalf of the client? As only users with authority over the incorporation, registration and continuance form can update the data protection section request.

                               

2) Present the client with the following questions and please seek response (Yes/No) to each of the following questions:

                              

  i) Personal Data (at least one of the following questions must be answered with yes)

                               

The Data Subject has given his written consent to the Processing of that Personal Data*
Yes/No


Processing is necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract*
Yes/No


Processing is necessary for compliance with any regulatory or legal obligation to which the Data Controller is subject*
Yes/No

Processing is necessary in order to protect the vital interests of the Data Subject*
Yes/No


Processing is necessary for the performance of a task carried out in the interests of the Abu Dhabi Global Market or in the exercise of the Board's, the Court's, the Registrar's or the Regulator's functions or powers vested in the Data Controller or in a Third Party to whom the Personal Data are disclose*
Yes/No

Processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by the Third Party to whom the Personal Data are disclosed, except where such interests are overridden by compelling legitimate interests of the Data Subject relating to the Data Subject's particular situation*
Yes/No


B) Types of Data (at least one must be answered with yes, if Others is selected, Details must be provided)

Name*

Yes/No

Address*

Yes/No

Date of Birth*

Yes/No

Email*

Yes/No

Staff ID Number*

Yes/No

Others*

Yes/No

Details* (only of others is answered with yes)


ii) Sensitive Personal Data


Does your entity intend to obtain UAE residence visas?*
Yes/No


Will you be Processing any Sensitive Personal Data as defined in the Data Protection Regulations 2021?*Yes/No


Please choose at least one of the reasons for processing of personal data from the list below – note that for operational companies processing UAE residence visas, usually at least one must be answered as yes.

 

The Data Subject has given his additional written consent to the Processing of such Personal Data*
Yes/No


Processing is necessary for the purposes of carrying out the obligations and specific rights of the Data Controller*
Yes/No


Processing is necessary to protect the vital interests of the Data Subject or of another person where the Data Subject is physically or legally incapable of giving his consent*
Yes/No


Processing is carried out in the course of its legitimate activities with appropriate guarantees by a foundation, association or any other non -profit - seeking body on condition that the Processing relates solely to the members of the body or to persons who have regular contact with it in connection with its purposes and that the Personal Data are not disclosed to a Third Party without the consent of the Data Subjects*
Yes/No


The Processing relates to Personal Data which are manifestly made public by the Data Subject, or is necessary for the establishment, exercise or defence of legal claims*
Yes/No


Processing is necessary for compliance with any regulatory or legal obligation to which the Data Controller is subject*
Yes/No


Processing is necessary to uphold the legitimate interests of the Data Controller recognised in the international financial markets, provided the Processing is undertaken in accordance with applicable standards and except where such interests are overridden by compelling legitimate interests of the Data Subject relating to the Data Subject's particular situation*
Yes/No


Processing is necessary to comply with any regulatory, auditing, accounting, anti-money laundering or counter terrorist financing obligations that apply to a Data Controller or for the prevention or detection of any crime*
Yes/No


Processing is required for the purposes of preventive medicine, medical diagnosis, the provision of care or treatment or the management of healthcare services, and where those Personal Data are Processed by a health professional subject under law or rules established by competent bodies to the obligation of confidence or by another person subject to an equivalent obligation*
Yes/No


Types of Sensitive Personal Data. (at least one must be answered with yes, if Others is selected, Details must be provided)

Racial origin*
Yes/No


Political opinion*
Yes/No


Religious beliefs*
Yes/No


Other beliefs*
Yes/No


Physical or mental health (other than as kept in respect of your employees in the normal course of personnel administration and not to be used or disclosed for any of their purpose)*
Yes/No


Criminal convictions*
Yes/No

Biometric Data*
Yes/No

Others*
Yes/No

                               

iii) Data Transfer

                               

Will you be transferring data to other jurisdictions?*
Yes/No


Will you be transferring Personal Data outside the jurisdiction of the ADGM that provides an adequate level of protection?*
Yes/No


Transfer of Personal Data out of the jurisdiction of the ADGM that does not have an adequate level of protection


Will you be transferring Personal Data outside the jurisdiction of the ADGM that does not provide an adequate level of protection?*
Yes/No


Please list the name of country (ies) where the Personal Data will be transferred out of Abu Dhabi Global Market


(Please list the countries – this would be any country other than those deemed to be having an adequate level of data protection by the ADGM RA Office of Data Protection and listed here: https://www.adgm.com/operating-in-adgm/office-of-data-protection/jurisdictions)


The Data Subject has explicitly consented to the proposed transfer and has been informed of the possible risks of such transfers for the Data Subject due to the absence of an adequacy decision and appropriate safeguards*
Yes/No


The transfer is/will be necessary for the performance of a contract between the Data Subject and the Data Controller or the implementation of pre -contractual measures taken in response to the Data Subject's request.*Yes/No

The transfer is/will be necessary for the conclusion or performance of a contract concluded in the interest of the Data Subject between the Data Controller and a Third Party*
Yes/No

