Skip to main content
Privacy notice
TomaSteed Alternative Credit Advisors Limited

1. Introduction 

At TomaSteed Alternative Credit Advisors Limited, we are committed to protecting and  respecting the privacy of our employees and third parties, including contractors, consultants, and  business partners. This Privacy Notice explains how we collect, use, disclose, and protect  personal data in accordance with the ADGM Data Protection Regulation 2021. It also outlines your  rights regarding your personal data and how you can exercise these rights. 

2. Scope of Data Collection 

This Privacy Notice applies to the personal data we collect from: 

• Employees: Including permanent, temporary, and former employees. 

• Third Parties: Including contractors, consultants, suppliers, business partners, and other  external individuals whose data we process in the course of our business operations. 

3. What Data We Collect 

We may collect and process the following types of personal data: 

• Personal Identification Information: Name, date of birth, gender, nationality, marital status,  Emirates ID/passport details, and visa information. 

• Contact Information: Home and business addresses, telephone numbers, and email  addresses. 

• Employment and Contractual Details: Job title, department, work location, employment or  service contract details, start and end dates, work history, qualifications, and ADGM visa  information. 

• Financial Information: Bank account details, salary, bonuses, allowances, invoicing  information, tax information, and pension details. 

• Health Information: Medical certificates, disability information, health and safety records,  and health insurance details. 

• Performance Information: Appraisal records, disciplinary and grievance procedures, training  records, and service delivery assessments. 

• Business Information: Information related to your professional role and business dealings  with Astute Asset Managers Limited, including communications, agreements, and project  details. 

4. How We Use Your Data 

We use your personal data for the following purposes: 

• Human Resources and Contract Management: Managing recruitment, payroll, benefits,  promotions, training, employee relations, and third-party contracts. 

• Legal Compliance: Ensuring compliance with ADGM employment laws, contract laws, and  other regulations, including our obligations under the ADGM Data Protection Regulation  2021.

• Performance Monitoring and Service Delivery: Assessing and managing employee  performance, career development, disciplinary matters, and evaluating third-party service  delivery. 

• Workplace and Contract Safety: Protecting health and safety within the workplace and in  the execution of contracts, including managing incidents and accidents. 

• Communication: Contacting you regarding your employment, contract, benefits, company  policies, or business dealings. 

• Operational Efficiency: Managing and coordinating business operations, including project  management, collaboration with third parties, and ensuring smooth business processes. • Client and Business Partner Services: Processing personal data to provide services to  clients, business partners, and third parties, including managing relationships, fulfilling  contractual obligations, and ensuring effective communication and service delivery. 

5. Legal Basis for Processing 

We process your personal data based on the following legal grounds under the ADGM Data  Protection Regulation 2021: 

• Contractual Necessity: To fulfil our employment contracts, service agreements, or other  contractual obligations with you. 

• Legal Obligation: To comply with ADGM laws, regulations, and legal obligations, including  those related to employment, contract, health, and safety. 

• Legitimate Interests: To manage our workforce, business operations, and third-party  relationships effectively, protect the company’s interests, and ensure operational  efficiency. 

• Consent: Where you have given explicit consent for specific data processing activities,  such as processing certain health data or emergency contact details. 

6. Data Sharing 

We may share your personal data with: 

• Service Providers: Third-party providers who assist with payroll, benefits administration,  IT services, and other necessary functions. 

• Regulatory Authorities: ADGM Authority, Financial Services Regulated Authority (FSRA),  and other regulatory bodies when required by ADGM law. 

• Affiliated Companies: Other entities within the Astute Asset Managers Limited group for  internal administrative purposes, in compliance with the ADGM Data Protection  Regulation 2021. 

• Business Partners: When necessary, we may share data with other business partners or  contractors involved in projects or service delivery, ensuring compliance with relevant data  protection requirements. 

7. Data Security 

We implement appropriate technical and organizational measures to protect your personal data  against unauthorized access, loss, or misuse. Access to your data is restricted to authorized  personnel who require it to fulfil their job responsibilities or contractual obligations. 

8. Data Transfers 

Where your personal data is transferred outside the ADGM to third countries, we ensure that  appropriate safeguards are in place, in compliance with the ADGM Data Protection Regulation  2021, to protect your data during such transfers.

9. Data Retention 

We retain your personal data only as long as necessary to fulfil the purposes for which it was  collected and to comply with legal obligations. This includes retaining records for a period after  your employment or contract ends, in line with ADGM regulations. 

10. Your Rights 

Under the ADGM Data Protection Regulation 2021, you have the following rights concerning your  personal data: 

• Access: Request access to the personal data we hold about you. 

• Rectification: Request corrections to any inaccurate or incomplete data. 

• Erasure: Request the deletion of your personal data, subject to certain legal conditions. • Restriction: Request the restriction of processing under certain circumstances. • Objection: Object to the processing of your data, particularly where the processing is  based on legitimate interests or for direct marketing purposes. 

• Data Portability: Request the transfer of your data to another organization or yourself in a  structured, commonly used format. 

To exercise any of these rights, please contact our Data Protection Officer (DPO) at Email and Phone  No. 

11. Changes to This Notice 

We may update this Privacy Notice from time to time to reflect changes in our practices or the law.  Any updates will be communicated to you via email or other appropriate means. 

12. Contact Information 

If you have any questions or concerns regarding this Privacy Notice or our data protection practices,  or if you wish to exercise your rights, please contact our Data Protection Officer at: Email and Phone  No.