Task:                     

[02.009-ADGM] - COMPLIANCE # DATA PROTECTION ANNUAL RENEWAL

Purpose:             

This application form must be submitted by all registered entities in ADGM every year on the Data Protection Registration Expiry Date to comply with their obligations under the ADGM Data Protection Regulations 2021.

Legal Entities:    

Companies, Partnerships, Foundations

Questions:         

1) Do we have access to the client’s entity on the KOUNTED dashboard? If not, an ORS form needs to be filed first to gain access because only users with authority over the entity can file this request.

                               

2) Verify with the client if the details of the appointed Data Protection Contact Person/Data Protection Officer registered on the ADGM RA portal remain the same.

                               

3) Verify with the client whether there is a Data Processor appointed and registered on the ADGM RA portal and if so, if the details remain the same.

                               

4) Present the client with the current record on their entity profile, and please seek update (Yes/No) to each of the following questions:

                               

i) Personal Data (at least one of the following questions must be answered with yes)


                               

The Data Subject has given his written consent to the Processing of that Personal Data*
Yes/No


Processing is necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract*
Yes/No


Processing is necessary for compliance with any regulatory or legal obligation to which the Data Controller is subject*
Yes/No

Processing is necessary in order to protect the vital interests of the Data Subject*
Yes/No


Processing is necessary for the performance of a task carried out in the interests of the Abu Dhabi Global Market or in the exercise of the Board's, the Court's, the Registrar's or the Regulator's functions or powers vested in the Data Controller or in a Third Party to whom the Personal Data are disclose*
Yes/No


Processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by the Third Party to whom the Personal Data are disclosed, except where such interests are overridden by compelling legitimate interests of the Data Subject relating to the Data Subject's particular situation*
Yes/No


B) Types of Data (at least one must be answered with yes, if Others is selected, Details must be provided)


Name*
Yes/No


Address*
Yes/No


Date of Birth*
Yes/No


Email*
Yes/No


Staff ID Number*
Yes/No


Others*
Yes/No


Details* (only of others is answered with yes)


ii) Sensitive Personal Data


Does your entity intend to obtain UAE residence visas?*
Yes/No


Will you be Processing any Sensitive Personal Data as defined in the Data Protection Regulations 2021?*
Yes/No


Please choose at least one of the reasons for processing of personal data from the list below – note that for operational companies processing UAE residence visas, usually at least one must be answered as yes.

 


The Data Subject has given his additional written consent to the Processing of such Personal Data*
Yes/No


Processing is necessary for the purposes of carrying out the obligations and specific rights of the Data Controller*
Yes/No


Processing is necessary to protect the vital interests of the Data Subject or of another person where the Data Subject is physically or legally incapable of giving his consent*
Yes/No


Processing is carried out in the course of its legitimate activities with appropriate guarantees by a foundation, association or any other non -profit - seeking body on condition that the Processing relates solely to the members of the body or to persons who have regular contact with it in connection with its purposes and that the Personal Data are not disclosed to a Third Party without the consent of the Data Subjects*
Yes/No


The Processing relates to Personal Data which are manifestly made public by the Data Subject, or is necessary for the establishment, exercise or defence of legal claims*
Yes/No


Processing is necessary for compliance with any regulatory or legal obligation to which the Data Controller is subject*
Yes/No


Processing is necessary to uphold the legitimate interests of the Data Controller recognised in the international financial markets, provided the Processing is undertaken in accordance with applicable standards and except where such interests are overridden by compelling legitimate interests of the Data Subject relating to the Data Subject's particular situation*
Yes/No


Processing is necessary to comply with any regulatory, auditing, accounting, anti-money laundering or counter terrorist financing obligations that apply to a Data Controller or for the prevention or detection of any crime*
Yes/No


Processing is required for the purposes of preventive medicine, medical diagnosis, the provision of care or treatment or the management of healthcare services, and where those Personal Data are Processed by a health professional subject under law or rules established by competent bodies to the obligation of confidence or by another person subject to an equivalent obligation*
Yes/No


Types of Sensitive Personal Data. (at least one must be answered with yes, if Others is selected, Details must be provided)


Racial origin*
Yes/No


Political opinion*
Yes/No


Religious beliefs*
Yes/No


Other beliefs*
Yes/No


Physical or mental health (other than as kept in respect of your employees in the normal course of personnel administration and not to be used or disclosed for any of their purpose)*
Yes/No


Criminal convictions*
Yes/No


Biometric Data*
Yes/No


Others*
Yes/No

                               

iii) Data Transfer

                               

Will you be transferring data to other jurisdictions?*
Yes/No


Will you be transferring Personal Data outside the jurisdiction of the ADGM that provides an adequate level of protection?*
Yes/No


Transfer of Personal Data out of the jurisdiction of the ADGM that does not have an adequate level of protection

