BMA Investment Advisors
Legal

Privacy Policy

BMA Investment Advisors Limited

At BMA Investment Advisors Limited ("BMAIA"), safeguarding client confidentiality and maintaining the integrity of personal information remains a cornerstone of our operational philosophy. We are committed to upholding the highest standards of data protection, aligned with regulatory expectations and global best practices. This Privacy Policy outlines how BMAIA collects, processes, stores, and discloses personal data in the course of its business operations.

Commitment to Privacy

BMA recognizes that clients and website visitors place significant trust in us when sharing their personal and financial information. We are fully committed to protecting such information through robust internal controls, secure systems, and disciplined processes. All data processing is undertaken in accordance with applicable legal, contractual, and regulatory obligations.

Information We Collect

We may collect non-public personal information through various channels, including but not limited to:

  • Information provided through account opening forms, applications, or other documentation including CNIC/NICOP, contact details, employment information;
  • Data shared during interactions with our representatives or digital platforms
  • Information generated through investment activities and transaction history including portfolio holdings, financial position, and risk profiling information;
  • Technical data collected via our website, mobile applications, and online services; and,
  • Know Your Customer (KYC) and Customer Due Diligence (CDD) information collected in compliance with AML/CFT requirements.

Use of Information

The information collected is utilized strictly for legitimate business purposes, including:

  • Processing transactions and maintaining client accounts;
  • Delivering investment products and advisory services;
  • Responding to client inquiries and service requests;
  • Enhancing customer experience and improving service delivery;
  • Meeting legal, regulatory, and compliance obligations; and,
  • Complying with KYC, CDD, AML and CFT obligations.

Access to such information is restricted to authorized personnel strictly on a need-to-know basis.

Data Protection & Security

BMA employs industry-standard security protocols to ensure the confidentiality and integrity of client data, including:

  • Secure servers and encrypted communication channels,
  • Controlled access to sensitive information,
  • Continuous monitoring and system upgrades.

All electronic communications involving sensitive financial information are transmitted through secure and encrypted mechanisms.

Confidentiality of Information

BMAIA does not disclose client information to unaffiliated third parties for marketing purposes. Information may only be shared where required by:

  • Regulatory authorities,
  • Legal obligations,
  • Service providers operating under strict confidentiality agreements,
  • Financial Monitoring Unit (FMU) and SECP in compliance with AML/CFT laws,
  • Custodians, banks, auditors, and IT service providers engaged under outsourcing arrangements.

Website Usage & Cookies

Our website may use cookies and analytical tools to gather aggregate data such as:

  • Website traffic patterns,
  • Pages visited and duration of visits,
  • Effectiveness of digital campaigns.

This information is used solely to enhance website performance and user experience. No personally identifiable data is tracked without consent. Users may control or disable cookies through their browser settings. Continued use of the website constitutes consent to the use of cookies.

Intellectual Property Rights

All content available on BMA's website, including text, graphics, and digital material, is the intellectual property of BMA. Users may download content for personal use only. Any reproduction, distribution, or commercial use without prior written consent is strictly prohibited.

Client Responsibility

Clients are responsible for maintaining the confidentiality of their account credentials. BMA will never request passwords or sensitive login information. Clients must notify BMAIA immediately and no later than 24 hours upon becoming aware of any unauthorized access or security breach for necessary action.

Data Retention

Even after account closure, BMAIA will continue to adhere to this Privacy Policy and retain information only as required for regulatory and record-keeping purposes.

Security Disclaimer

While BMAIA maintains stringent security standards, internet-based systems inherently carry certain risks. In the event of unauthorized access despite our safeguards, BMAIA shall not be held liable for any resulting loss or data compromise beyond its reasonable control.

Data Breach Notification

In the event of a data breach, BMAIA shall take appropriate remedial measures and notify affected clients and regulators where required under applicable law.

Policy Updates

BMAIA reserves the right to update or revise this Privacy Policy in line with evolving regulatory requirements and business practices. Clients are encouraged to review this policy periodically. Any material changes to this Privacy Policy shall be communicated through appropriate channels, including the website and, where required, direct client notification.

Consent

By engaging with BMAIA and providing personal information, clients expressly consent to the collection, use, storage, and disclosure of their information in accordance with this Privacy Policy.

This Privacy Policy has been formulated in compliance with the Non-Banking Finance Companies and Notified Entities Regulations, 2008, SECP Anti-Money Laundering and Counter Financing of Terrorism Regulations, 2018, Prevention of Electronic Crimes Act, 2016, and other applicable SECP cybersecurity and data protection guidelines.