This privacy policy (“Privacy Policy”) gives you information about how EdenMountain Holdings Limited, a company with its registered office at PO Box 10061, George Town Financial Center, 90 Fort Street, Suite 306, Grand Cayman, KY1-1001 and company number 404117 and its Affiliates ("EdenMountain", "we", "us" or "our") collects, uses and protects your personal data. Click on the links above to go straight to more information on each area:
  1. Important information and application
    1. This Privacy Policy constitutes an integral part of your Agreement with us (as applicable) and applies to you whether you are accessing or using EdenMountain’s web-based marketplace (currently available at: www.edenmountain.com) (the “Platform”) as a buyer, seller, as the authorised account administrator to access and/or manage an account on the Platform or otherwise any data you may provide us when you register your interest in our Platform offerings. Accordingly, this Privacy Policy applies to you and us whether you are setting up, accessing, operating or using an Account via the Platform (pursuant to the EdenMountain Platform Terms and Conditions). This Privacy Policy should be read in conjunction with EdenMountain’s Platform Terms and Conditions (“Platform Terms”) and the terms used in this Privacy Policy have the same meaning ascribed to them in the Platform Terms unless the context requires otherwise.
    2. We take your privacy seriously and want you to feel comfortable whenever you access or use the Platform. We process your personal data in accordance with the Abu Dhabi Global Market’s Data Protection Regulations 2021, as may be amended from time to time (“PDPL”).
    3. Your provision of personal data that we request from you is mandatory to enable us to provide our Services to you. Therefore, failure to provide such personal data will result in the restriction of your access and use of all or parts of our Platform and may impact the quality and accuracy of the Services. If you are accessing or using the Platform as a company, is your obligation to obtain the consent of the company’s personnel, including the account administrator to provide us with their corresponding personal data as may be required for the Services.
    4. The Platform is not intended for minors, and we do not and will not knowingly collect information from anyone who is not of legal age.
    5. Eden Mountain is the controller and responsible for your personal data.
    6. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact us through the means set out in Section 9.1.
  2. The types of personal data we collect about you
    1. Personal data means any information about an individual from which that person can be identified, including, for example: your name, address, telephone number, e-mail address, together with any other non-public information about you that is associated with or linked to any of the foregoing data and relevant to your application for, access to or use of our Platform.
    2. We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
      1. Identity Data includes first name, last name, date of birth as well as all other information that can help us to verify your identity.
      2. Contact Data includes email address.
      3. Technical Data includes internet protocol (IP) address, your browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device ID and other technology on the devices you use to access this Platform.
      4. Account Data includes information relating to your use of the Account and Platform, including relating to transactions you carry out, details of any bank accounts you transact to and from and other commercial information (such as financial performance, unique selling points, etc).
      5. Usage Data includes information about how you interact with our Platform and includes, your interests (including interest in our current or future product and service offerings), preferences, feedback and survey responses.
      6. Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
    3. We may also collect, use and share aggregated data such as statistical or demographic data which is not personal data as it does not directly (or indirectly) reveal your identity. For example, we may aggregate individuals' Usage Data to calculate the percentage of users accessing a specific Platform feature in order to analyse general trends in how users are interacting with our Platform to help improve the Platform and our service offering.
  3. How is your personal data collected?
    1. We use different methods to collect data from and about you including through:
      1. Your interactions with us. You may give us your personal data by filling in online forms or by corresponding with us by phone, email or otherwise. This includes personal data you provide when you:
        1. register your interest on our Platform;
        2. apply for creating an Account on the Platform or otherwise use our Services;
        3. consent to sending marketing materials to be sent to you;
        4. apply to benefit from a promotion;
        5. submit a survey;
        6. enter into a transaction;
        7. give us feedback, contact us or respond to our requests for information for any reason (including in respect of your cooperation with any governmental body).
      2. Automated technologies or interactions. As you interact with our Platform, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. Please see the section on use of cookies below for further details.
