Section 1: Details of Data Controller

Important information

This form is applicable to all entities which process Personal Data in accordance with the ADGM Data Protection Regulations 2015.

Section 1: Details of Data Controller

This is the ADGM entity (under formation).

Data Controller must be a body corporate. This is the entity (under formation) which determines the purposes and means of the Processing of Personal Data.
Personal Data means any information relating to an identified natural person or can be identified directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.
Application Date
Company Name / Partnership Name* / This is the ADGM entity under formation.

Registered Office Physical Address

/ Please provide details of the (proposed) registered office physical address.
Office Number*
Floor*
Building Name*
Street Name of Cluster / Square / Area on the island*
State / Province / Al Maryah Island, Abu Dhabi Global Market
Emirate / Abu Dhabi
Country / United Arab Emirates

Contact Details

/ Please provide details of individual the Registrar may contact in relation to Data Protection Inquiries.
Title*
Forenames*
Surname*
Country of Residence*
Nationality*
Date of Birth*
Business Occupation

Address

Unit Number / Level Number
Building Name
Street / Area
State / Province
PO Box Number*
Emirate
Country*
Telephone Number*
Email Address*

Section 2: Details of Data Processor (if applicable)

/ Data Processor must be a body corporate. This body corporate processes personal information on behalf of the Data Controller. Data Processor may be registered or located in or outside ADGM.
This section only applies if the Data Controller is outsourcing the processing of data.
Company / Firm Name*
Registration Number*
Place of Registration / Incorporation*
Legal Entity Structure*
Governing Law*
Business Occupation

Service Address

/ Please provide details of Data Processor’s service address.
Unit Number / Level Number
Building Name
Street / Area
State / Province
PO Box Number*
Emirate
Country*
Certificate of Incorporation or Registration* / ☐ Copy of Certificate of Incorporation or Registration enclosed. / Please enclose copy of Certificate of Incorporation or Registration.
Evidence of Appointment* / ☐ Copy of evidence of appointment enclosed. / Please enclose copy of evidence of appointment.

Section 3: Data Protection

3.1. Processing of Personal Data

3.2. Personal Data

Personal Data is any information relating to an identified natural person or a natural person who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.
Will you be processing Personal Data as defined in the ADGM Data Protection Regulations 2015? / ☐Yes
☐No
Personal Data may only be Processed in accordance with section 2 of the ADGM Data Protection Regulations 2015. Please confirm which of the following reasons apply to Processing of the Personal Data.
Data Subject is the individual to whom Personal Data relate.
☐ The Data Subject has given his written consent to the Processing of that Personal Data;
☐ Processing is necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract;
☐ Processing is necessary for compliance with any regulatory or legal obligation to which the Data Controller is subject;
☐ Processing is necessary in order to protect the vital interests of the Data Subject;
☐ Processing is necessary for the performance of a task carried out in the interests of the Abu Dhabi Global Market or in the exercise of the Board's, the Court's, the Registrar's or the Regulator's functions or powers vested in the Data Controller or in a Third Party to whom the Personal Data are disclosed; or
☐ Processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by the Third Party to whom the Personal Data are disclosed, except where such interests are overridden by compelling legitimate interests of the Data Subject relating to the Data Subject's particular situation
Please choose which of these kinds of Personal Data you will keep. / ☐Name
☐ Address
☐ Date of birth
☐ Email
☐ Staff ID number
☐ Others:

