Rules & Regulations

Data Protection


Dubai Mercantile Exchange Limited Group (DME) is committed to protecting your privacy. This privacy notice describes how we collect and use your personal data. In collecting this information, we are acting as a data controller and, by law, we are required to provide you with information about us, about why and how we use your data, and about the rights you have over your data.

This Privacy Policy was last updated on May 25, 2018.


Who are we

DME is the premier energy-focused commodities exchange in the East of Suez and home to the world's third crude benchmark (the Exchange).

DME was launched in June 2007 with the goal of bringing fair and transparent price discovery and efficient risk management to the East of Suez. The DME lists the Oman Crude Oil Futures Contract (DME Oman) as its flagship contract, providing the most fair and transparent crude oil benchmark for the region. 

DME is a joint venture between Dubai Holding, Oman Investment Fund and CME Group. In addition to its core shareholders, global financial institutions and energy trading firms such as Goldman Sachs, J.P. Morgan, Morgan Stanley, Shell, Vitol and Concord Energy have taken equity stakes in DME, providing the Exchange with a resounding vote of confidence by major players in global energy markets.

DME headquarters are located within the Dubai International Financial Centre (DIFC), a financial free zone designed to promote financial services within the UAE. DME is regulated by the Dubai Financial Services Authority and all trades executed on DME are cleared through and guaranteed by CME Clearing. CME is regulated by the U.S. Commodity Futures Trading Commission (CFTC) and is a Recognised Body by the DFSA.

If you have any questions about DME's use of your personal data, please contact DME’s Data Protection Officer (DPO) using one of the following contacts: 


         Gate Village 10, 4th floor

          Dubai International Financial Centre

          Dubai, United Arab Emirates

          Telephone: +971 4 365 5501


The data we collect

As part of our daily activities, we will collect the following personal data:

  • Contact information: your name, position, role, company or organisation, telephone (including mobile phone number where provided) as well as email and postal address;
  • Personal information: your nationality and passport number in relationship to membership applications and KYC matters;
  • Business information: data identifying you in relation to matters in which you are involved;
  • Attendance records: to record your attendance at our offices for security purposes;
  • Subscriptions/preferences: when you subscribe to receive communications regarding DME updates and notices as well as consent preferences to help us identify which materials you are interested in receiving;
  • Supplier data: contact details and other information about you or your company or organisation where you provide services to DME;
  • Technical information: when you access our website being IP address;


DME may also collect information that you choose to provide in communications with us.  

The above data will be provided to us by you, your employer, the company or organisation who is our client or screening providers who assist us with our legal obligations to conduct under anti-money laundering, sanctions screening and regulatory checks.


How we use your information

We use your personal data for the following purposes:

  • Business relationship: managing and administering our relationship with you, your company or organisation including keeping records about business contacts, services and payments so we can customise our offering for you, develop our relationship and target our marketing campaigns;
  • Communication: sending emails, newsletters and other messages to keep you informed of DME  updates and market insights;
  • Events: running client forums and other events;
  • Client legal compliance: client due diligence (under anti-money laundering, sanctions screening and other crime prevention and detection laws and regulatory requirements) which may involve automated screening checks to ensure that clients and contacts are genuine and to prevent fraud or crime as we are not able to on-board you as a counterparty if you do not provide the information we need to do these checks;
  • Website monitoring: to check the website and our other technology services are being used appropriately and are kept secure;
  • Site security: to provide security to our offices and other premises (normally collecting your name and contact details on entry to our premises);
  • Online security: protecting our information assets and technology platforms from unauthorised access or usage and to monitor for malware and other security threats;
  • Regulatory: compliance with our legal and regulatory obligations as a regulated exchange including auditing and reporting requirements ;
  • Managing suppliers: if you deliver services to us;
  • Legitimate interest: to pursue the legitimate business interests listed in the “Legitimate Interests” section of this policy below.