      3. Third parties. We may receive or validate personal data about you through various third parties and public sources as set out below:
        1. Technical Data is collected from analytics providers such as Google, Hotjar and Hubspot (who may be based outside the ADGM); and
        2. Identity and Contact Data may be collected from identity verification companies such as Comply Cube or from other publicly available sources based inside the UAE and/or any international equivalents.
  4. How we use your personal data
    Legal basis
    1. The law requires us to have a legal basis for collecting and using your personal data. We rely on one or more of the following legal bases:
      1. Performance of the Agreement: Where we need to perform the Agreement we are about to enter into or have entered into with you.
      2. Legitimate interests: We may use your personal data where it is necessary to conduct our business and pursue our legitimate interests, for example to prevent fraud and enable us to give you the best and most secure customer experience. We make sure we consider and balance any potential impact on you and your rights (both positive and negative) before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless are otherwise required or permitted to by law).
      3. Legal obligation: We may use your personal data where it is necessary for compliance with a legal obligation that we are subject to. We will identify the relevant legal obligation when we rely on this legal basis.
      4. Consent: We rely on consent only where we have obtained your active approval to use your personal data for a specified purpose, for example if you subscribe to an email newsletter or agree to receive marketing.
        Purposes for which we will use your personal data
    2. We have set out below, in a table format, a description of all the ways we plan to use the various categories of your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
      Purpose/UseType of dataLegal basis
      To register your interest in our future products or services(a) Identity
      (b) Contact
      (a) Performance of a contract with you to keep you informed of EdenMountain’s product and service development as requested
      (b) Necessary for our legitimate interests (to keep our records updated and manage our relationship with you)
      To manage our relationship with you which will include:
      (a) your use of the Account and participation in transactions on the Platform
      (b) your listing of an ENOR as a Seller (as an Originator and otherwise)
      (c) Notifying you about changes to our terms or privacy policy
      (d) Dealing with your requests, complaints and queries
      (a) Identity
      (b) Contact
      (c) Usage
      (d) Marketing and Communications
      (e) Profile
      (a) Performance of a contract with you to keep you informed of EdenMountain’s product and service development as requested
      (b) Necessary to comply with any legal obligation (e.g., to reflect and communicate updates to the PDPL)
      (c) Necessary for our legitimate interests (to keep our records updated and manage our relationship with you, including where you are a Seller (whether as an Originator or otherwise) and have terminated the Agreement)
      To enable you to partake in a prize draw or competition, or complete a survey(a) Identity
      (b) Contact
      (c) Account
      (d) Usage
      (e) Marketing and Communications
      (a) Performance of a contract with you to keep you informed of EdenMountain’s product and service development as requested
      (b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)
      To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)(a) Identity
      (b) Contact
      (c) Technical
      (a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
      (b) Necessary to comply with a legal obligation (e.g., maintaining security measures in line with the obligations under the PDPL)
      To deliver relevant Platform content and online advertisements to you and measure or understand the effectiveness of the advertising we serve to you(a) Identity
      (b) Contact
      (c) Account
      (d) Usage
      (e) Marketing and Communications
      (f) Technical
      Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
      To use data analytics to improve our Platform, current or future products and services, customer relationships and experiences and to measure the effectiveness of our communications and marketing(a) Technical
      (b) Usage
      Necessary for our legitimate interests (to define types of customers who are likely to use our proposed products and services, to keep our Platform updated and relevant, to develop our business and to inform our marketing strategy)
      To send you relevant marketing communications and make personalised suggestions and recommendations to you about possible goods or services that may be of interest to you(a) Identity
      (b) Contact
      (c) Technical
      (d) Usage
      (e) Account
      (f) Marketing and Communications
      (a) Necessary for our legitimate interests (to carry out direct marketing, develop our products/services and grow our business)
      (b) Consent, having obtained your prior consent to receiving direct marketing communications
      To carry out market research through your voluntary participation in surveys and other methods of communication.(a) Identity
      (b) Contact
      (c) Account
      (d) Marketing and Communications
      Necessary for our legitimate interests (to study how customers use our products/services and to help us improve and develop our products and services).
      Direct marketing
    3. You will receive marketing communications from us if you have completed and submitted either (a) the registration form confirming that you are interested in receiving information and further updates on our product and service offerings; or (b) a question about our proposed offering using the ‘ask us anything’ form.
