FNTC SECURING DIGITAL VALUE
ES | EN
Schedule Consultation

Data Protection

Version 1.0 | Last updated: December 2024

1. Commitment to Data Protection

At First Numismatic Tech Consultants FZCO (hereinafter, the "Company"), we take information security and privacy very seriously. Given our expertise as cybersecurity and advanced technology consultants, we apply the principle of "Privacy by Design" across all of our internal workflows and digital portals.

We are formally committed to complying with the strictest international data privacy regulations, adapting our controls to the EU General Data Protection Regulation (GDPR) standards, as well as the data protection laws applicable in the United Arab Emirates (UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection).

2. DPO (Data Protection Officer) Information

To oversee the proper application of security controls and handle privacy requests from data subjects, the Company has a designated Data Protection Officer:

3. Security Incident Response Protocol (Art. 13 UAE PDPL)

In accordance with Article 13 of the UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection, the Company has established a structured Security Incident Response Plan consisting of five (5) operational phases:

  1. Phase 1: Detection & Identification: As soon as a security breach is suspected or identified, our security team (security@firstnumismatic.tech) registers the incident, gathers initial evidence, and identifies the scope of compromised systems.
  2. Phase 2: Containment & Mitigation: Immediate technical actions are deployed to contain the breach (e.g., isolating compromised servers, revoking credentials, updating firewall configurations) to stop further unauthorized processing or leak of personal data.
  3. Phase 3: Impact & Risk Evaluation: The Data Protection Officer (DPO) and legal department evaluate the severity of the incident, assessing the categories of data and volume of users affected, as well as checking if encryption or other safeguards were active.
  4. Phase 4: Regulatory & User Notification:
    • To Authorities: If the breach compromises the privacy of data subjects, the UAE Data Office will be notified immediately upon technical verification of the incident.
    • To Data Subjects: If the breach poses a high risk to users' rights and security, direct notification will be sent via email without undue delay, outlining recommended steps for mitigation.
  5. Phase 5: Recovery & Forensic Review: Services are restored from clean backups, security patches are applied, and a post-mortem audit is conducted to strengthen defense controls and prevent future occurrences.

4. Rights of Data Subjects

We guarantee easy and free exercise of fundamental data protection rights (ARCO-POL rights):

  • Access to know what data we collect.
  • Rectification of inaccurate data.
  • Erasure or deletion of data.
  • Objection to data processing.
  • Data restriction and portability.

To exercise any of these rights, you can send an email stating your request to privacy@firstnumismatic.tech.

5. Whistleblowing Channel (Ethics & Compliance Line)

As part of our corporate governance policies, we provide clients, suppliers, and collaborators with a confidential whistleblowing channel to report ethical breaches, legal non-compliance, or incidents related to data protection and information security:

  • Whistleblowing Contact: privacy@firstnumismatic.tech indicating "Ethics Line - Compliance" in the subject.
  • Non-Retaliation Guarantee: All received reports are analyzed confidentially by the DPO office and the Company's legal department, ensuring a complete absence of retaliation against good-faith whistleblowers.