Effective as of 27 September 2023
1. Lexim Trading DMCC (“Lexim”, “we”, “us”, or “our”) is a company registered with and licensed by the Dubai Multi Commodities Centre (“DMCC”) in accordance with the Company Regulations of the DMCC. Lexim's DMCC Registration Number is DMCC-621556 and our registered address is currently Unit No. 2201 Mazaya Business Avenue AA1, Plot No: JLTE-PH2-AA1, Jumeirah Lakes Towers, Dubai, United Arab Emirates.
2. This privacy policy (“Privacy Policy”) sets out the basis upon which Lexim may receive, collect, transfer, use, disclose or otherwise process (including automated processing or profiling) Personal Data (defined below) of our customers (“you” or “your”) in accordance with the Personal Data Law, Federal Decree Law No. 45/2021 and any implementing regulations, as in force and/or amended from time to time (the “Data Protection Law”). It informs you about what personal information we collect and why, how we use it and who we share it with and sets out how you can exercise your rights and who you can contact for further information. This Privacy Policy applies to interactions we have with you via the Lexim Website or otherwise in our possession or under our control, including Personal Data in the possession of external third party organisations which we have engaged to receive, collect, transfer, use, disclose or otherwise process (including automated processing or profiling) Personal Data for our purposes. Capitalised terms used but not defined herein shall have the meanings ascribed to such terms in our terms and conditions which can be accessed at <https://lexim.gold/terms-and-conditions> (the “Terms”).
3. This Privacy Policy supplements but does not supersede or replace any other consents you may have provided to us in respect of your Personal Data.
4. By providing us with your Personal Data, whether through the Lexim Website or otherwise, you consent, agree and accept that we, as well as our respective affiliates, and our/their representatives, business partners and/or agents may receive, collect, transfer, use, disclose or otherwise process (including automated processing or profiling) and share among ourselves your Personal Data (as defined below) as described in this Privacy Policy.
5. Please read this Privacy Policy and our Terms carefully before submitting any personal information, or any other data, to us and giving us your express consent to that personal information and/or data being received, collected, transferred, used, disclosed and/or otherwise processed by us (including automated processing or profiling), as set out in this Privacy Policy. As explained in more detail below, the terms of this Privacy Policy and our Terms may be amended from time to time.
6. By clicking on the “I agree to the Privacy Policy and Terms” button you: (i) confirm that you have read, understood and agree to the terms of this Privacy Policy; and (ii) expressly consent to your personal information and/or any other data you might provide to us, being received, collected, transferred, used, disclosed or otherwise processed (including automated processing or profiling) by us as set out in this Privacy Policy.
Personal Data
7. Personal Data has the meaning given to it in the Data Protection Law and may include but is not limited to:
(a) identity data such as your name, voice, photo, identification number, username or other online identifier, title, date of birth and gender;
(b) Biometric Data and Sensitive Personal Data (as those terms are defined in the Data Protection Law), which may include facial images and data that reveals your family, racial origin and/or criminal record;
(c) contact data such as your postal address, email address, telephone number, mobile telephone number and location data;
(d) financial data such as your bank account details and payment card details;
(e) transaction data such as details on payments you have made with us;
(f) data and information required in order for us to comply with any applicable legal and regulatory requirements (including for the purposes of 'know your client' (“KYC”) or anti-money laundering (“AML”);
(g) details of your marketing preferences and whether, and if so how, you are happy to receive marketing materials from us;
(h) details of the Lexim Services that have been or may be provided to you; and
(i) internet, location and other technical data such as your IP address, login data, time zone, location and other technical information collected based on your access to our Lexim Services.
(collectively, “Personal Data”).
How your Personal Data is collected
8. The information that we collect from or about you – some of which is personal information under the Data Protection Law falls into the following broad categories:
(a) Information that you provide to us
The main way we collect information from or about you will be when you provide certain information to us. A few examples include when you:
(i) visit the Lexim Website;
(ii) respond to our marketing materials;
(iii) communicate with us via emails, telephone, in person or any other means; and/or
(iv) submit any Personal Data to us.