Will you be transferring Personal Data outside the jurisdiction of the ADGM that does not provide an adequate level of protection?*
Yes/No


Please list the name of country (ies) where the Personal Data will be transferred out of Abu Dhabi Global Market


(Please list the countries – this would be any country other than those deemed to be having an adequate level of data protection by the ADGM RA Office of Data Protection and listed here: https://www.adgm.com/operating-in-adgm/office-of-data-protection/jurisdictions)


The Data Subject has explicitly consented to the proposed transfer and has been informed of the possible risks of such transfers for the Data Subject due to the absence of an adequacy decision and appropriate safeguards*
Yes/No


The transfer is/will be necessary for the performance of a contract between the Data Subject and the Data Controller or the implementation of pre -contractual measures taken in response to the Data Subject's request.*
Yes/No


The transfer is/will be necessary for the conclusion or performance of a contract concluded in the interest of the Data Subject between the Data Controller and a Third Party*
Yes/No


The transfer is/will be necessary for the establishment, exercise or defense of legal claims*
Yes/No


The transfer is/will be necessary in order to protect the vital interests of the Data Subject*
Yes/No


The transfer is/will be necessary in the interests of the ADGM*
Yes/No


The transfer is made at the request of a regulator, police or other government agency where we have taken reasonable diligence to determine the proportionality of the request and have assessed the impact of the proposed transfer to the rights and freedoms of individuals*
Yes/No


The transfer is/will be made from a register which according to law is intended to provide information to the public and which is open to consultation either by the public in general or by any person who can demonstrate legitimate interest, to the extent that the conditions laid down in law for consultation are fulfilled in the particular case*
Yes/No


The transfer is/will be necessary for compliance with any regulatory or legal obligation to which the Data Controller is subject*
Yes/No


The transfer is/will be necessary to uphold the legitimate interests of the Data Controller recognised in the international financial markets, provided that the transfer is carried out in accordance with applicable standards and except where such interests are overridden by legitimate interests of the Data Subject relating to the Data Subject's particular situation*
Yes/No


The transfer is/will be necessary to comply with any regulatory, auditing, accounting, anti - money laundering or counter terrorist financing obligations that apply to a Data Controller which is established in the Abu Dhabi Global Market, or for the prevention or detection of any crime*
Yes/No


The transfer is/will be made to a person established outside the Abu Dhabi Global Market who would be a Data Controller or who is a Data Processor, if, prior to the transfer, a legally binding agreement in the form set out in Schedule 1 or Schedule 2 respectively to the Data Protection Regulations 2015 has been entered into between the transferor and Recipient*
Yes/No


The transfer is/will be made between one or more members of a Group of Companies in accordance with a global data protection compliance policy of that Group, under which all the members of such Group that are or will be transferring or receiving the Personal Data are bound to comply with all the provisions of the Data Protection Regulations 2015 containing restrictions on the use of Personal Data and Sensitive Personal Data in the same way as if they would be if established in the Abu Dhabi Global Market*
Yes/No


Mechanism to cover the transfer Personal Data of jurisdictions


Please indicate which mechanisms, if any, are in place to cover the transfer of Personal Data to the jurisdictions without adequate level of protection.


Binding Corporate Rules*
Yes/No


Standard Contractual Clauses (Data Controller to Data Processor transfers)*
Yes/No

Standard Contractual Clauses (Data Controller to Data Controller transfers)*
Yes/No

Pay Attention:   


In case any of the above details have changed, the following would need to be filed.


a) [02.012-ADGM] - COMPLIANCE # APPOINTMENT AND CESSATION OF DATA PROCESSOR – in case a data processor should be appointed or ceased


b) [02.013-ADGM] - COMPLIANCE # APPOINTMENT AND CESSATION OF DATA CONTROLLER CONTACT PERSON - in case the data protection officer/data protection contact person should be appointed or ceased


c) [02.005-ADGM] - COMPLIANCE # MAINTAIN DATA CONTROLLER CONTACT PERSON DETAILS – in case any of the personal details of the data protection officer/data protection contact person need to be amended


d) [02.004-ADGM] - COMPLIANCE # MAINTAIN DATA PROTECTION DETAILS – in case any of the details regarding Processing Personal Data, Processing Sensitive Personal Data and/or Data Transfer have changed  

  

Submission:       

Online via the ADGM RA portal https://newreg.adgm.com/

                                select Maintain Company “Data Protection Annual Renewal”

Timeline:             

Each year on the Data Protection Registration Expiry Date.


Timeframe:        

KOUNTED 1-2 working days including drafting the online application, provided all the relevant information has been provided


ADGM: This application is approved instantly without review
.

Supporting documents:

None

Applicable Legislation:   

KOUNTED Fees:

Please add the KOUNTED fees

ADGM Fees:       USD 300/-

Fines:                   

Late payment could result in a fine of USD 750/- as per the Data Protection Regulations 2021


LINKED FILES: