Page 1 of 10
Last updated: 07 March 2021
DIFX is a brand name of DIFX Technology L.L.C (“our, us, we, Company, DIFX), registered
under Commercial Licence No. 925753 with Dubai Economy, Government of Dubai, U.A.E. which
provides the Services to you. In order to provide you with the Services, we need to collect and process
various data and information. We want to notify you of our online privacy practices, the methods and types
of personal information that we received, collect, disclose and store, how the personal information is used,
with whom it may be shared, what choices are available to you regarding the collection, use and distribution
of your personal information, what kind of security procedures are in place to protect the loss, misuse or
alteration of information under our control, your rights regarding your personal information and who to
contact with questions or concerns (“Privacy Policyor “Policy).
This Privacy Policy constitutes a part of DIFX’ Terms and Conditions. The terms used in this Privacy Policy
shall have the same meanings as in the Terms and Conditions unless otherwise provided.
This Privacy Policy explains how DIFX as well as its affiliates and all parties that run DIFX (DIFX
Operators), including but not limited to legal persons, unincorporated organizations and teams that
provide Services collect, use, process, disclose, share, transfer, and protect personal information obtained
through DIFX and its partners. So, the terms we, us, and our refer to DIFX and DIFX Operators collectively.
Please carefully read this Privacy Policy, because it applies to the DIFX website or DIFX mobile
application, along with related services, information and communications, materials and any software that
we make available that allows you to access relevant services (collectively Platform) and DIFX software,
communication and mail operations regardless of whether you register or log in to use the Services or not.
When visiting Platforms, you acknowledge, understand, and consent to all provisions described in this
Privacy Policy. We will not use your personal information for any purpose not covered in this Privacy
Policy or the Terms and Conditions (including any other business rules of DIFX) without prior notification
to you and your consent. If you do not agree with any part of this Privacy Policy, please stop using Services
The latest Privacy Policy has incorporated elements from the General Data Protection Regulation
(“GDPR) as we act in accordance with its personal information processing rules within the European
Economic Area (EEA). We utilize standard contract clauses, rely on the European Commissions
adequacy decisions about certain countries,as applicable, and obtain your consent for these data transfers
to third countries if required by applicable laws.
This section specifies the methods by which we collect your personal information viz. (a) information that
you provide to us directly; (b) information we collect about you; and (c) and information we automatically
Page 2 of 10
collect about you; and (d) information we collect about you from third parties. It also discusses the personal
information points we collect about you.
1.1. Information You Provide to Us Directly
a) When Registering to Use Services: When you create a DIFX Account, you provide us with your email
address, name, date of birth, nationality, country code, gender, signature, utility bills, home address,
password, and other information to help us identify you (Identification Information). You can also
choose to add a phone number for SMS or Google Authenticator account for Two-Factor Authentication to
improve account security. If you agree to use biometric authentication methods to log in or use Services,
such as fingerprint recognition and facial recognition, you need to provide us with the corresponding
information, such as the fingerprint information and facial information, and your consent to the processing
of your biometric data.
b) To Comply with Regulatory Requirements: To comply with global industry regulatory standards, local
industry regulatory standards, and government orders in different aspects such as Anti-Money Laundering
(AML), Know-Your-Client (KYC), and Counter-Terrorist Financing (CTF), DIFX is required to collect
personal information in addition to Identification Information, such as identity documents (including
passport, drivers license, national identity card, state ID card, tax ID number, passport number, drivers
license details, national identity card details, visa information, etc.), proof of address, source of fund
declaration, purposes of fund documents, and source of wealth (Regulation Information). We will
explain to you the content and requirements of such personal information each time we collect information.
We reserve the right to change the content and requirements of the collected information as the global
industry regulatory standards, local regulatory standards or government orders change. This provision
applies to both personal and institutional DIFX Accounts.
1.2. Information We Collect as You Use Services
1.2.1. Service Usage Information
Through your access to and use of Services, we may monitor and collect tracking information related to
usage including but not limited to your phone number, access date and time, device type and device
identification, operating system and hardware setting, browser type, and information derived from SIM
card, network operator, IP address, GPS, base station and WLAN (Service Usage Information). All of
this information is necessary for us to provide you with Services. This information may be directly obtained
by DIFX or through third-party service providers whom you have given consent to share this data with
other parties. The collection of Service Usage Information helps our systems to ensure that our interface is
accessible for users across all platforms and can aid during criminal investigations.