(b) Information that we obtain from other sources
We may also receive Personal Data about you from other sources, such as:
(i) our affiliates and our/their professional advisors, representatives, business partners or agents (including legal advisers, accountants, auditors);
(ii) third party service providers (including Onboarding Providers, related companies, agents, contractors, consultants, IT service providers and other third party service providers) engaged to perform services on our behalf or to assist us with the provision of services to you; and/or
(iii) introducers, agents or other persons acting on your or our behalf.
(c) Information that we collect automatically
We may collect information automatically from you/your device, including information regarding how you use our services.
Information we collect automatically includes your log-in events (when, how and for how long you log into and use certain Services), IP or MAC address, device make, model and operating system, mobile network information, internet service provider, unique device identification number, advertising ID, browser type and language, geographic location (e.g., country or city level location or time zone) and other technical information. We collect "click stream" data, which is information about how your device interacts with our services, such as the pages, screens, functions, applications and products accessed and links clicked.
This information helps us understand users of the Lexim Website. We use this automatically collected information:
(i) for our analytics purposes, including to enhance our understanding of usage of the Lexim Website;
(ii) to improve the quality and relevance to users of the Lexim Services, including (with consent as applicable) by showing or offering users relevant services based on their preferences and usage habits;
(iii) to develop or accelerate research, analysis, news and related editorial content and information collection as part of the Lexim Services, or to enable others to develop/accelerate such content where permitted;
(iv) to offer you support with and training on the Lexim Website or the Lexim Services and to help resolve any errors or technical issues;
(v) to develop and update the Lexim Website;
(vi) for customer services, such as evaluating our customers' training needs for our products;
(vii) to satisfy requests from our corporate customers regarding the entitlement to and use of the Lexim Website and the Lexim Services by individual users under their corporate accounts (this information may be offered to clients in an aggregated form and clients may be required by law to request such information);
(viii) to deliver tailored information on the Lexim Website and Lexim Services that may be of interest or value to you and to send you marketing and promotional e-mails with your consent if required by the Data Protection Law;
(ix) occasionally, to identify unauthorised use or unauthorised distribution of our services related or unrelated to a security issue;
(x) where relevant, to review or update pricing agreed with our customers; and
(xi) for billing purposes, so that we or others (such as our content providers) can bill for the services provided.
As at the date of this Privacy Policy, Lexim, does not collect Personal Data about you using cookies, weblogs, web beacons or similar tracking technology.
It may be necessary for you to provide certain Personal Data as part of a contractual or statutory obligation, and we will endeavour to advise you if such a situation arises. Otherwise, there are generally no adverse effects for you if you choose not to provide certain Personal Data. You will still be able to use certain services; however, without some of this Personal Data, there may be certain services that we are unable to provide to you, for example, we may not be able to communicate with you and/or take certain actions that you request because specific Personal Data is required to respond to your enquiries.
Legal grounds on which your Personal Data may be collected and processed
9. Your Personal Data may be collected and processed with your express consent and/or for any one or more of the additional lawful grounds set out in the Data Protection Law and any implementing regulations. As at the date of this Privacy Policy, the additional lawful grounds that, in Lexim's view, are most likely to be applicable to your interactions with us can be summarised as follows:
(a) Processing is necessary for the protection of the public interest;
(b) Processing is related to Personal Data which is manifestly made public by the Data Subject (as that term is defined in the Data Protection Law);
(c) Processing is necessary for the establishment, exercise or defence of rights and legal claims or relates to judicial or security measures;
(d) Processing is necessary for archiving purposes, scientific or historical research purposes or statistical purposes in accordance with legislation in force in the United Arab Emirates (“UAE”);
(e) Processing is necessary to protect the interests of the Data Subject;
(f) Processing is necessary for the purposes of carrying out the obligations and exercising the rights prescribed by law for the Controller (as that term is defined in the Data Protection Law) or Data Subject of the Personal Data in the field of employment, social security and social protection law in so far as it is authorised by such laws;
(g) Processing is necessary for the performance of a contract to which the Data Subject is a party or in order to take steps at the request of the Data Subject for entering into, amending or terminating a contract; and
(h) Processing is necessary for the performance by the controller of specific obligations prescribed by other laws in the UAE.
When does Lexim disclose my Personal Data?
