Privacy Policy

Date : 17/4/2019


SFM Corporate Services (“SFM”, “we”, “us”, or “our”) is committed to protecting your privacy. The following policy (the “Privacy Policy”) describe our practices respecting the collection, storage, use and processing of personal information that you share with us, including through www.sfm.com (the “Website”).


In this Privacy Policy, personal data refers to information that relates to an identified or identifiable natural person who is the user of our Website or a client of any of the services we offer. This Privacy Policy provides a detailed description of how and why we process your personal data, the legal basis and purpose for processing your personal data, and your rights and choices with regard to your personal data.

We will treat your personal data in accordance with the requirements of applicable data privacy laws. Nothing in this Privacy Policy shall give any individual any right or rights which that individual does not otherwise have either under the General Data Protection Regulation (“GDPR”) on the protection of natural persons with regard to the processing of personal data on the free movement of such data which regulation has become effective from the 25th of May 2018 and which repealed Directive 95/46/EC, and/or any other applicable data privacy laws.

What kind of personal data is collected?

Personal data is any information that identifies you as an individual or that relates to an identifiable individual. SFM may collect personal data from or about you in various ways, for example when you:

  • visit the Website;
  • communicate with us by e-mail or through the Website’s contact form;
  • submit an order form through the Website;
  • provide documents to us;
  • from other sources such as social media platforms, publicly accessible data, and other third parties, such as those that collect analytical data.

When we collect personal data from third parties, we will inform you of the source of that personal data, as well as the categories of personal data that we collect and process. This information will not be provided to you if we are prohibited from disclosing it under any applicable data privacy law.

It is important to understand what personal data is collected by SFM. For example, we receive Your contact details such as your name, surname and e-mail address when you contact us through the Contact Form found on our Website in order to respond to your message.

SFM also collects personal data when you submit an Order Form on our Website. We collect your contact details, such as your name, surname, e-mail address, mailing address and phone number; your billing information, such as your credit card data and billing address; and information about your business, such as your company name, registered address and the business type. We may also collect the personal data of third parties when you list the names of the shareholders of your company on the Order Form. This information is collected in order to process your order for certain products or services that we offer.

We will collect supporting documents such as copies of identity documents, proof of domicile, or client data forms you may fill in and return to us, from which we will extract identification information such as your date of birth, your ID document number, your citizenship or your current domicile address.

We also collect information automatically through the Website itself including your Internet protocol (“IP”) address, and the time of your order when you submit an Order Form through our Website and technical information relating to your browsing session. This process is explained in greater detail below in the section on the use of cookies.

When you provide us with personal data relating to another person, you represent that you have the authority from that person to provide us with his/her personal data.

We take special care to protect the safety of children in accordance to the Children’s Online Privacy Protection Act of 1998. We do not permit children under the age of thirteen to register or purchase any products or services from our Website. We also do not collect or solicit personal data about children under the age of thirteen. To the extent SFM identifies any information provided by a person under thirteen years of age, such information provided will then be deleted immediately upon receipt or as soon thereafter as reasonably practicable.

However, there may be exceptions under which we may have an obligation to collect and process personal data about a child under the age of thirteen for a legal reason. This may be the case, for instance, if you request us to set up a trust or a similar arrangement establishing a child under the age of thirteen as one of the beneficiaries.

Through our Website, you can subscribe to our newsletter by providing us with your name and e-mail address so that we can send you non-transactional, promotional e-mails from time to time. If you have displayed interest in SFM’s services and submitted your name and e-mail address to us in the past, you may also receive non-transactional, promotional e-mails. You can unsubscribe from this service whenever you want by clicking the “unsubscribe” button found in these e-mails.

Why do we collect personal data?

It is important to understand that we collect personal data in order to provide you with the products and services that you have requested. We also collect personal data that you choose to provide us when you request those products and services.

In addition, we collect and retain personal data for a certain period of time when we are legally obligated to do so under the applicable law, as well as when it is in our legitimate interests to do so.

What is the purpose and lawful basis for our processing of personal data?

The purposes for which we collect your personal data are varied and include the following:

  • to fulfil your order;
  • send you an order confirmation;
  • assess your business needs to determine suitable products;
  • send you the requested product or information;
  • reply to customer service requests;
  • keep an open communication with you;
  • optimize the Website and application troubleshooting;
  • Invoice and charge you for applicable service fees, including debiting your credit card in accordance with the applicable Terms and Conditions;
  • conduct due diligence on you and your company; and
  • reply to your queries and concerns.

Thus, your personal data is processed to fulfil an obligation or perform a contract we have with you or in order to take steps at your request prior to entering into a contract with you, or as necessary for the purposes of our legitimate interests of providing products and services to users of the Website and operating, protecting and improving our business.