1.2.2. Transaction Information
For all personal and institutional user accounts, we may collect transaction information as you use Services,
including but not limited to deposit snapshots, account balances, trade history (such as transaction initiation,
payment method, price, quantity, time, withdrawal and authorization information), order activity, and
distribution history (Transaction Information). We collect such Transaction Information to monitor
suspicious trading activity for user fraud protection, legal case resolution, and any other purposes disclosed
in this Privacy Policy.
Page 3 of 10
1.2.3. Communication Information
You agree that, for the purposes disclosed in this Privacy Policy, we are entitled to collect and use the
information contained in or related to the communication that you send to us or generated through your use
of Services (“Communication Information”). Communication Information may include all messages,
requests or other information you send in the course of your contact with DIFX; all communications and
file attachments in connection with your transactions with other users or other data generated primarily
through your communications with them.
1.2.4. Financial Information
You agree that, for the purposes disclosed in this Privacy Policy, we are entitled to collect and use the
information contained in or related to your financial information when you use Services, including without
limitation, bank account information, payment card primary account number (PAN), transaction history,
trading data, and/or tax identification (“Financial Information”). We collect such financial information to
monitor suspicious financial activity for user fraud protection, legal case resolution, and any other purposes
disclosed in this Privacy Policy.
1.3. Information DIFX Automatically Collects
Most of the personal information that we collect is directly provided by you. In the following situations, we
will collect and process the information about you using automated tools:
a) where you register for, log in or visit DIFX, or use any Service;
b) where you voluntarily complete any user survey or provide feedback to us via email or any other channel;
c) where you use cookies of the browser or software in visiting or using Platforms;
d) other situations where we may automatically collect your information as mentioned in this Privacy Policy
or our Terms and Conditions.
1.4. Information Collected from the Third-party Sources
We may collect your personal information from third-party sources who you have authorised to share such
personal information with other parties, including but not limited to, the following channels:
a) public databases, credit bureaus and ID verification partners;
b) blockchain data;
c) marketing partners and resellers;
d) advertising partners and analytics providers.
1.5. Anonymized and Aggregated Data
Anonymization is a data processing technique that removes or modifies personal information so that it
cannot be associated with a specific individual. Except for this section, none of the other provisions of this
Privacy Policy applies to anonymized or aggregated personal information (i.e. information about our users
that we combine together so that it no longer identifies or references an individual user).
We may use anonymized or aggregate customer data for any business purpose, including to better
understand users’ needs and behaviors, improve our products and services, conduct business intelligence
and marketing, and detect security threats. We may perform our own analytics on anonymized data or
enable analytics provided by third parties.
Page 4 of 10
We use the personal information about you for the following purposes or in the following ways:
2.1. To Provide and Maintain Services
We use your personal information to deliver, maintain and provide better Services (including but not limited
to processing transactions) and verify users’ identities.
We use the IP address and unique identifiers stored in your device’s cookies to help us authenticate your
identity and activities and provide Services. Given our legal obligations and system requirements, we
cannot provide you with all or some of Services without data like Identification Information, Supervision
Information, Service Usage Information, Communication Information, and Transaction Information.
2.2. To Protect Our Users
We use the information collected to protect our platforms, users’ accounts, and archives.
We use IP addresses and cookies to protect against automated abuse such as spam, phishing, and Distributed
Denial of Service or DDoS attacks. We analyze trading activities with the goal of detecting suspicious
behaviors as early as possible to prevent potential fraud and loss of funds to bad actors.
2.3. To Comply with Legal and Regulatory Requirements
With respect to the privacy and security of personal information, we will use the information in compliance
with our legal obligations, government requests, and reasonable user-generated inquiries. In cases where it
is strictly necessary, such as to protect the vital interests of the users or other natural persons, to fulfill the
purpose of public interest, to pursue our reasonable interests (but not to damage the interests of the users),
we may process your personal information without your consent. Except for the situations stated in this
Privacy Policy or the Terms and Conditions, we will not disclose or provide any of your personal
information to third parties without a review from our legal team and/or prior consent from the user.
