1. Purpose of data processing and legal basis

We primarily use the personal data we collect to enter into and fulfill contracts with our customers and business partners, particularly in relation to providing financial services to our clients, as well as to comply with domestic and, in some cases, international legal obligations. Additionally, in accordance with applicable laws and where appropriate, we may process personal data for the following purposes:

• Providing products and services to our clients
• Communicating with third parties and responding to their inquiries
• Conducting advertising and marketing activities (including event organization), unless you have opted out of such use
• Asserting legal claims and defending against legal disputes or regulatory proceedings
• Preventing and investigating criminal activities or other misconduct
• Ensuring the proper functioning of our operations, including IT platforms and applications

If you have given consent for specific purposes (e.g., subscribing to newsletters), we will process your personal data within the scope of that consent, unless another legal basis applies. Consent may be withdrawn at any time; however, this will not affect any data processing carried out prior to the withdrawal.

2. Collection and processing of personal data

We primarily process personal data obtained from our clients, business partners, and other individuals as part of our business relationships. Additionally, we collect data from users when they interact with our websites, apps, and other applications.

Where permitted, we may also obtain personal data from publicly accessible sources (e.g., debtor lists, land registers, commercial registers, press, internet) or receive such data from affiliated companies within the Astero Falcon, authorities, or third parties (e.g., custodian banks). In addition to the data you provide directly, the categories of data we may receive from third parties include:

• Data from public registers
• Information obtained through administrative or judicial proceedings
• Data related to your professional role and activities (e.g., for contract negotiation and execution with your employer)
• Information from correspondence or discussions with third parties
• Data provided by individuals associated with you (e.g., family members, consultants, legal representatives) to facilitate contract execution or processing (e.g., powers of attorney)
• Information regarding legal requirements, such as anti-money laundering compliance
• Bank details
• Data from media or internet sources (e.g., related to applications, marketing, or sales)
• Your address, interests, and socio-demographic information
• Data from your use of our websites (e.g., IP address, MAC address, device information, settings, cookies, visit date and time, pages viewed, applications used, referring website, localization data)

We retain this data for up to 12 months after the purpose of processing has been fulfilled, unless a longer retention period is necessary for evidentiary purposes or to meet legal or contractual obligations.

3. Cookies/tracking and other relevant information about the use of our website

Technical Data

When you visit our website, we collect and evaluate user-specific data (e.g., IP address, web browser, operating system) and technical data (e.g., accessed URLs, search queries) anonymously. This data is processed to ensure system security and stability, conduct error and performance analysis, and for internal statistical purposes, helping us optimize our website.

If you subscribe to our content or use a contact form/customer login, we process the necessary data to provide the requested service. This may include your email address, first name, last name, salutation, full address, subject, and message, depending on the service.

Communication Data

When you contact us via a contact form, email, phone, chat, letter, or other means, we collect the exchanged information, including your contact details. In cases where we record telephone calls or video conferences for training and quality assurance, we will inform you beforehand. These recordings are made and used in accordance with our internal guidelines and legal requirements.

This data is generally stored for at least 6 years, with longer retention possible for evidentiary purposes, legal or contractual obligations, or technical reasons.

Cookies

We use cookies to tailor our offerings to your needs. Cookies are small files stored on your device when you visit or use our website. They store browser-specific settings and information about your interactions with our site. Cookies may include temporary or permanent types, which allow us to recognize returning users and their preferences without identifying them personally. Permanent cookies remain on your device after your session ends and are automatically deactivated after a set period.

By using our website or agreeing to this data protection declaration, you consent to our use of cookies to collect, store, and use data, including permanent cookies. You can reject cookies by adjusting your browser settings, but this may limit certain functions (e.g., language settings).

4. Transfer of data to third parties and transfer of data abroad

As part of our business operations and in line with the stated purposes of data processing, we may share data with third parties when such transfer is permitted and deemed appropriate. These third parties may process the data on our behalf or, if necessary, for their own purposes. The primary categories of recipients include:

• Service providers (e.g., for risk management, compliance, IT services, CRM systems)
• Domestic and foreign authorities, official bodies, and courts
• Other parties involved in potential or ongoing legal proceedings

Recipients may be located in Europe, UK or US where our service providers operate.

If a recipient is located in a country without adequate legal data protection, we ensure that the recipient adheres to data protection requirements. This is typically done by using the European Commission’s revised standard contractual clauses, which are accessible here: Standard Contractual Clauses. Exceptions to this requirement may apply in certain situations, such as:

• During legal proceedings abroad
• When there is an overriding public interest
• When the performance of a contract necessitates disclosure
• If you have provided consent
• When the data has been publicly disclosed by you without objection

We take appropriate measures to safeguard your data in these scenarios.

5. Duration of data storage

Your data, including personal data, will be processed and stored only for as long as necessary to fulfill our contractual and legal obligations or to achieve the purposes for which it was collected. This may include the duration of the entire business relationship and any additional time required to meet legal retention and documentation requirements.

Personal data may also be retained for periods during which claims can be made against our company or as required by law. Additionally, data may be retained if legitimate business interests necessitate it, such as for evidence or documentation purposes.

Once your personal data is no longer needed for these purposes, it will be deleted or anonymized where feasible. Operational data, such as system protocols and logs, are subject to shorter retention periods.

6. Data security

We have implemented appropriate technical and organizational security measures to safeguard your personal data from unauthorized access and misuse. These measures include clear instructions, staff training, IT and network security solutions, access controls and restrictions, password encryption, secure data storage and transmission, pseudonymization, and monitoring controls.

However, we cannot guarantee the absolute security of data transmitted over the Internet. There remains a risk of unauthorized access by third parties, particularly when data is sent via email.

7. Your rights

Under applicable law, you have several rights regarding your personal data:

1. Access to your information
2. Correction of inaccurate data
3. Deletion of your data
4. Limiting how we process your data
5. Objecting to our data processing, especially for direct marketing or profiling
6. Transferring your data to another entity (data portability)

However, we may have legal grounds to restrict these rights, such as legal obligations to retain data, overriding legitimate interests, or the need to use data for legal claims.You can withdraw your consent or object to data processing at any time. Be aware that exercising these rights might conflict with your contractual obligations, potentially leading to early contract termination and associated costs. We'll inform you of such consequences in advance, unless already specified in your contract.To exercise these rights, you must verify your identity, typically by providing identification documents if we can't confirm your identity through other means.

Please use the contact information we've provided to submit your requests.Remember, exercising your rights may be subject to certain limitations and conditions as outlined above.

8. Changes to this privacy statement

We may amend this Privacy Statement to remain compliant with any changes in law or to reflect how our business processes personal data.

9. Our contact details

You can address your queries regarding this Privacy Statement to:

Astero Falcon (DIFC) Limited
Office 33, Level 7, Gate Village 10
Dubai International Financial Centre (DIFC)
Dubai, United Arab Emirates
+971567183177
info@asterofalcon.com

You can also address your queries or complaints to our Compliance Officer:

Algert Beollari
Office 33, Level 7, Gate Village 10
Dubai International Financial Centre (DIFC)
Dubai, United Arab Emirates
+971559864323
ab@asterofalcon.com