10. Lexim may disclose your Personal Data to our affiliates and our/their professional advisors, representatives, business partners or agents (including legal advisers, accountants, auditors). Lexim may also use third party service providers (including Onboarding Providers, related companies, agents, contractors, consultants, IT service providers and other third party service providers), introducers or other agents to perform services on our behalf or to assist us with the provision of services to you. Your Personal Data may only be disclosed to these third party service providers in connection with the provision of their services and/or to any such third parties acting on our or your behalf. We will instruct such third party service providers not to use your personal information for their own purposes, and require that such personal information will be used/processed by these service providers only for specified purposes and in accordance with our instructions.
11. We provide personal information to any competent law enforcement body, regulatory, government agency, court or other third party in accordance with applicable law and regulation when we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to protect against fraud or for risk management purposes, (iii) to exercise, establish or defend our legal rights, (iv) to protect your vital interests or those of any other person, or (v) to protect the interests, rights, safety or property of us or others.
Purposes and use of your Personal Data
12. Lexim, our affiliates and the third party service providers may, for example, use your Personal Data:
(a) to communicate with you;
(b) to perform the Lexim Services for you;
(c) to conduct research and analysis;
(d) to improve the effectiveness of the Lexim Services;
(e) to enforce the Terms;
(f) where you have expressly given us consent to do so, for marketing and advertising purposes;
(g) to support auditing, compliance and corporate governance functions;
(h) to fulfil all necessary KYC/AML obligations;
(i) for redemption or storing of gold;
(j) where we believe that the disclosure of such information is appropriate to prevent physical harm or financial loss in connection with an investigation of suspected or actual illegal activity;
(k) to protect against fraud or other suspected or actual illegal activity;
(l) to comply with legal or regulatory obligations;
(m) to comply with court orders and to defend or exercise legal or contractual rights; and
(n) for general business administration.
Links to third party websites
13. Our websites may include links to third party websites, plug-ins and applications. Clicking on these links or enabling such connections may allow third parties to collect or share data about you. Please note that we are not responsible for such third party websites or their privacy policies. When you leave our website, we encourage you to read the privacy policy of every website you visit.
Sharing third party Personal Data with us
14. By submitting and sharing any Personal Data relating to any third party (e.g. information of your spouse, children and/or employees) for any particular purpose, you warrant and represent to us that: you have obtained the express consent of such third party to provide us with the Personal Data for the respective purposes and have given them a copy of this Privacy Policy; they agree to the terms of this Privacy Policy; and they expressly consent to their Personal Data being received, collected, transferred, used and/or disclosed as set out in this Privacy Policy.
15. It is your obligation to ensure that all Personal Data submitted to us is complete, true, accurate and not misleading. Failure on your part to do so may result in our inability to provide you with the Lexim Services you have requested, and/or delays in processing your applications.
Promotion and Marketing
16. Where you have expressly given us consent, you may receive from us personalised recommendations and marketing that are tailored based on the information you have provided to us and your interaction on our website, applications, and through our third party service providers. Based on the information received, we will carry out statistical, technical and logistical analysis and strategic development, and create personalised content and advertisements.
17. We may also be in contact with you about other services of ours that we believe may interest you.
18. You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message we send to you.
19. Alternatively, you can let us know directly that you prefer not to receive any marketing messages by emailing our Data Protection Representative (please see further below).
Security and sharing of Personal Data
20. We are committed to ensuring that your information is secure. Please see the section above on 'Purposes and use of your Personal Data' for further details on who we may share your information with. We shall not share any Personal Data with third parties except for the purposes set out under this Privacy Policy.
21. Whilst we will use reasonable efforts to safeguard your personal information, you acknowledge that the use of the internet is not entirely secure and that we cannot therefore guarantee the security or integrity of any Personal Data that is transferred from or to you via the internet. That said, in order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures in accordance with applicable laws to safeguard and secure the information we collect online and offline, including but not limited to:
(a) organisational measures (including but not limited to staff training and policy development);
(b) technical measures (including but not limited to physical protection of data, pseudonymisation and encryption); and
(c) securing ongoing availability, integrity, and accessibility (including but not limited to ensuring appropriate back-ups of Personal Data are held).