Why we use your personal data

We will collect and process your personal data for a number of reasons:

  • you have given us consent: for example where you share details for particular purposes;
  • when it is necessary to comply with legal or regulatory obligations: for example anti-money laundering and mandatory client screening checks or disclosure to law enforcement or to  deal with legal claims
  • processing is necessary for our legitimate business interests or those of a third party:  provided this does not override any interests or rights that you have as an individual. Our legitimate interests are listed in the next section.


Legitimate interests

We have legitimate business interests in:

  • managing our business and relationship with you or your company or organisation;
  • understanding and responding to inquiries and client feedback;
  • understanding how our clients trade in the Exchange;
  • identifying what our clients want and developing our relationship with you, your company or organisation;
  • improving our services and offerings; 
  • enforcing our terms of engagement and website and other terms and conditions;
  • ensuring our systems and premises are secure;
  • managing our supply chain;
  • developing relationships with business partners;
  • ensuring debts are paid;
  • excluding you from direct marketing if you unsubscribe;  
  • sharing data in connection with acquisitions and transfers of our business.


With whom do we share your data?

We share your information as with others as follows:

  • Suppliers: who support our business including managed business support, back up and DR suppliers. Our suppliers have to meet minimum standards as to information security and they will only be provided data in line with their function;
  • Law enforcement bodies and our regulators: or other competent authorities in accordance with legal requirements or good practice;
  • Appropriate parties in the event of emergencies: in particular to protect health and safety of our clients, staff and organisations;
  • Screening service providers: so that we can comply with legal obligations in relation to the prevention or protection of crime, ant-money laundering, sanctions screening and other required checks;


When you sign up to receive our communications

When you sign up to receive our updates and notices, we ask for your name, company you work for, your position, your phone number, your email address and your physical address, and your subscription preferences.

We may use the information you give us when you subscribe to our updates (on our website or other means) for direct marketing purposes to provide emails, newsletters and other messages to keep you informed of market developments, market insights and of our services including events that we think may interest you.

You can opt-out of receiving direct marketing from us at any time.  You can do this by clicking on the "unsubscribe" link included at the end of any marketing email we send to you, or by contacting the DPO.

We keep your personal data for as long as we produce and distribute our updates and notices. If you withdraw your consent, we will mark your details so that they are not used and delete them after six years.


How long do we keep your data?

We generally keep your information for a minimum of 6 years in accordance with applicable regulations.


Your Rights

If you are based in the EU or if you are a EU resident, you have certain rights in relation to your information. The availability of these rights and the ways in which you can use them are set out below in more detail.

Some of these rights will only apply in certain circumstances. If you would like to exercise, or discuss, any of these rights, please contact DME’s DPO.

  • Access: you are entitled to ask us if we are processing your data and, if we are, you can request access to them. 
  • Correction: you are entitled to request that we correct any incomplete or inaccurate personal data we hold about you;
  • Erasure: you are entitled to ask us to delete or remove personal data in certain circumstances. There are also certain exceptions where we may refuse such a request, for example, where the personal data is required for compliance with law or in connection with claims;
  • Restriction: you are entitled to ask us to suspend the processing of certain of your personal data about you, for example if you want us to establish its accuracy or the reason for processing it;
  • Transfer: you may request us to assist you transferring your personal data to another party;
  • Objection: where we are processing your personal data based on a legitimate interests (or those of a third party) and you may challenge this.  However, we may be entitled to continue processing your information. You also have the right to object where we are processing your personal information for direct marketing purposes;
  • Automated decisions: you may contest any automated decision made about you where this has a legal or similar significant effect and ask for it to be reconsidered.
  • Consent: where we are processing personal data exclusively on a consent basis, you can withdraw it.
  • Complain: You have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State in the European Union where you are habitually resident, where we are based or where an alleged infringement of Data Protection law has taken place

If you want to exercise any of these rights, please contact DME’s DPO in writing at the relevant email address provided above.


Updates to this data protection policy

We regularly review and, if appropriate, update this privacy policy from time to time, and as our services and use of personal data evolves. If we want to make use of your personal data in a way that we haven’t previously identified, we will contact you to provide information about this and, if necessary, to ask for your consent.

We will update the version number and date of this document each time it is changed.