Compliance

Overview

BY BANKS L.L.C-FZ maintains robust compliance standards to meet the requirements of enterprise clients across multiple jurisdictions. This page outlines our approach to data protection, information security, and regulatory compliance.

For detailed vendor documentation including insurance certificates, company registration, and tax compliance, please visit our Vendor Information page.

Data Protection & Privacy

Regulatory Framework

We operate in compliance with applicable data protection regulations, including:

• UAE Federal Decree-Law No. 45 of 2021 - UAE Personal Data Protection Law (PDPL)
• GDPR Alignment - We apply GDPR principles when processing data of EU/EEA residents
• UK Data Protection Act 2018 - Compliance maintained for UK client engagements

Data Processing Principles

All personal data processing adheres to the following principles:

• Lawfulness, fairness, and transparency in data collection and use
• Purpose limitation - data collected only for specified, legitimate purposes
• Data minimisation - only necessary data is collected and retained
• Accuracy - reasonable steps taken to ensure data remains accurate
• Storage limitation - data retained only as long as necessary
• Integrity and confidentiality - appropriate security measures applied

Data Subject Rights

We facilitate the exercise of data subject rights including access, rectification, erasure, restriction, portability, and objection. Requests are processed within statutory timeframes.

Information Security

Security Controls

BY BANKS implements comprehensive security measures across all operations:

• Encryption: TLS 1.3 for data in transit; AES-256 for data at rest
• Access Control: Role-based access with multi-factor authentication
• Infrastructure: Cloud services hosted on enterprise-grade platforms with SOC 2 compliance
• Monitoring: Continuous security monitoring and logging
• Incident Response: Documented incident response procedures with defined escalation paths

Secure Development Practices

Our development methodology incorporates security at every stage:

• Secure coding standards and code review processes
• Dependency scanning and vulnerability assessment
• Separation of development, testing, and production environments
• Regular security testing and penetration testing where applicable
• Secure deployment pipelines with access controls

Third-Party Security

We carefully evaluate all third-party services and tools. Vendors are assessed for security practices, data handling, and compliance certifications before integration into our workflows.

Client Data Handling

Confidentiality

All client data and project information is treated as strictly confidential. Non-disclosure agreements (NDAs) are executed upon request, and confidentiality provisions are standard in all service agreements.

Data Segregation

Client data is logically segregated. Access to client environments and data is restricted to authorised personnel on a need-to-know basis.

Data Retention & Deletion

Upon project completion or contract termination:

• Client data can be returned in industry-standard formats upon request
• Data deletion is performed securely upon written instruction
• Certificates of destruction available upon request
• Standard retention periods apply unless otherwise agreed in contract

Backup & Recovery

Where applicable to our service delivery:

• Regular automated backups of production systems
• Geographically distributed backup storage
• Documented recovery procedures and tested restore processes

Procurement Compliance

Corporate Registration

• Legal Entity: BY BANKS L.L.C-FZ
• Jurisdiction: Meydan Free Zone, Dubai, UAE
• Trade License: 2425027.01
• Tax Registration: UAE VAT registered (TRN: 105189669200003), Corporate Tax registered

Insurance Coverage

BY BANKS maintains appropriate insurance coverage including:

• Professional Indemnity Insurance
• Cyber Liability Insurance

Certificates of insurance are available upon request for procurement purposes.

Financial Stability

We maintain transparent financial records and can provide:

• Financial statements and management accounts (upon NDA)
• Bank references

Anti-Corruption & Ethics

Business Ethics

BY BANKS conducts business with integrity and in compliance with applicable anti-corruption laws including:

• UAE Federal Decree-Law No. 20 of 2018 on Anti-Money Laundering
• UK Bribery Act 2010 (where applicable)
• US Foreign Corrupt Practices Act (where applicable)

Prohibited Activities

We maintain zero tolerance for:

• Bribery or corrupt payments to public officials or procurement decision-makers
• Facilitation payments to government officials
• Undisclosed conflicts of interest
• Money laundering or terrorist financing

We may engage independent third parties on a referral basis in the normal course of business. Such arrangements are commercial in nature and do not involve individuals with procurement authority over client engagements.

Accessibility

We are committed to digital accessibility and strive to ensure our deliverables meet recognised accessibility standards (WCAG 2.1) where specified in project requirements. Accessibility considerations can be incorporated into project scoping upon request.

Continuous Improvement

Our compliance programme is subject to regular review and improvement. We monitor regulatory developments, industry best practices, and client requirements to ensure our policies and procedures remain current and effective.