22. Personal Data provided to us will be held in our databases and may only be accessed by our employees and provided to our affiliates and our/their professional advisors, representatives, business partners or agents (including legal advisers, accountants, auditors), Onboarding Providers, agents, consultants, contractors, IT service providers, introducers and other third parties for the purposes of providing their services. We have put in place procedures to deal with any suspected breach of Personal Data and will comply with any legal obligation under the Data Protection Law to notify you and/or the Data Office established under UAE Federal Decree Law No. 44/2021 (or such other relevant authority in place from time to time with responsibility for the Data Protection Law), if such breach has occurred.
23. As we develop the Lexim Services and business, we may enter into transactions with other entities that require the sharing of Personal Data. This may include a reorganisation, merger, corporate sale, acquisition, disposition of any portion of our business or similar event. In such cases, Personal Data may be part of the transferred assets.
24. We may also share your Personal Data with law enforcement, government entities and regulatory agencies, if prescribed under any applicable law or if required to be furnished by us in connection with their duties.
International Transfer of Personal Data
25. As Lexim is part of a global organisation, we may transfer your Personal Data outside of the DMCC, Dubai and the UAE (including to the affiliates and their representatives and agents in different countries) for any of the purposes described in this Privacy Policy. As at the date of this Privacy Policy, the principal jurisdictions where your Personal Data may be transferred to/from and/or processed in on behalf of Lexim and/or its affiliates are the UAE, Singapore and Switzerland.
26. Where you are located outside these principal jurisdictions, and we transfer your personal information to, for example, the UAE, Singapore or Switzerland, this will naturally entail your personal information being exported back out to the jurisdiction that it originated from or from where you are located (for example, when we reply to your emails or we write to you).
27. These other jurisdictions may have data protection laws that are different from the Data Protection Law and/or the laws of your country (and, in some cases, not as protective).
28. We will implement contractual or other measures to comply with legal requirements on the transfer of personal information, ensuring that there is an adequate level of protection in place.
29. Where your personal information is transferred by us or on our behalf, Lexim puts in place suitable technical, organisational and contractual safeguards to ensure that such transfer is carried out in compliance with applicable data protection rules, ensuring that there is an adequate level of protection in place. There will also be circumstances in which the transfer of your Personal Data cross-border will be expressly permitted under the Data Protection Law, including where the country or territory to which the data is transferred has already been approved by the Data Office established under UAE Federal Decree Law No. 44/2021 (or such other relevant authority in place from time to time with responsibility for the Data Protection Law) as providing an adequate level of legislative protection, where it is necessary to conclude or perform a contract concluded in your interests, where you have expressly consented (provided that does not conflict with the public and security interests of the UAE), or where it is necessary to protect the public interest or exercise or defend legal rights.
Retaining Personal Data
30. We retain Personal Data for as long as we deem reasonably necessary to fulfil the purpose for which it was collected under this Privacy Policy, and as may be required by law such as for tax and accounting purposes, compliance with anti-money laundering laws, or as otherwise communicated to you. We may retain your Personal Data for a longer time if they may be the subject of a legal claim, or may otherwise be relevant for future litigation.
31. After such time, your Personal Data (or relevant part of it) will be deleted or securely archived, anonymised, pseudonymised, securely encrypted or otherwise put beyond further use.