The transfer is/will be necessary for the establishment, exercise or defense of legal claims*
Yes/No

The transfer is/will be necessary in order to protect the vital interests of the Data Subject*
Yes/No

The transfer is/will be necessary in the interests of the ADGM*
Yes/No

The transfer is made at the request of a regulator, police or other government agency where we have taken reasonable diligence to determine the proportionality of the request and have assessed the impact of the proposed transfer to the rights and freedoms of individuals*
Yes/No

The transfer is/will be made from a register which according to law is intended to provide information to the public and which is open to consultation either by the public in general or by any person who can demonstrate legitimate interest, to the extent that the conditions laid down in law for consultation are fulfilled in the particular case*
Yes/No

The transfer is/will be necessary for compliance with any regulatory or legal obligation to which the Data Controller is subject*
Yes/No

The transfer is/will be necessary to uphold the legitimate interests of the Data Controller recognised in the international financial markets, provided that the transfer is carried out in accordance with applicable standards and except where such interests are overridden by legitimate interests of the Data Subject relating to the Data Subject's particular situation*
Yes/No

The transfer is/will be necessary to comply with any regulatory, auditing, accounting, anti - money laundering or counter terrorist financing obligations that apply to a Data Controller which is established in the Abu Dhabi Global Market, or for the prevention or detection of any crime*
Yes/No

The transfer is/will be made to a person established outside the Abu Dhabi Global Market who would be a Data Controller or who is a Data Processor, if, prior to the transfer, a legally binding agreement in the form set out in Schedule 1 or Schedule 2 respectively to the Data Protection Regulations 2015 has been entered into between the transferor and Recipient*
Yes/No

The transfer is/will be made between one or more members of a Group of Companies in accordance with a global data protection compliance policy of that Group, under which all the members of such Group that are or will be transferring or receiving the Personal Data are bound to comply with all the provisions of the Data Protection Regulations 2015 containing restrictions on the use of Personal Data and Sensitive Personal Data in the same way as if they would be if established in the Abu Dhabi Global Market*
Yes/No

Mechanism to cover the transfer Personal Data of jurisdictions

Please indicate which mechanisms, if any, are in place to cover the transfer of Personal Data to the jurisdictions without adequate level of protection.

Binding Corporate Rules*
Yes/No

Standard Contractual Clauses (Data Controller to Data Processor transfers)*
Yes/No

Standard Contractual Clauses (Data Controller to Data Controller transfers)*
Yes/No

3) Is your entity required under the Data Protection Regulations 2021 to appoint a Data Protection Officer? (see details below)


Data Protection Contact Person:


Provide the following information
·         Title
·         Country of Residence
·         Nationality
·         Date of Birth
·         Business Occupation
·         Appointment Date/Cessation Date
·         Service Address
·         Telephone Country Code
·         Telephone
·         Email Address
·         Passport Copy of the Data Protection Contact Person


                              

Data Protection Officer:

Same information as above plus the additional supporting documents listed below

                                For Data Protection Officer:

·         Evidence of Appointment by adding the below to the resolution of incorporation/registration/continuance

Image Placeholder

 

·         Passport Copy & UAE residence visa copy of the Data Protection Officer as applicable 

·         Educational Certificates of the Data Protection Officer (foreign language documents must be accompanied by a certified true copy to the English language)

·         Competency Statement

 

Pay Attention:   

                               

1) The data protection details on the ADGM RA’s records can be amended via this application form outside of the mandatory annual renewal.

  

2) In case there will be data transfer to jurisdictions outside of the ADGM without an adequate level of data protection, copies of the following may be requested:

              Binding Corporate Rules*

              Standard Contractual Clauses (Data Controller to Data Processor transfers)*

              Standard Contractual Clauses (Data Controller to Data Controller transfers


4) The appointment of a data protection contact person is mandatory for all ADGM registered entities.

  

5) Appointment and cessation may be submitted in the same application form.

  

6) The appointment of a data protection officer is required in the following circumstances:

    Image Placeholder

 

Submission:       

Online via the ADGM RA portal https://newreg.adgm.com/      
As part of the incorporation, registration and continuance form to establish the entity in ADGM

Timeline:             

As part of the incorporation, registration and continuance form to establish the entity in ADGM

Timeframe:        

This depends on the incorporation, registration and continuance form to establish the entity in ADGM and the standard review time of the ADGM for these ranges from 5-10 working days

Supporting documents:

                                None, unless there will be data transfer to jurisdictions outside of the ADGM without an adequate level of data protection, copies of the following may be requested:

·         Binding Corporate Rules*

·         Standard Contractual Clauses (Data Controller to Data Processor transfers)*

·         Standard Contractual Clauses (Data Controller to Data Controller transfers)*

Applicable Legislation:   

KOUNTED Fees:

Please add the KOUNTED fees

ADGM Fees:      

Registration Fee USD $300, which will be added to the fees payable at the time of registration/incorporation/continuance

Fines:                   

Not applicable

 

LINKED FILES: