Skip to main content
Gulf Standard Time: June 3, 2026 8:28 PM

Privacy and Policy

PRIVACY POLICY
Effective Date: 25 July 2024
Last Reviewed: 22 May 2026


1. PURPOSE
This Privacy Policy (the “Policy”) sets out principles and procedures adopted by OTC Business Services (“OTC Business Services”, “us”, “we”, “our”) on how we use and protect any information that you give OTC Business Services when you use this website (the “Website”).
OTC Business Services is committed to ensuring that your privacy is protected and to handling Personal Data in accordance with the applicable data protection and privacy laws of the United Arab Emirates (UAE). Should we ask you to provide certain information by which you can be identified when using this Website, then you can be assured that it will only be used in accordance with this privacy statement. This Policy fosters transparency and trust in how we handle sensitive information.


2. SCOPE
This Policy applies to persons anywhere in the world who access or use our Website (“Users”). The Policy applies to Personal Data that we collect, use, store, and disclose, in the course of our business operations and forms an integral part of our commitment to complying with the applicable data protection laws, when you:
● visit our website,
● interact with our team,
● communicate with us through any channel, or
● engage with our services.

3. DEFINITIONS
Data Subject – The identified or Identifiable Natural Person to whom Personal Data relates. This includes, but is not limited to, visitors, clients (potential or existing), partners, and any individual who accesses the Website.
Identifiable Natural Person – A natural living person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to their biological, physical, biometric, physiological, mental, genetic, economic, cultural, or social identity.
Personal Data – Any information referring to an identified or Identifiable Natural Person, including, but not limited to: legal name; contact details (e.g., emails, phone numbers, addresses); certain device information (IP address, geographic location data, pages visited, time spent, cookie data, etc); application and onboarding documents; and financial or payment-related information.
Personal Data Breach – A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data collected, received, transmitted, stored or otherwise processed. This includes, but is not limited to, unauthorised access by third parties or internal staff, accidental sending of data to the wrong recipient, loss or theft of devices or physical files containing Personal Data, or malware attacks, ransomware, or system intrusions affecting data integrity or availability.
Processing – Any operation performed on personal data, which may include but is not limited to its collection, storage, use, transfer, or deletion.


4. DATA COLLECTION AND USE

4.1. We collect and process Personal Data, that you provide voluntarily, only where the Processing is lawful, fair, and necessary for one or more specific, explicit, and legitimate purposes, including, but not limited to:
● Client Onboarding and Compliance;
● Platform Access and Communication;
● Identity verification (e.g., via tools like Sumsub);
● Send you communications that will be of interest to you based on your previous interactions with us.
● Allow you to participate in any interactive features of our Website services;
● Maintain and improve our Website services and keep them safe and secure; or
● Personalise and improve the Website services, including to provide or recommend features, content, social connections, referrals, and advertisements, in accordance with your preferences, to the extent permissible by law.

4.2. We may receive Personal Data from third parties, including social media platforms, partners, etc, that shall be used for specific and lawful purposes set forth in this Policy.

4.3. We do not sell Personal Data under any circumstances. Data is not shared with third parties or used for any purpose outside the original scope, unless:
● The Data Subject has provided freely given, specific, informed, and unambiguous consent; and
● The disclosure is otherwise permitted or required by applicable law, including for regulatory compliance, legitimate interests, or legal claims.


5. SHARING OF PERSONAL DATA
We may share your Personal Data in the following circumstances, to the extent permitted by law:
● With affiliates, marketing partners, and services providers who process data on our behalf or assist in providing services to you.
● With third parties you authorise, including social media platforms, APIs or websites integrated with our Website.
● With partners involved in promotions, offers, or services requested by you.
● With government authorities or regulators, where required by applicable law, regulation and legal process.


6. DATA STORAGE AND SECURITY
We implement appropriate technical and organisational measures in order to safeguard Personal Data against any form of unauthorised access, alterations, loss, or destruction, which include, but are not limited to:
● Establishing policies and procedures for securely managing information;
● Encryption of Personal Data at rest and in transit;
● Use of technical safeguards such as multi-factor authentication (MFA), secure access logs, and intrusion detection systems;
● Access control mechanisms based on roles, responsibilities, and legitimate business needs;
● Regular audits and reviews of data security practices; and
● Vetting and use of third-party service providers (such as Sumsub and Google Workspace), which implement security measures consistent with the applicable law and international standards.


7. RETENTION PERIODS
We retain Personal Data only for as long as necessary to fulfil the purposes for which it was collected, including to comply with applicable legal, regulatory, contractual, accounting, or reporting obligations as per the applicable UAE laws. The retention period may vary depending on the nature of the Personal Data and the purpose of Processing. Once the applicable retention period expires, or where the Personal Data is no longer required, we will securely delete, destroy, or anonymise such data in accordance with applicable UAE laws and industry standards, ensuring that it cannot be accessed, reconstructed, or used to identify any individual.


8. DATA ACCESS AND RIGHTS
8.1. We uphold the rights of Data Subjects in accordance with the applicable laws and shall respond to all reasonable and lawful requests without undue delay.
a. Right of Access to Personal Data:
Upon written request, a Data Subject has the right to obtain from OTC Business Services, free of charge, a copy of the Personal Data undergoing Processing in electronic form and any available information as to its source.
b. Right to Rectification of Personal Data:
A Data Subject has the right to request the correction of inaccurate or otherwise outdated Personal Data in order to keep information truthful and current. We will ensure said data is rectified promptly upon receiving the valid request and any associated supporting documents as and when required.
c. Right to Erasure of Personal Data:
Upon request, a Data Subject has the right to require the firm to erase their Personal Data, wherein:
● the Personal Data is no longer necessary for the purposes it was collected and/or processed;
● a Data Subject has withdrawn consent to the Processing where said consent was the legal basis for Processing;
● the Processing is unlawful, or the erasure of Personal Data is required to comply with applicable laws and regulations; or
● a Data Subject objects to the Processing, and there are no overriding legitimate grounds for OTC Business Services to continue Processing.
d. Right to Restriction of Processing:
A Data Subject has the right to request that we restrict the Processing of their Personal Data where:
● they contest the accuracy of their Personal Data, pending verification;
● they object to the Processing and a determination of overriding legitimate grounds is pending;
● the Processing was carried out in violation of the applicable law but the Data Subject requests restriction rather than erasure; or
● the Data Subject requires the data for the establishment, exercise, or defence of a legal claim.
Where Processing is restricted, we will notify the Data Subject before any restriction is lifted.

8.2. Such Requests by the Data Subject can be sent to: operator@otc-bs.com.


9. PERSONAL DATA BREACHES
In the event of a Personal Data Breach, we will take immediate and appropriate steps to:
● Assess and contain the breach through identifying its nature, cause, scope, and impact on Personal Data;
● Mitigate any risks arising from the breach, including steps to protect and secure affected systems or data in order to prevent further unauthorised access;
● Notify affected Data Subjects, where applicable, and without undue delay; and
● Maintain an internal record of all data breaches, including those not required to be notified.


10. POLICY REVIEWS
This Policy is reviewed annually and updated as needed to reflect changes in regulations or operational practices. If we make significant changes in the way we treat your Personal Data, or to this Policy, we will endeavour to provide you notice through the Website or by some other means, such as email. Your continued use of the Website after such notice constitutes your acknowledgment to the changes.

CONTACT:
For questions or requests, please contact operator@otc-bs.com.