We also collect your contact details for the purpose of opening a record in our system, and this data is processed on the basis of our legitimate interest in having accurate data on you, as well as a contractual or technical necessity. Contact details as well as communication data is also processed on our legitimate interests of managing our business relationship with you. Contact details and due diligence data (including any document you may supply permitting us to i) identify you, ii) establish your domicile address, iii) establish your source of funds, wealth, or economical background, and iv) ascertain a fact in order to identify you or comply with AML provisions in general) are also processed to comply with our legal obligations under applicable anti-money laundering laws.

IP addresses are collected and processed based on our legitimate interest of monitoring the usage and traffic on our Website.

If any of your personal data shall be processed for a new purpose other than those mentioned above, we will immediately inform you.

We will not use the information you provide to us for any commercial purpose other than the one you have requested.

It is also important to highlight that if certain data is not provided to us, we will be unable to provide you with the service you require.

What happens when processing is based on consent?

In some circumstances, SFM may request your consent to process certain personal data. We will never assume that we have your consent. In this respect, we will obtain your consent in a clear and affirmative manner. You will have the right to withdraw your consent any time, and the withdrawal will occur in the same manner the consent has been given.

If you decide to withdraw your consent, we can continue to process your data at that time if we determine there is another legal basis to process your data apart from consent. Should we identify another legal basis, you will be informed without undue delay of that ground and of the fact that your data will not be processed based solely on your consent.

Electronic Communications

We may intercept mail and e-mails addressed to individuals at SFM. We do this to protect our employees. Specifically, we may intercept mail in order to detect and prevent crime, identify the correct recipients or make sure mail is dealt with while staff is away from the office or after the resignation of a staff member. In the case of e-mails, we may reject, delay or remove content from e-mails that could disrupt our systems or pose a security threat, such as with viruses. We may also filter out e-mails which contain certain content on the basis that the content is offensive or the e-mail is unwanted or considered spam. In certain circumstances this may unfortunately result in “innocent” e-mails being affected but we do try to reduce such occurrences.

Most e-mail messages sent from SFM have been automatically scanned for viruses and as such should be free from any virus, malicious code, script or other executable attachment. However, the accuracy of scanning products is not guaranteed. The recipient(s) should therefore carry out any checks that they deem to be appropriate in this respect. We cannot be held responsible for loss of or damage to data or other damages, resulting from such actions that are out of our control. All e-mail messages from us are sent in good faith. We cannot be held responsible for any modification that happens by any virus or third party after they have been sent. All messages are intended for the recipient only. If You are not the intended recipient specifically identified as the addressee on the e-mail, you should delete the message and all its attachments. You are prohibited from using, reading, disclosing to any person or otherwise acting on the information contained in it and/or its contents in any way and should also notify us as soon as possible of this fact.

It is also important to understand that data sent through electronic means such as the Internet could be transmitted across international borders even where the sender and receiver are located in the same country. SFM will not accept any responsibility or liability for the security of your data while it is in transit over the Internet. The transfer of data from you to us may take place through other mediums, such as Dropbox or Skype, which also rely on the Internet.

Disclosure of Personal Data

We do not share your personal data with any third party unless you give us your consent to do so, or in the instances indicated below.

Without prejudice to anything contained in this Privacy Policy, we reserve the right to disclose your personal data to any third party, inside and outside of the European Union (“EU”) or the European Economic Area (“EEA”) if such disclosures are allowed by the GDPR or else if it is necessary for one of the following purposes:

  • to prevent, detect or suppress fraud;
  • to protect and defend our rights and property or that of the users of our Website;
  • to protect against abuse, misuse or unauthorised use of our Website;
  • to protect the personal safety or property of users of our Website (e.g., if you provide false or deceptive information about yourself or attempt to pose as someone else, we will disclose any information we may have about you in our possession so as to assist any type of investigation into your actions);
  • for the performance of any agreement you have entered into with us or as may be allowed or required by any applicable law;
  • for the management, maintenance, and upkeep of our Website or marketing initiatives, such as the management of e-mail marketing as well as communications via e-mail;
  • to comply with any legal obligation, such as a subpoena or similar legal process;
  • as approved or authorised by any other law; and
  • if in the future SFM is involved in a merger, acquisition, restructuring, or sale of all or a portion of its assets. (In this case, you will be notified via e-mail and/or a prominent notice shall be displayed on our Website to remark any changes in ownership or uses of your personal data, as well as any choices you may have regarding your personal data.)

Also, as a default rule, we only process personal data within the EU/EEA or any other non-EEA country which is considered by the European Commission to provide an adequate level of protection for your data. If for any reason whatsoever, data is transferred to countries that the European Commission believes do not provide an adequate level of protection, we put in place additional adequate measures apart from the safeguards required in accordance with the GDPR.