3.3. Sensitive Personal Data

Sensitive Personal Data is Personal Data revealing or concerning (directly or indirectly) racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership and health or sex life.
Will you be Processing any Sensitive Personal Data as defined in the Data Protection Regulations 2015? / ☐Yes
☐No
Sensitive Personal Data shall be processed in accordance with section 3 of the Data Protection Regulations 2015. Please confirm which of the following reasons apply to Processing of the Sensitive Personal Data.
☐ The Data Subject has given an additional written consent to the Processing of this kind of Personal Data;
☐ Processing is necessary for the purposes of carrying out the obligations and specific rights of the Data Controller;
☐ Processing is necessary to protect the vital interests of the Data Subject or of another person where the Data Subject is physically or legally incapable of giving his consent;
☐ Processing is carried out in the course of its legitimate activities with appropriate guarantees by a foundation, association or any other non-profit-seeking body on condition that the Processing relates solely to the members of the body or to persons who have regular contact with it in connection with its purposes and that the Personal Data are not disclosed to a Third Party without the consent of the Data Subjects;
☐ The Processing relates to Personal Data which are manifestly made public by the Data Subject, or is necessary for the establishment, exercise or defence of legal claims;
☐ Processing is necessary for compliance with any regulatory or legal obligation to which the Data Controller is subject;
☐ Processing is necessary to uphold the legitimate interests of the Data Controller recognised in the international financial markets, provided the Processing is undertaken in accordance with applicable standards and except where such interests are overridden by compelling legitimate interests of the Data Subject relating to the Data Subject's particular situation;
☐ Processing is necessary to comply with any regulatory, auditing, accounting, anti-money laundering or counter terrorist financing obligations that apply to a Data Controller or for the prevention or detection of any crime; or
☐ Processing is required for the purposes of preventive medicine, medical diagnosis, the provision of care or treatment or the management of healthcare services, and where those Personal Data are Processed by a health professional subject under law or rules established by competent bodies to the obligation of confidence or by another person subject to an equivalent obligation.
Please choose which of these kinds of Sensitive Personal Data you will keep. / ☐Racial origin
☐ Political opinion
☐ Religious beliefs
☐ Other beliefs
☐ Physical or mental health (other than as kept in respect of your employees in the normal course of personnel administration and not to be used or disclosed for any of their purpose)
☐ Criminal convictions
☐ Others:

3.4. Transferring Personal Data out of the Abu Dhabi Global Market (adequate level of protection)

A transfer of Personal Data to a Recipient located in a jurisdiction outside the Abu Dhabi Global Market may take place only if an adequate level of protection for those Personal Data are ensured by laws applicable to the Recipient.
If Personal Data will be transferred out of Abu Dhabi Global Market, please select the country (ies) where Personal Data will be transferred to. / ☐ Argentina / ☐ Guernsey / ☐ New Zealand
☐ Austria / ☐ Hungary / ☐ Norway
☐ Belgium / ☐ Iceland / ☐ Poland
☐ Bulgaria / ☐ Ireland / ☐ Portugal
☐ Canada / ☐ Isle of Man / ☐ Romania
☐ Cyprus / ☐ Italy / ☐ Slovakia
☐ Czech Republic / ☐ Jersey / ☐ Slovenia
☐ Denmark / ☐ Latvia / ☐ Spain
☐ Estonia / ☐ Liechtenstein / ☐ Sweden
☐ Finland / ☐ Lithuania / ☐ Switzerland
☐ France / ☐ Luxembourg / ☐ United Kingdom
☐ Germany / ☐ Malta / ☐ Uruguay
☐ Greece / ☐ Netherlands / ☐ US Department of Commerce Safe Harbor Policy (including the Safe Harbor list of organisations adhering to the Safe harbour framework)
☐ This is to confirm that the laws applicable to the above selected country (ies) has/have an adequate level of protection of Personal Data.