2.4. For Measurement, Research and Development Purposes
We actively measure and analyze data to understand the way you use and interact with Services. This review
activity is conducted by our operation teams to continually improve our Platforms’ performance and to
resolve issues with the user experience. In addition, we use such information to customize, measure, and
improve Services and the content and layout of our websites and apps, and to develop new services. We
continuously monitor activity information within our systems and our communications with users to look
for and quickly fix problems.
2.5. To Communicate with You
We use your personal information, such as your phone number or email address to interact with you directly
when providing customer support on a ticket or to keep you informed on logins, transactions, account
security and other aspects. Without collecting and processing your personal information for confirming
each communication, we will not be able to respond to your submitted requests, questions, and inquiries.
All direct communications are properly kept at DIFX or the service provider designated by DIFX, to be
reviewed for accuracy, to be kept as evidence, or to be used to perform other statutory or contractual
2.6. To Enforce Our Terms and Conditions and Other Agreements
Page 5 of 10
Your personal information is also used to continually and actively enforce our Terms and Conditions and
other agreements with our users, including but not limited to reviewing, investigating, and preventing any
potentially prohibited or illegal activities that may violate the foregoing provisions, or disclose the relevant
information to a third party in accordance therewith.
DIFX reserves the right to suspend or terminate provision of any Services to any user found to be engaged
in activities that violate our Terms and Conditions and other agreements with our users.
2.7. To Facilitate Corporate Acquisitions, Mergers, or Transactions
We may process any information regarding your DIFX Account and use of Services as is necessary in the
context of corporate acquisitions, mergers, or other corporate transactions.
2.8. For Marketing and Advertising
We may share your personal information with our marketing partners for the purposes of targeting,
modeling, and/or analytics as well as marketing and advertising.
2.9. For Rebates
We may share the information collected, including but not limited to your Identification Information and
Transaction Information, with your referrer for the purposes of rebates and other benefits.
2.10. For Any Other Purpose
We may disclose your personal information for any other purpose you consent to.
If we think you may like specific Services or products and services of our partners, we hope to keep you
informed about such products or services.
If you agree to receive the above marketing information, you can choose to receive it at any time in the
You have the right to ask us at any time to stop contacting you for marketing purposes or to send relevant
information to you. If you do not want to be contacted for marketing purposes in the future, please click on
the unsubscribe link in the bottom of the marketing email and submit your request to unsubscribe.
DIFX has kept your personal information safe using secured storage with industry standard encryption and
implemented a number of security measures to ensure that your information is not lost, abused, or altered.
These measures include but are not limited to:
4.1. Physical Measures: Materials containing your personal information will be stored in a physically secured
locked facility.
4.2. Electronic Measures: Electronic records containing your personal information will be stored in the
computer systems and storage media that are subject to strict log-in restrictions.
Page 6 of 10
4.3. Management Measures: Only authorized employees are permitted to come into contact with your personal
information and such employees must comply with our internal confidentiality rules for personal
information. We have also imposed strict physical access controls to buildings and files.
4.4. Technical Measures: Encryption technology such as PCI Scanning and Secured Sockets Layered
Encryption may be used to transmit and store your personal information. We use various currently available
general security technologies and supporting management systems to minimize the risks that your
information may be disclosed, damaged, misused, accessed without authorization, disclosed without
authorization, or altered.
4.5. Other Measures: Our web server is protected by the “firewall”.
It is impossible to guarantee 100% security of information. As such, we request that you understand the
responsibility to independently take safety precautions to protect your own personal information. You agree
that we shall not be liable for any information leakage and other losses not caused by our intention or gross
negligence, including but not limited to hacker attack, power interruption, or unavoidable technical failure,
to the maximum extent permitted by law.
If you suspect that your personal information has been compromised, especially account and/or password
information, please lock your DIFX Account and immediately contact DIFX customer support team at
We have the right to have all or some of the collected personal information transferred to or stored in other
countries or regions than your country of nationality, your country of residence, or the country where the
server is, without your specific consent, under the following circumstances:
5.1. if it is necessary to protect, process, analyze, reasonably use the personal information;
5.2. if it is necessary to enforce the Terms and Conditions and other agreements with our users;
5.3. if it is necessary for the public interest;
5.4. if it is necessary to establish, exercise or defend the rights of us, our partners, or other users;
5.5. other circumstances required by law or government orders.