Sharing of Personal Data

Personal data will be shared with authorised personnel of SFM and with any of our service providers who support our Website and assist us with our business activities, such as the processing of your order or payment, the registration of your business, or any other customer service function. Personal data is only shared in order to provide you with the requested service or because we have a lawful basis to share the data which does not require your consent.

All disclosures shall occur in accordance with the relevant data privacy law. Where applicable, relationships with our processors will be contractual whereby both parties agree to abide by the obligations found in the GDPR, such as the obligation of confidentiality on all the personnel of the processor.

Currently, we share your personal data with our IT service providers that maintain and support our IT system and Website. Nevertheless, it is important to understand that such sharing of data shall be restricted and under our control. We may also share your data with public authorities where there is a legal obligation to do so.

Security of Personal Data

We use reasonable efforts to safeguard the confidentiality of all personal data that we process and regularly review and enhance our technical, physical and managerial procedures to ensure that your data is protected from unauthorised access, improper use or disclosure, unauthorised modification, and unlawful destruction or accidental loss.

In this respect, we have implemented security policies, rules, and technical measures to protect the personal data under our control. All our employees and data processors, who have access to and are associated with the processing of personal data, are further obliged to respect the confidentiality of your personal data. Nevertheless, we cannot guarantee the security of any information you transmit over the Internet because that medium is not 100% secure. We shall accept no responsibility or liability whatsoever for the security of your data while in transit over the Internet.

Authorised third parties and our service providers are required by the GDPR to apply appropriate technical and organisational security measures in order to protect the data they shall have access to.

When you enter sensitive information (such as credit card, bank account or proprietary business information) on our order forms, we encrypt the transmission of that information using secure socket layer technology (SSL) as a security measure.

Retention Period

Your personal data will only be retained for as long as it is necessary. In order to determine the appropriate retention period, we will look at the personal data we have collected as well as the relationship we have with you.

We also look to see whether there is any law that obligates us to retain personal data for a certain period of time. In this case, we keep the data for as long as that specific law requires us to do so.

We also consider whether there is any law that could be invoked by you against us after our professional relationship with you ends. In this case, we look at the prescriptive period during which you could bring an action against us and keep that data for the period of time we deem necessary to defend ourselves against any claims or actions by you or any other third party.

When your data is no longer needed, we shall proceed to delete or anonymise it so that the data cannot be linked with an identifiable person.

Links to Third-Party Websites

At times, our Website may contain links that direct you to local or international third-party websites. This can only be done if we have the third party’s consent. We do not endorse any information or services that are portrayed on third-party websites. Consequently, we are not responsible for the content, use, services and/or privacy policies of third-party websites. Once you enter such websites, you become subject to the privacy policy of that website.


Our Website uses a technology called “cookies.” A cookie is a temporary storage file, which may be created by your computer and stored on your system. Cookies enable us to collect information about how our Website and services are being used and to manage them more efficiently. These cookies are created for each session when you visit our Website.

The information gathered through cookies may include:

  • the date and time when you access our Website;
  • the Website pages that you view and any download that you may make through such pages;
  • whether or not such viewing or download is successful;
  • the Internet address of the website or the domain name of the computer from which you access our Website;
  • the operating system of the machine running your web browser, and the type and version of your web browser.

You may reject all or certain cookies that are used by our Website and you may also modify your web browser preferences to do so. Nevertheless, if you reject all cookies, you may be unable to use some of the services available on our Website. You may set your browser to be notified when you receive a cookie so that you have the option to choose whether to accept the cookie or not. If you do so, this may materially distort the quality of service and data you receive from our Website. Thus, you would be doing so at your own risk. You may obtain additional general information about cookies by visiting www.allaboutcookies.org.

If the product you are using has digital certificates/certificate signatures, your name and related details may be displayed as part of any certificate issued to you. It will be seen by those to whom your certificate or signature is presented or who rely on it. Your details may also need to be entered into a related status directory of certificates issued.

Our Website includes social media features, such as the Facebook and Twitter buttons and widgets like the Share This button or interactive mini-programs that run on our Website. These features may collect Your IP address, which page you are visiting on our Website and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our Website. Your interactions with these features are governed by the privacy policy of the company providing such service.

Apart from cookies, our Website uses other technologies such as beacons, tags and scripts. These technologies are used by SFM, its affiliates, and our marketing, analytics, and service providers (such as our website-based chat service provider) to analyse trends, administer the Website, track users’ movements around the Website and also to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies on an individual as well as aggregate basis.

