1. Scope and Legal Basis
This Privacy Policy describes how G D and M Trading FZE (the "Company", "we", "us") collects and processes your personal data. We are the Data Controller under Federal Decree-Law No. 45 of 2021.
Legal Basis: We process your data based on your explicit consent and our legal obligations under Federal Decree-Law No. (20) of 2018 on Anti-Money Laundering (AML).
2. Data We Collect
To comply with mandatory, Know Your Customer (KYC) requirements for precious metal dealers, we collect:
Identity Data: Full name, date of birth, nationality, and occupation.
Official Identification: Clear digital copies and data from your valid Passport or UAE/GCC Emirates ID.
Contact Data: Email address, phone number, and residential address.
Transaction Data: Details of gold and diamond purchases, sales, and payment methods.
Technical Data: IP address and device identifiers collected through cookies.
3. How We Use Your Data
Identity Verification: To verify your identity and perform sanctioned list screening via the UAE FIU goAML portal.
Compliance Reporting: To file mandatory Dealers in Precious Metals and Stones Reports (DPMSR) for transactions of USD 15,000 or more.
Security: To protect against Commercial Fraud and unauthorized access to your account.
4. Data Storage and Retention
Security Measures: We use encryption (SSL/TLS) and secure access controls to protect your sensitive identity documents.
Retention Period: In accordance with Article 24 of Cabinet Decision No. (10) of 2019, we are legally required to retain all KYC and transaction data for a minimum of five (5) years after the completion of the transaction or termination of the business relationship.
5. Your Rights as a Data Subject
Under the UAE PDPL, you have the right to:
Access: Request a copy of the personal data we hold about you.
Rectification: Request correction of inaccurate or outdated information.
Erasure: Request deletion of your data (subject to our 5-year AML retention obligation).
Portability: Receive your data in a structured, machine-readable format.
Withdraw Consent: You may withdraw consent at any time, though this will result in the immediate closure of your account.
6. Data Sharing and Mandatory Regulatory Disclosure
6.1 Mandatory Reporting Threshold
In strict accordance with Federal Decree-Law No. (20) of 2018 and its implementing regulations, the Company is legally obligated to maintain transparency with federal authorities. You hereby acknowledge and agree that your personal data, along with details of any purchase orders or transactions involving a value equal to or exceeding USD 15,000, whether conducted in a single transaction or multiple interrelated transactions, shall be shared with the relevant regulatory and supervisory authorities.
6.2 Authorized Recipients
This data, including identification documents and transaction history, will be reported to:
• The UAE Financial Intelligence Unit (FIU) via the goAML portal.
• The Ministry of Economy (MoE) as the primary supervisory authority for DNFBPs.
• Any other judicial or law enforcement body as required by applicable UAE laws.
6.3 No Notification (Anti-Tipping Off)
Pursuant to the "Anti-Tipping Off" provisions of UAE AML law, the Company is prohibited from notifying you when a report regarding a specific transaction threshold or suspicious activity has been filed with the authorities.
7. Contact and Complaints
For any privacy-related inquiries or to exercise your rights, please contact our Data Protection Officer (DPO) at:
Email:
Address:
Regulatory Body: You may also file a complaint with the UAE Data Office.
1. Scope and Legal Basis
We process your data under the Bahraini PDPL based on your explicit consent and our legal obligations under the Anti-Money Laundering Law.
2. Mandatory Regulatory Disclosure
You agree that your personal data and transaction history for any purchase exceeding USD 15,000 shall be shared with the Ministry of Industry and Commerce (MOIC) and the Financial Intelligence Directorate (FID) as required by law.
3. Data Retention
KYC and transaction records are retained for a mandatory period of five (5) years as per the Bahraini AML regulations.
4. Your Rights
Under the PDPL, you have the right to access, rectify, and delete your data (subject to legal retention periods).
5. Contact Information and Complaints
For any privacy-related inquiries, or to exercise your rights to access, rectify, or erase your personal data under the Bahraini PDPL, please contact our Data Protection Officer (DPO) at:
• Email:
• Physical Address:
• Response Time: In accordance with the Personal Data Protection Authority (PDPA) guidelines, we will respond to your formal requests within 15 to 30 days.
• Regulatory Body: You also have the right to file a formal complaint with the Personal Data Protection Authority (PDPA) in the Kingdom of Bahrain if you believe your data has been handled in violation of the Law.