If you are based in the UK, the EU or the EEA, any storage, processing and transfer of your data outside
these territories will adhere to the relevant legal requirements, particularly the GDPR, as and however
applicable and/or required.
By setting up a DIFX Account, you agree to our processing, storage, usage, and sharing of your personal
information pursuant to this Privacy Policy. If you do not agree with any of the terms of this Privacy Policy
or the Terms and Conditions or wish to revoke any consent you have provided to us, please write to us
at [email protected]. However, please note that if you revoke any mandatory permissions or revoke the
consent to process and store information such as your DIFX Account data, Financial and KYC Information
and/or any other information we may need to provide you the Services, then we may have to cease the
provision of Services to you.
Page 7 of 10
We may process your personal information without your knowledge or consent; and only where this is
required or permitted by law. In general, the personal information submitted to us, is used either to respond
to requests you make or to aid our service to you. DIFX may be compelled to surrender your personal
information to legal authorities without your express consent, if presented with a court order or similar legal
or administrative order, or as required or permitted by the laws, rules and regulations of any nation, state or
other applicable jurisdiction.
We hope to ensure that you are fully aware of the data protection rights that you enjoy. Unless otherwise
required by law or government orders, each user has the following rights:
8.1. Right of Access
You have the right to access or obtain copies of your personal information. We may charge a reasonable
fee for providing the access service.
8.2. Right to Rectification
You have the right to correct any personal information that you deem inaccurate. You also have the right
to ask us to complete the personal information that you deem incomplete within a reasonable limit.
8.3. Right to Erasure (Right to be Forgotten)
You have the right to request the erasure of your personal information under certain circumstances.
8.4. Right to Restriction of Processing
You have the right to request us to restrict the processing of your personal information; however, you
understand that such restriction of the processing may prevent us from providing you with some of Services.
8.5. Right to Object
You have the right to object to the processing of your personal information; however, you understand that
such objection of the processing may prevent us from providing you with some of Services.
8.6. Right to Data Portability
You have the right to request us to transmit the personal information that we collect to another body, or
directly to you. We may charge a reasonable fee for providing the transmission service.
8.7. Right to Lodge a Complaint with the Supervisory Authority
You have the right to lodge a complaint with the supervisory authority of the member state in which you
are habitually resident, or with the supervisory authority of the member state in which you work or in which
your rights under the GDPR have been infringed if you believe such infringement has taken place.
Page 8 of 10
If you are based in the UK, EU or the EEA region, then you have the right to make a complaint at any time
to a supervisory or regulatory authority, in particular within the UK, or a member state in the EU or EEA
where you are habitually resident, where we may be based (if applicable), or where an alleged infringement
of any data protection law has taken place. However, we would appreciate the opportunity to address your
concerns before you approach any such authority. Please contact us in the first instance so that we may try
to resolve your complaint swiftly and satisfactorily. Please contact us via email on: [email protected].
If you wish to close your DIFX Account, please contact us at We will retain and use your
information as necessary to comply with our legal obligations, resolve disputes, and enforce our Terms and
11.1. Privacy Policies of Non-DIFX Websites
If you visit other third-party platforms or partner’s websites, apps via the links on DIFX, you should agree
with and abide by their separate and independent privacy policies. We are not responsible for the content
or the activities therein.
11.2. Privacy Policies of DIFX
This Privacy Policy applies to all platforms, websites, and departments of DIFX and DIFX ecosystem. If
you visit any link to any sub-platforms of DIFX, you should agree with and abide by the separate and
independent privacy policies of such sub-platforms. If the privacy policy of any sub-platform conflicts with
this Privacy Policy, the privacy policy of such sub-platform shall prevail.
Services are not directed to children. In any case we do not knowingly solicit or collect personal information
from persons under the age of 18 (eighteen) years. If we find out that a child has given us personal
information, we will take steps to delete that information and terminate the relevant DIFX Account.
We shall retain the personal information you provide to facilitate your smooth and uninterrupted use of the
Platform, and (i) to provide, improve and personalize Services; (ii) to contact you about your DIFX Account
and give customer service; (iii) to personalize our advertising and marketing communications, if you opt in
to receive these communications; and (iv) to prevent, detect, mitigate, and investigate fraudulent or illegal
activities. We will not retain your personal information for longer than required for the purpose for which
the personal information was initially collected. We will take separate consent in case the data you provided
for one purpose must be used for another purpose by us. For any other personal information, we may
entertain your request for deletion, however, you may not be able to use Services at all after such deletion.