Third Party Cookies

Some features on the Website also use third-party cookies that are not under SFM’s control but are connected to, among others, Google, IBM Silverpop, Chatcomm100, Bing, Visual Web Optimizer, and Cloudflare. You must specifically reject third-party cookies through your browser’s cookies settings if you do not want to receive third-party cookies. If you reject third-party cookies, your ability to use the related features may also be limited.

Analytics / Log Files

Log Files - As is true of most websites, SFM and its technical partners gather certain information automatically and store it in log files. This information may include IP addresses, browser type, Internet service provider (“ISP”), referring/exit pages, operating system, date/time stamp, and/or clickstream data.

We may combine this automatically collected log information with other information we collect to improve the services we offer you, as well as to improve marketing, analytics, or the Website’s functionality.

Behavioral Targeting / Re-Targeting

We partner with a third party to either display advertising on our Website or to manage our advertising on other websites. Our third-party partner may use technologies such as cookies to gather information about your activities on this Website and other websites in order to provide you advertising based upon your browsing activities and interests. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking here.

Please note this does not opt you out of being served ads. You will continue to receive generic ads.


We may display personal testimonials of satisfied customers on our Website in addition to other endorsements. These testimonials are pulled from a third-party service provider, which may ask for your personal information, including your name and e-mail address, though we do not post the personally identifiable information to our Website.

Data Subjects Rights

The following rights are generally available to European residents according to applicable data privacy laws:

  • Right of Access

    At any time, you have the right to request whether we are processing any personal data concerning you. You can request us to provide you with what data we have on you, why we process it, with whom we share the data, the retention period for the data, where we got the data, what your rights are in the data, how can you file a complaint, whether we transfer your data abroad and if we carry out automated decision-making. We shall accede to your request within a months’ time, which can be extended to two months if it is impossible for us to accede to your request in one month.

  • Right of Restriction

    You can ask us to restrict the processing of your personal data when the processing is unlawful, when we no longer need your data for the purposes it was collected, and when the accuracy of the data is questioned. Once we are in receipt of your request, we can only process your data if we have your consent, for the exercise or defence of legal claims, for the protection of the rights of another individual, or for any reason in relation to the public interest.

  • Right of Rectification

    You have the right to request us to rectify/amend any inaccurate data that we may have concerning you.

  • Right of Erasure

    You also have the right to request us to delete your data. We shall only accede to this request if the data is no longer necessary for the purposes for which it has been collected, consent has been withdrawn, or the data has been unlawfully processed. We shall not accede to your request if we have a legal obligation to retain the data or else for the exercise of any legal claims.

  • Right to Data Portability

    You can ask us to provide you a copy of your data in a commonly used, machine-readable format and to have your data transferred to another data controller. This right may only be available where the processing of your data is based on consent, the performance of a contract, or is carried out by automated means.

  • Right to Object

    You shall have the right to object to the processing of your personal data when we are performing a task in the public interest or pursuing our legitimate interests or those of a third party. When we receive an objection from you, the processing of data shall cease unless we can provide you with legal grounds that allow us to continue processing your data. When we process your data on the basis of a contract, legal obligation, or to protect your interests, the right to object cannot be invoked.

  • Right to File a Complaint

    You can file a complaint with the supervising data protection authority. We suggest that you contact us before the complaint is filed.

You may make a request to us invoking any of the above rights, to which we will respond within one month. However, before we can process your request, we must verify your identity. We must refuse any request if we have a legal obligation that requires us to do so, such as when you request that we delete data that we are legally obliged to retain for a certain period. When requests are considered to be manifestly unfounded or excessive, in particular because of their repetitive character, we may either charge a reasonable fee taking into account the administrative costs of providing the information or taking the action requested, or else refuse to act on the request. Your requests should be directed to info@sfm.com.

Under California law, if you are a resident of California, you are entitled once per year to request and obtain certain information regarding SFM’s disclosure, if any, of your personal data to third parties for their direct marketing purposes during the immediately prior calendar year. To make such a request, please send an e-mail to gdpr@sfm.com with your full name, e-mail address, and postal address in your message. In response to your request, we will provide you with a notice describing the cost-free means to opt-out of our sharing your personal data with third parties with whom SFM does not share the same brand name, if the third party will use it for their direct marketing purposes.


This Privacy Policy has been updated as of the date provided at the beginning of the policy. At our discretion, we may update this Privacy Policy from time to time. If you are a user of our Website, it is your responsibility to read our Privacy Policy every time you use our Website. If you are a client with whom we have a business or professional relationship, we will advise you of any amendments to our Privacy Policy.

Contact Us

SFM Corporate Services Ltd, Dubai branch
Office 604 & 605, OPAL Tower,
Burj Khalifa street, Business Bay,
Dubai, UAE

Telephone: +9714 246 9700

For general information:

For data protection matters:

SFM Login & Registration