3.5. Transferring Personal Data out of the Abu Dhabi Global Market (in the absence of an adequate level of protection)

A transfer or a set of transfer of Personal Data to a Recipient which is not subject to laws which ensure an adequate level of protection in accordance with the Data Protection Regulations 2015 may only take place on conditions as stated in section 5 of the Data Protection Regulations 2015.
Please list the name of country (ies) where the Personal Data will be transferred out of Abu Dhabi Global Market.
Please choose which of these conditions apply to the transfer of Personal Data out of Abu Dhabi Global Market (in the absence of an adequate level of protection) / ☐ We, the Data Controller, hereby request Registrar to grant a permit for the transfer or the set of transfers and the Data Controller applies adequate safeguards with respect to the protection of such Personal Data;
☐ The Data Subject has given his written consent to the proposed transfer;
☐ The transfer is/will be necessary for the performance of a contract between the Data Subject and the Data Controller or the implementation of pre-contractual measures taken in response to the Data Subject's request;
☐ The transfer is/will be necessary for the conclusion or performance of a contract concluded in the interest of the Data Subject between the Data Controller and a Third Party;
☐ The transfer is/will be necessary for the establishment, exercise or defence of legal claims;
☐ The transfer is/will be necessary in order to protect the vital interests of the Data Subject;
☐ The transfer is/will be necessary in the interests of the ADGM;
☐ The transfer is made at the request of a regulator, police or other government agency;
☐ The transfer is/will be made from a register which according to law is intended to provide information to the public and which is open to consultation either by the public in general or by any person who can demonstrate legitimate interest, to the extent that the conditions laid down in law for consultation are fulfilled in the particular case;
☐ The transfer is/will be necessary for compliance with any regulatory or legal obligation to which the Data Controller is subject;
☐ The transfer is/will be necessary to uphold the legitimate interests of the Data Controller recognised in the international financial markets, provided that the transfer is carried out in accordance with applicable standards and except where such interests are overridden by legitimate interests of the Data Subject relating to the Data Subject's particular situation;
☐ The transfer is/will be necessary to comply with any regulatory, auditing, accounting, anti-money laundering or counter terrorist financing obligations that apply to a Data Controller, which is established in the Abu Dhabi Global Market, or for the prevention or detection of any crime;
☐ The transfer is/will be made to a person established outside the Abu Dhabi Global Market who would be a Data Controller or who is a Data Processor, if, prior to the transfer, a legally binding agreement in the form set out in Schedule 1 or Schedule 2 respectively to the Data Protection Regulations 2015 has been entered into between the transferor and Recipient; or
☐ The transfer is/will be made between one or more members of a Group of Companies in accordance with a global data protection compliance policy of that Group, under which all the members of such Group that are or will be transferring or receiving the Personal Data are bound to comply with all the provisions of the Data Protection Regulations 2015 containing restrictions on the use of Personal Data and Sensitive Personal Data in the same way as if they would be if established in the Abu Dhabi Global Market.
Please indicate which mechanisms, if any, is in place to cover the transfer of Personal Data to the jurisdictions without adequate level of protection. / ☐ Ordinary Business Contract
☐ Binding Corporate Rules
☐ Data Transfer Agreement (Data Controller to Data Processor transfers)
☐ Data Transfer Agreement (Data Controller to Data Controller transfers)

Section 4: Declaration

(Must be signed by authorised individual on behalf of the Data Controller)

Data Controller must provide the following declaration by ticking all the boxes below.
I, being the authorised individual on behalf of Data Controller, hereby confirm that:
☐ The processing of Personal Data will be conducted in the following manner:
☐ Processed fairly, lawfully and securely;
☐ Processed for specified, explicit and legitimate purposes in accordance with the Data Subject's rights and not further Processed in a way incompatible with those purposes or rights;
☐ Adequate, relevant and not excessive in relation to the purposes for which they are collected or further Processed;
☐ Accurate and, where necessary, kept up to date; and
☐ Kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the Personal Data were collected or for which they are further Processed.
☐ Every reasonable step shall be taken to ensure that Personal Data which are inaccurate or incomplete, having regard to the purposes for which they were collected or for which they were further Processed, are erased or rectified.
☐ Appropriate technical and organisational measures to protect Personal Data against unauthorised or unlawful Processing and against accidental loss or destruction of, or damage to, such Person Data have been put in place. Such measures shall ensure a level of security appropriate to the risks represented by the Processing and the nature of the Personal Data to be protected.
☐ That in the event of an unauthorised intrusion (including any loss of devices containing Personal Data or unauthorised disclosures) whether physical, electronic or otherwise, to any Personal Data, the incident will be reported to the Registrar as soon as reasonably practicable.
Signature / Date
Name / Designation

Section 5: Signature

Director, company secretary, designated member, general partner, partner must sign this section (whichever is applicable).
I declare that, to the best of my knowledge and belief, having made due enquiry, the information given in this form is complete and correct. I understand that it is an offence under applicable law to provide any information which is false, misleading or deceptive or to conceal information where the concealment of such information is likely to mislead or deceive.
For the purpose of Data Protection Regulations, the Personal Data provided in this form will be processed by the ADGM Registration Authority in accordance with the relevant provisions of the Data Protection Regulations, in particular, in the exercise of its functions or powers under legislation administered by the ADGM or where necessary for the performance of a task carried out in the interest of the ADGM.
Signature / Date
Name / Designation

Fee (Paper Form)