Your rights
32. Subject to certain legal conditions, you may have one or more of the following rights pursuant to the Data Protection Law and may exercise them in the first instance by contacting our Data Protection Representative (defined below):
(a) Right to access: you may have the right to obtain certain information related to the processing of your Personal Data, including the types of Personal Data being processed; the purposes of the processing, the entities to whom your Personal Data may be shared and the appropriate safeguards taken if the transfer is cross-border; the rules and criteria for retention of Personal Data; the measures to be taken if there is a data breach and how to lodge a complaint with the Data Office established under UAE Federal Decree Law No. 44/2021 (or such other relevant authority in place from time to time with responsibility for the Data Protection Law);
(b) Right to rectify: you may request the rectification of your Personal Data, if inaccurate, and/or to have incomplete Personal Data completed;
(c) Right to delete: you may, in some cases, have your Personal Data deleted (for example, where you withdraw your consent to the processing, or you object to the processing and there are no legitimate grounds for us to continue the processing);
(d) Right to object: you may object to and suspend the processing of Personal Data concerning you or where, for example, it is being processed in violation of the Data Protection Law;
(e) Right to restrict and suspend the processing: in certain circumstances, you may have the right to limit the processing of your Personal Data (for example, where you have contested the accuracy of your Personal Data or you have objected to the particular processing of your Personal Data);
(f) Right to portability: in some cases, you may ask to receive your Personal Data which you have provided to us in a structured, commonly used and machine-readable format, or, when this is technically feasible, that we communicate your Personal Data on your behalf directly to another data controller;
(g) Right to withdraw your consent: for processing requiring your consent, you have the right to withdraw your consent at any time. Exercising this right does not affect the lawfulness of the processing based on the consent given before the withdrawal of the latter;
(h) Right to object to and suspend direct marketing: you have the right to request that we stop contacting you with direct marketing;
(i) Right to object to automated processing: you have the right in certain circumstances to object to decisions based on Automated Processing (including Profiling), as those terms are defined in the Data Protection Law;
(j) Right to request retention: you may request the continued retention of your Personal Data by us after the completion of the objectives of the processing where that data is necessary to finalise actions relating to the exercise or defence of legal claims; and
(k) Right to lodge a complaint to the relevant data protection authority.
33. Please note that not all of the above rights are absolute; some of these rights only apply in certain circumstances, or are subject to certain exceptions as set out in the Data Protection Law, so we may not be able to fulfil every request in its entirety, or at all. To the extent permitted by law, we reserve the right to either reject a request (in whole or in part) and/or charge a reasonable administrative fee for complying with any part of any request.
34. If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity and address before acting on the request; this is to ensure that your data is protected and kept secure.
Authorised Person
35. Any Authorised Person duly appointed by you in accordance with the Terms may exercise the same rights under this Privacy Policy, on your behalf.
Persons under 18
36. Lexim does not allow anyone under the age of 18 to use the Lexim Website and/or Lexim Services.
Contacting Lexim
37. To the extent that Lexim is required to do so by the Data Protection Law, we will appoint a Data Protection Officer. In the meantime, if you have any questions about this Privacy Policy, any concerns, complaints, or want to exercise the rights set out in this Privacy Policy, you can contact Mr Sunil Thaper, our Data Protection Representative at:
Data Protection Representative
Lexim Trading DMCC
Unit No. 2201
Mazaya Business Avenue AA1
Plot No: JLT-PH2-AA1
Jumeirah Lakes Towers
Dubai, United Arab Emirates
Tel: +971 (0)4 375 1987
Email: sunil@lexim.gold
38. You will need to provide sufficient details regarding your complaint as well as any supporting evidence and/or information. We will treat your requests or complaints confidentially. Our Data Protection Representative will be the first point of contact for all privacy related matters and to assist in ensuring our compliance with our privacy obligations.
39. Our Data Protection Representative will contact you within a reasonable time after receipt of your complaint to discuss your concerns and outline options regarding how they may be resolved. Lexim will aim to ensure that your complaint is resolved in a timely and appropriate manner. Lexim will contact you if we require any additional information from you and will notify you in writing (which includes electronic communication via email) of the relevant determination.
40. You may also have the right to raise your concerns or complaints directly with the Data Office established under UAE Federal Decree Law No. 44/2021 (or such other relevant authority in place from time to time charged with overseeing the Data Protection Law).
Changes to this Privacy Policy
41. By accepting the terms of this Privacy Policy, you acknowledge and agree that we may change this Privacy Policy from time to time in our absolute discretion. We will notify you about significant changes in the way we treat Personal Data by sending a notice to the primary email address specified in your Lexim Account, by placing a prominent notice on the Lexim Website, and/or by updating any privacy information on this page; and the changes will be effective from that point. Your continued use of the Lexim Website and/or Lexim Services after the publication date of such modifications will constitute your: (a) acknowledgment of the modified Privacy Policy; and (b) agreement to abide and be bound by that modified Privacy Policy.
This Privacy Policy was last updated on 27 September 2023