14.1. What are cookies?
Page 9 of 10
a) Cookies are small text files that a Site downloads onto your devices (such as mobile phones and tablets)
when you visit a Site. The cookie will help the website recognise your device the next time you visit and
will help us distinguish you from our other users.
b) Cookies can be used for a variety of purposes such as remembering your preferences, measuring your
activity and optimising your user experience.
c) Most cookies will not collect information that identifies you. Instead, they will collect more general
information such as your general location or how you arrive at and use our Sites.
14.2. Our cookies perform different functions
a) Enabling our Sites to function properlySome cookies are essential for the operation of our websites. For
example, we use cookies to ensure that you are shown the correct webpages for your location, or to identify
when we have broken links or other technical issues with the website.
b) Analysing visitor behaviour We use cookies to analyse how our visitors use our Sites and to monitor
website performance. This allows us to provide a high-quality experience by making sure that our content
and layout remains relevant to you. For example, we use cookies to keep track of which pages and links are
most popular and which are not providing the information that is required by our visitors.
c) Optimising and personalising Cookies are also used to optimise the webpages that you visit, and to
personalise the content that we show you across all our digital assets, based on what we understand about
your requirements.
14.3. Types of cookies we use
a) Essential Cookies Essential cookies are used to make the Sites work and to remember essential
information, such as information about the Services you use. We use essential cookies where necessary.
The legal basis for setting these cookies is our legitimate interest that the Services can be used securely and
easily and that the quality of the Services and content is constantly improved. No consent is required for
the use of essential cookies. They cannot be deactivated.
b) Session Cookies Session cookies are temporary cookies that only exist for the period you access the Sites
until you close the browser after accessing the Sites. Session cookies are automatically deleted from your
devices when you close your browser. Session cookies can help us remember your movements from page
to page, therefore avoiding having to re-enter information. The session cookies used by us do not record or
store any personal information about you. You can deactivate these cookies. The legal basis for using these
cookies is your consent.
c) Persistent CookiesPersistent cookies remain on your devices after you have visited the Sites and are not
deleted when the browser is closed. Persistent cookies can retain your preferences and allow those
preferences to be used in future visits to the Sites. Persistent cookies are not usable for tracking, they are
set only to retain your preferences for your next visit. You can deactivate these cookies. The legal basis for
using these cookies is your consent.
d) Tracking Cookies Tracking cookies can be used to analyse your usage of a Site. These cookies may not
identify you personally and are simply used to understand how you use the Sites and to make improvements
to the Sites. Some tracking cookies are placed by “third parties”. These cookies are commonly used to
evaluate the effectiveness of a company’s advertising. We may use tracking cookies when necessary. We
use these cookies for collecting statistical information on your use of our Services and to display advertising
or offers which are tailored to your interests. The legal basis for the use of these cookies is your consent.
Page 10 of 10
14.4. How can you block cookies?
You can control whether to accept cookies or not. If you decide to not accept cookies, some features of the
Services on our Sites may not function properly. If you would prefer not to accept cookies you can either:
a) Change your browser settings to notify you when you receive a cookie, which lets you choose whether or
not to accept it; or
b) Set your browser to automatically not accept any cookies.
If you wish to restrict or block web browser cookies which are set on your devices then you can do this
through the Help function within your browser settings. Alternatively, you could visit, which contains comprehensive information on how to do this on a wide variety of
desktop browsers.
From time to time, DIFX may revise this Privacy Policy to reflect changes in Law or our personal-data
collection, processing, and use practices. You shall regularly review the Privacy Policy and pay attention
to its revisions. If you do not agree with the revised content, you shall stop accessing DIFX immediately.
When an updated version of the Privacy Policy is released, your continued access to DIFX means that you
agree to the updated content and agree to abide by the updated Privacy Policy.
We are committed to respecting the freedoms and rights of all our DIFX users. Should have any questions
or concerns regarding this Privacy Policy, or if you would like to file a data protection request, please refer
contact our Data Protection Officer Osama Bari at [email protected]. You can contact our Data Protection
Officer confidentially to enquire about the treatment of your data by us.