    4. We may also analyse your Identity, Contact, Technical, Usage and Account Data to form a view on which products, services and offers may be of interest to you so that we can then send you relevant marketing communications, as well as use this information to develop our products and services to ensure they meet the interests and requirements of you, our users and other interested parties.
      Third-party marketing
    5. To the extent applicable, we will get your express consent before we share your personal data with any third party for their own direct marketing purposes.
      Opting out of marketing
    6. You can ask to stop sending you marketing communications at any time by following the instructions set out in the footer of any marketing communication sent to you or by contacting us support@edenmountain.com.
    7. If you opt out of receiving marketing communications, you will still receive any service-related communications that are essential for administrative or customer service purposes (for example, updates to our Platform Terms or checking that your Account details or contact details are still correct).
      Cookies
    8. Our Platform uses cookies to distinguish you from other users of our Platform. This helps us to provide you with a good experience when you browse our Platform and also allows us to improve our Platform.
    9. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your device’s hard drive.
    10. We may use the following cookies:
      1. Strictly necessary cookies. These are cookies that are required for the operation of our Platform. These essential cookies are always enabled because our Platform won’t work properly without them. They include, for example, cookies that enable you to log into secure areas of our Platform, use a shopping cart or make use of our Services. You can switch off these cookies in your browser settings but you may then not be able to access all or parts of our Platform.
      2. Analytical or performance cookies. These allow us to recognise and count the number of visitors and to see how visitors move around our Platform when they are using it. This helps us to improve the way our Platform works, for example, by ensuring that users are finding what they are looking for easily.
      3. Functionality cookies. These are used to recognise you when you return to our Platform. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
      4. Targeting cookies. These cookies record your visit to our Platform, the pages you have visited and the links you have followed. We will use this information to make our Platform and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose so that they can serve you with relevant advertising on their websites.
    11. You can find more information about the individual cookies we use, the purposes for which we use them and the cookie expiration period in the table below:
      Cookie NamePurpose
      tokenStrictly necessary cookie. Session token used to maintain user session during the period of login.
      _gidThird party analytics cookie (Google Analytics). Distinguishes users for 24 hours.
      _gaThird party analytics cookie (Google Analytics). Distinguishes users on a domain and lasts two (2) years.
      _gatThird party analytics cookie (Google Analytics). Limits the number of user requests and lasts one (1) minute.
      _utmvThird party analytics cookie (Google Analytics). User-defined variable cookies that can last two (2) years.
      _hjSessionUser_{site_id}
      • Third party cookie (Hotjar).
      • Set when a user first lands on a page.
      • Persists the Hotjar User ID which is unique to that site. Hotjar does not track users across different sites.
      • Ensures data from subsequent visits to the same site are attributed to the same user ID.
      • 365 days duration.
      • JSON data type.
      _hjHasCachedUserAttributes
      • Third party cookie (Hotjar).
      • Enables us to know whether the data set in _hjUserAttributes Local Storage item is up to date or not.
      • Session duration.
      • Boolean true/false data type.
      _hjUserAttributesHash
      • Third party cookie (Hotjar).
      • Enables us to know when any User Attribute has changed and needs to be updated.
      • 2 minutes duration, extended every 30 seconds.
      • Content hash data type.
      _hjUserAttributes
      • Third party local storage item (Hotjar).
      • Stores User Attributes sent through the Hotjar Identify API.
      • No explicit expiration.
      • Base64 encoded JSON data type.
      hjViewportId
      • Third party session storage item (Hotjar).
      • Stores user viewport details such as size and dimensions.
      • Session duration.
      • UUID data type.
      hjActiveViewportIds
      • Third party local storage item (Hotjar).
      • Stores user active viewports IDs.
      • Stores an expirationTimestamp that is used to validate active viewports on script initialization.
      • JSON data type.
      _hjSession_{site_id}
      • Third party cookie (Hotjar).
      • Holds current session data.
      • Ensures subsequent requests in the session window are attributed to the same session.
      • 30 minutes duration, extended on user activity.
