Privacy Policy

Please read this Privacy Policy (hereinafter referred to as this Policy) carefully before using this website.

The protection of privacy and the safeguarding of your personal data and financial information [Personal Information] is our highest priority. We respect your privacy rights and are strongly committed to protecting your privacy. In this Policy "we", "us" and "our" means GFM DMCC [GFM] and "you", "your", "the user" and sometimes "the data subject" means the individual or an authorized representative of a corporate entity who uses this website. In the course of providing financial Products and Services, we collect and maintain certain information such as name, age, residential address and any other information we may collect when you use our website, in order to enter into a transaction or open an account with us.

This Policy explains how we collect and protect your Personal Information. We ensure that any Personal Information obtained from you is not used or disclosed unless we have obtained your consent for such disclosure. By opening an account or by using our website, you give your consent to the collection, use and the disclosure of Personal Information by us in accordance with this Policy and other agreements you have entered with GFM.

If you are a Customer of GFM in a European Union country, you may be protected under the General Data Protection Regulations (GDPR) as applicable.

  1. Definitions

    Means a legal entity that controls, is controlled by or is under common control with another legal entity, but only while that control relationship exists. To "control" means the direct or indirect ownership or power to control more than 50% of the issued shares or other securities of an entity or of the voting rights attached to the issued shares or other securities of such entity; or the power to control, directly or indirectly, the appointment of more than 50% of any board of directors or governing body of such entity.


    Mean the financial products made available to you by GFM and/ or its Affiliates.


    Mean the services made available to you through our website.

    GDPR related Definitions
    • Data Controller :
      Means the entity (legal person, public authority, agency or other body) that determines the purposes, conditions and means for the processing of Personal Data of Data subjects.
    • Data Processor :
      Means the entity (legal person, public authority, agency or other body) that processes Personal Data on behalf of the Data Controller (excluding the Data Controller's own employees).
    • Data Subject :
      Means an identified or identifiable natural person / the Customer who is in a European Union country;
  2. Collection and use of Personal Information

    We collect your Personal Information through our website when you log in to the website. You may also provide Personal Information to us when you subscribe for any Products or Services or when you fill in account opening applications (whether written or electronic) or provide information in any other form.

    • Personal Information we collect may include information required to communicate with you and consist of the following information:

      • Your name
      • mailing address
      • telephone number
      • Demographic information
      • birth day
      • education
      • occupation
      • e-mail address and other identification information
    • We may use the information collected from you for the following purposes:

      • To establish and verify your identity and contact information.
      • Issue an account number and a secure password.
      • To monitor your account activity and contact you with account information.
      • To personalize and continually improve the Services.
      • To customize your browsing experience and inform you about additional Products, Services or promotions that may be of interest to you.
  3. How long we keep your information

    We keep your information only so long as we need it to provide Services to you and fulfill the purposes described in this policy. This is also the case for anyone with whom we share your information and who carries out services on our behalf.

    We may also retain information about you after the closure of the account or if your application is declined or abandoned for as long as we require in order to comply with legal and regulatory requirements and for our legitimate business purposes. We will ordinarily retain your information for ten (10) years or as otherwise required by Bahrain Law.

  4. Disclosure of Personal Information

    We may share your Personal Information with our Affiliates and third parties for the purposes of providing you with Products and Services. For example, we may share your personal information in order to process transactions for your account, execute your trades on an exchange, and manage and administer your account or we may share your personal information with any of our service providers as required by them enabling them to provide their services to you. Furthermore, these service providers may only use your data in accordance with our mandate.

    Our Affiliates will deal with your Personal Information in the same way as described in this privacy statement.

    We may be obliged to disclose your Personal Information in certain circumstances for legal or regulatory reasons, including but not limited to instances where we are required to disclose the information in accordance with the laws and regulations of the Central Bank of Bahrain or any other applicable regulation.

    We may also disclose your Personal Information as necessary to perform credit checks, collect debts, enforce our legal rights or protect our interests and property.

  5. Data Security, Safety of Personal Information

    We have taken appropriate steps to ensure the security of any Personal Information that we collect and held by us, including limiting the number of people who have physical or network access to our database servers, as well as installing electronic security systems that guard against unauthorized access.

    A secure http/ communication channel ensures the security of data communications made through our website. Your information is protected during transmission by using Secure Sockets Layer (SSL) software, which encrypts information transmitted to us. Furthermore, a 128 bit key, the most secure form of commercially available encryption, is used to ensure the security of your transactions. We also provide you with a unique user name and password to access your account information online. You are responsible for keeping this password confidential.

    We assume no responsibility for loss of whatever nature, howsoever arising and/or resulting from computer viruses, trojans, worms or equivalent or similar items which is beyond our control.

    Transmission of information via the internet is not completely secure. Although we have implemented systems and processes to protect your Personal Information, no data transmission over the Internet can be guaranteed to be completely secure .Accordingly, transmission of data should be done at your own risk.

  6. Use of cookies

    Cookies are small text files sent from the web server to your computer. We use cookies to assist us in securing your trading activities and to enhance the performance of our website. Cookies used by us do not contain any Personal Information nor do they contain account or password information. We do not control or take any responsibility for the use of cookies by third parties in the other third-party websites linked to our website.

  7. Accessing and updating your Personal Information

    We give you access, through our website, to Personal Information about your account for the purposes of viewing and in certain cases, and updating your Personal Information as necessary.

    You have the right to obtain copies of records relating to your business with us in accordance with the customer agreement entered between us.

  8. Calls

    We may record and monitor any telephone calls made to us or received by us to maintain our service standards, to check instructions, for compliance purposes and otherwise for your protection and ours.

  9. Links to other websites

    Our website may contain links to other websites. Please be aware that we are not responsible for the privacy practices of such other websites.

    If the use of the websites of other third parties/ service providers is associated with the collecting, processing and use of personal data/Personal Information, please refer to the data protection notes of the respective third-party websites.

  10. Modifications

    We reserve the right to change this Policy at anytime by posting revisions on this website. Such changes will be effective upon posting. We advise you to check our website frequently to review any changes to this Policy.

  11. Rights under GDPR

    We are committed to fulfilling our obligations concerning the exercise of your rights under GDPR as a Data Controller or sometimes as a Data Processor, if you are a Data Subject/Customer in a European Union country subject to the other terms already specified in this policy. Please be advised that you have the following rights under GDPR (to the extent GDPR applies to your personal data):

    • The right to request access to, personal data or restriction of processing or to object to processing, and rectification.
    • The Right to erasure (i.e., the right to be forgotten): means that the Data Subject has the right to erasure of his/ her personal data without undue delay, as well as the cease of further data dissemination. To the extent that it is required by the regulatory bodies or under the Governing law, we may continue to store the personal data despite your request to erasure.
    • The right to data portability - i.e. the Data Subject has the right to receive their personal data from the Controller and the right to transmit that data to another controller where technically feasible.
    • The right to lodge a complaint with a supervisory authority.
    • Privacy by Design: i.e. the personal data of the Data Subject will be collected and processed only on a need to know basis and only the necessary data will be collected.

    If GFM acts as a Data Processor at any time, GFM will act on the written instructions given by the Data Controller exclusively.

  12. Contacting Us

    Should you have any further queries about this Policy, or wish to opt-out of receiving communications relating to additional Products, Services or promotions that we feel may be of interest to you, or need to change and modify any information previously provided to us e-mail us

  13. Governing Law and Jurisdiction

    Parties agree that the governing law of this Policy or other agreements entered with GFM is the law of United Arab Emirates and the Parties submit to the jurisdiction of the courts in Dubai.