      • JSON data type.
      _hjCookieTest
      • Third party cookie (Hotjar).
      • Checks to see if the Hotjar Tracking Code can use cookies. If it can, a value of 1 is set.
      • Deleted almost immediately after it is created.
      • Under 100ms duration, cookie expiration time set to session duration.
      • Boolean true/false data type.
      _hjLocalStorageTest
      • Third party cookie (Hotjar).
      • Checks if the Hotjar Tracking Code can use Local Storage.
      • If it can, a value of 1 is set.
      • Data stored in _hjLocalStorageTest has no expiration time, but it is deleted almost immediately after it is created.
      • Under 100ms duration.
      • Boolean true/false data type.
      _hjSessionStorageTest
      • Third party cookie (Hotjar).
      • Checks if the Hotjar Tracking Code can use Session Storage. If it can, a value of 1 is set.
      • Data stored in _hjSessionStorageTest has no expiration time, but it is deleted almost immediately after it is created.
      • Under 100ms duration.
      • Boolean true/false data type.
      _hjTLDTest
      • Third party cookie (Hotjar).
      • We try to store the _hjTLDTest cookie for different URL substring alternatives until it fails.
      • Enables us to try to determine the most generic cookie path to use, instead of page hostname.
      • It means that cookies can be shared across subdomains (where applicable).
      • After this check, the cookie is removed.
      • Session duration.
      • Boolean true/false data type.
      _hjClosedSurveyInvites
      • Third party cookie (Hotjar).
      • Set when a user interacts with a Link Survey invitation modal.
      • Ensures the same invite does not reappear if it has already been shown.
      • 365 days duration.
      • List of Survey IDs, URL encoded.
      _hjDonePolls
      • Third party cookie (Hotjar).
      • Set when a user completes an on-site Survey.
      • Ensures the same Survey does not reappear if it has already been filled in.
      • 365 days duration.
      • List of Survey IDs, URL encoded.
      _hjMinimizedPolls
      • Third party cookie (Hotjar).
      • Set when a user minimizes an on-site Survey.
      • Ensures that the Survey stays minimized when the user navigates through your site.
      • 365 days duration.
      • List of Survey IDs, URL encoded.
      _hjShownFeedbackMessage
      • Third party cookie (Hotjar).
      • Set when a user minimizes or completes a Feedback widget.
      • Ensures the Feedback widget will load as minimized if the user navigates to another page where it is set to show.
      • One day duration.
      • Boolean true/false data type.
      __hs_opt_out
      • Third party necessary cookie (Hubspot).
      • This cookie is used by the opt-in privacy policy to remember not to ask the visitor to accept cookies again.
      • This cookie is set when you give visitors the choice to opt out of cookies.
      • It contains the string "yes" or "no".
      • It expires in six (6) months.
      __hs_do_not_track
      • Third party necessary cookie (Hubspot).
      • This cookie can be set to prevent the tracking code from sending any information to HubSpot.
      • It contains the string "yes".
      • It expires in six (6) months.
      __hs_initial_opt_in
      • Third party necessary cookie (Hubspot).
      • This cookie is used to prevent the banner from always displaying when visitors are browsing in strict mode.
      • It contains the string "yes" or "no".
      • It expires in seven (7) days.
      __hs_cookie_cat_pref
      • Third party necessary cookie (Hubspot).
      • This cookie is used to record the categories a visitor consented to.
      • It contains data on the consented categories.
      • It expires in six (6) months.
      hs_ab_test
      • Third party necessary cookie (Hubspot).
      • This cookie is used to consistently serve visitors the same version of an A/B test page they’ve seen before.
      • It contains the id of the A/B test page and the id of the variation that was chosen for the visitor.
      • It expires at the end of the session.
      __hsmem
      • Third party necessary cookie (Hubspot).
      • This cookie is set when visitors log in to a HubSpot-hosted site.
      • It contains encrypted data that identifies the membership user when they are currently logged in.
      • It expires in seven (7) days.
      hs-membership-csrf
      • Third party necessary cookie (Hubspot).
      • This cookie is used to ensure that content membership logins cannot be forged.
      • It contains a random string of letters and numbers used to verify that a membership login is authentic.
      • It expires at the end of the session.
      hs_langswitcher_choice
      • Third party necessary cookie (Hubspot).
      • This cookie is used to save a visitor’s selected language choice when viewing pages in multiple languages.
      • It is set when a visitor selects a language from the language switcher and is used as a language preference to redirect them to sites in their chosen language in the future if they are available.
      • It contains a colon delimited string with the ISO639 language code choice on the left and the top level private domain it applies to on the right. An example will be "EN-US:hubspot.com".
      • It expires in two (2) years.
      __cfruid
      • Third party necessary cookie (Hubspot).
      • This cookie is set by by HubSpot’s CDN provider because of their rate limiting policies. It expires at the end of the session.
      __cfuvid
      • Third party necessary cookie (Hubspot).
      • This cookie is set by HubSpot’s CDN provider because of their rate limiting policies. It expires at the end of the session.
      __cf_bm
      • Third party necessary cookie (Hubspot).
      • This cookie is set by HubSpot's CDN provider and is a necessary cookie for bot protection. It expires in 30 minutes.
      __hstc
      • Third party analytics cookie (Hubspot).
      • The main cookie for tracking visitors.
      • It contains the domain, hubspotutk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
      • It expires in six (6) months.
      hubspotutk
      • Third party analytics cookie (Hubspot).
      • This cookie keeps track of a visitor's identity. It is passed to HubSpot on form submission and used when deduplicating contacts.
      • It contains an opaque GUID to represent the current visitor.
      • It expires in six (6) months.
      __hssc
      • Third party analytics cookie (Hubspot).
      • This cookie keeps track of sessions.
      • This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.
      • It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.
      • It expires in thirty (30) minutes.
      __hssrc
      • Third party analytics cookie (Hubspot).
      • Whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser.
      • If this cookie does not exist when HubSpot manages cookies, it is considered a new session.
      • It contains the value "1" when present.
      • It expires at the end of the session.
    12. Please note that the following third parties may also use cookies, over which we have no control. These named third parties may include, for example, advertising networks and providers of external services like web traffic analysis services. These third party cookies are likely to be analytical cookies or performance cookies or targeting cookies:
      1. Hubspot (see hyperlink for more details - Cookies set in a visitor's browser by HubSpot);
      2. Hotjar: (see hyperlink for more details - Cookies Set by the Hotjar Tracking Code – Hotjar Documentation); and
      3. Google Analytics (which uses cookies to identify unique users across browsing sessions, helping to remember a visitor’s previous interactions on a website and identify unique users).
    13. To deactivate the use of third party advertising cookies (in the event these are used), you may visit the relevant page on to manage the use of these types of cookies – please see the hyperlinks above for more information on this (to the extent possible and applicable). To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout).
    14. Our Platform will ask for your permission before using cookies. By clicking "Allow All" on the cookies permission pop-up upon visiting our Platform for the first time, you are agreeing to our use of cookies as described in this policy. If you click "Deny" on the cookies permission pop-up upon visiting our Platform for the first time, only strictly necessary cookies shall be used. These strictly necessary cookies are required to allow the Platform to function correctly. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our Platform.
    15. If you have any questions or concerns about our use of cookies, please contact us through the means set out in Section 9.1.
  5. Disclosures of your personal data
    1. We may share your personal data where necessary with the parties set out below for the purposes set out in the table of purposes for which we will use your personal data above:
      1. Third parties that provide, on behalf of EdenMountain, certain services related to the Platform including but not limited to the management of payment services, analytics, identity authentication and verification and marketing activities. Such third parties include; (a) Hubspot, which hosts EdenMountain’s Customer Relationship Management (“CRM”) system in order for us to effectively run CRM campaigns; (b) our third party cookie providers such as Hubspot, Hotjar and Google who provide us with targeting and analytics cookies as set out in the section on use of cookies above; (c) Amazon Web Services, who provide us with cloud computing services; or (d) Comply Cube, who assist with authenticating and verifying your identity.
      2. Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Policy.
      3. Persons, companies, associations or professional firms that provide services and activities of assistance and consultancy to EdenMountain, with particular but not exclusive reference to accounting, administrative, information technology, legal, tax and financial matters.
      4. Companies belonging to the same corporate group as EdenMountain with particular but not exclusive reference to activities of personal data analysis in aggregate and anonymised form, identity management of user accounts on the Platform, in relation to users who have given their consent to these activities.
      5. Other concerned parties (including other users) with whom you transact, your Identity data, and any other information, to ensure that the relevant party clearly recognises and identifies you as the counter party to such transaction.
    2. We require all third parties to respect the security of your personal data and to treat it in accordance with the applicable laws. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. However, we shall not be liable for any unauthorised use of your personal data by a third-parties.
  6. International transfers
    1. We may transfer your personal data to service providers that carry out certain functions on our behalf. This may involve transferring personal data outside the ADGM to countries, territories or jurisdictions which have laws that do not provide the same level of data protection as the PDPL.
    2. Whenever we transfer your personal data out of the ADGM to service providers, we ensure a similar degree of protection is afforded to it by ensuring that the following safeguards are in place:
      1. We will only transfer your personal data to countries that have been deemed by the ADGM to provide an adequate level of protection for personal data; or
      2. We may use specific standard contractual terms approved for use in the ADGM which give the transferred personal data the same protection as it has in the ADGM. To obtain a copy of these contractual safeguards, please contact us through the means set out in Section 9.1.
      Data storage and security
    3. Your personal data will be stored on the servers available to EdenMountain or to the persons in charge of holding EdenMountain’s data located in the United Kingdom and the European Union.
    4. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
    5. The transmission of information via the Internet is not completely secure. We will do our best to protect your personal data while it is in our possession. However, we cannot guarantee the security of your data transmitted online or over the Platform.
  7. Data retention
    How long will you use my personal data for?
    1. We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any requirements under the Agreement (including information in relation to your Account (including your profile) and usage of your Account (including transactional data)) and any legal, regulatory, tax, accounting or reporting requirements. We may also retain your personal data for a longer period; (a) if you are a Seller (as an Originator; and otherwise); (b) either through your consent; (c) in the event of a complaint; or (d) if we reasonably believe there is a prospect of litigation in respect to our relationship with you. If; (a) you are an Originator, you explicitly consent that we may retain and display your personal data on the Platform, as long as your ENOR is valid and circulating on the Platform; and (b) you are a Seller, but not an Originator, you explicitly consent that we may retain and display your personal data on the Platform, to the extent that the ENOR(s) you have sold to a Buyer are owned by the same Buyer.
    2. To determine the appropriate retention period for personal data (other than as a Seller), we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
    3. Where your information is being used for marketing purposes, we will retain this until the earlier of (a) the consent to receive marketing has been withdrawn; or (b) up to one (1) year following the most recent engagement with you (which, for these purposes shall mean some activity that denotes a willingness on your part to continue to receive marketing communications for example, specific opt in, continuing to open and engage with email messages where we are able to track such action, contacting us to enter or continue with discussions relating to possible future dealings).
    4. In some circumstances you can ask us to delete your data – please see Section 8 below on exercising your legal rights for further information.
    5. In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical or archival purposes, in which case we may use this information indefinitely without further notice to you.
  8. Contact details
    1. If you have any questions about this Privacy Policy or about the use of your personal data or you want to exercise your rights under this Privacy Policy, please contact us via email at support@edenmountain.com.
  9. Complaints
    1. You have the right to make a complaint at any time to the Commissioner of Data Protection at the ADGM, who is responsible for the enforcing the application of the PDPL. We would, however, appreciate the chance to deal with your concerns before you approach the ADGM, so please contact us in the first instance.
  10. Changes to the Privacy Policy and to your data
    1. We keep our Privacy Policy under regular review. We will notify you of any changes we may make to this Privacy Policy in the future and you will be required to provide your express consent to such changes before you may continue to use and access the Platform.
    2. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us, for example a new address or email address.
  11. Third-party links
    1. Our Platform may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Platform, we encourage you to read the privacy policy of every website you visit.