Please take the time to read the following information carefully so that you fully understand our views and practices regarding your personal information and how we will use it.


This privacy policy (this Policy) applies to suppliers of services to Istimar Ltd (trading name Bayfikr). Please ensure that your staff who we may communicate with are aware of this Policy.

This Policy was last updated on 20 September 2020. We may amend this Policy at any time, and whenever we do so we will notify you by email and/or post the update on our website. Please ensure this Policy is reviewed each time personal information is provided to us. If you do not agree with any of this Policy, or any change please contact our DPO immediately.


Any personal information provided to us will be controlled by Istimar Ltd (trading name Bayfikr) of 33 Percy Laurie House, 217 Upper Richmond Road, SW15 6SY, London who is the data controller (Istimar, Bayfikr, we, us or our).


We have appointed a data protection officer (DPO) for you to contact if you have any questions regarding this Policy or believe we have breached the Data Protection Act 2018 and/or the General Data Protection Regulation ((EU)2016/679) (DP Laws). Our DPO's contact details are: Rascim Khan Khattak, 33 Percy Laurie House, 217 Upper Richmond Road, SW15 6SY, London;


Personal data we collect: If you or your staff contact us (by phone, email or otherwise), we will hold the following personal information:

  • name and contact details (such as email and phone number), and any other details you or they give us when you or they correspond with us;
  • information and documentation about your business activities that you and your staff give us;
  • information and documentation about your enquiries, including communications with you and your staff; and
  • information and documentation that we obtain about you and your staff from publicly available information (e.g. your website, social media and Companies House) when we carry out research (this is to ensure that we understand you, your staff and your business).

We may also collect information about your staff from social media platforms (for example, LinkedIn) including when or if they interact with us on those platforms or access our social media content (the information we may receive is governed by the privacy settings, policies, and/or procedures of the applicable social media platform, and we encourage you and your staff to review them).

Using your personal information : We will use all of the above information to:

  • provide you with the information you have requested from us (i) so that we can both decide whether to enter into a contract and/or other arrangement with each other and (ii) to pursue our legitimate interests; and
  • pursue the following other legitimate interests (i) protecting the rights, property, or safety of Istimar, our clients, suppliers, contacts or others (ii) maintaining records of potential suppliers or to recommend (or otherwise) you to others; (iii) improving our services and/or products; and/or (iv) sending you information or materials that we think may interest you or which you have requested from us.

Sharing your personal information : We will only share personal information with third parties in the following instances :

  • our staff (but their use shall be limited to the performance of their duties and in line with the reason for processing);
  • other companies within our group for the purposes of group staff to perform duties on behalf of Istimar;
  • various third parties who provide tools to enable our systems and services to operate (including email, instant messaging, document management and file-sharing);
  • with our telephony supplier (which would get to see phone numbers if we call you) and our broadband supplier (which could see email addresses (but not the content of what you send us, if you encrypt it)); and
  • third parties in the event of the sale, acquisition or merger of some or all of our assets if your personal information is part of the transferred assets (we shall notify you in the event of such an occurrence, as well as any choices you may have regarding your personal information).

Retaining your personal information : If we both decide:

  • to enter into a contract and/or other arrangement with each other, this information will be kept for the duration of your relationship with us;
  • not to enter into a contract and/or other arrangement with each other, this information will be kept for the duration of your enquiry and for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements; orif we are required by law to retain for longer, we will retain it for the required period and/or where the information is being used in connection with legal proceedings (including prospective legal proceedings) it will be retained for the duration of those legal (and any enforcement) proceedings.


We share your personal information within Istimar Group and to the external third parties (the categories of which are referred to in this Policy). This may involve transferring your personal information outside the European Economic Area (EEA). Whenever we transfer your personal information out of the EEA, we will ensure a similar degree of protection is afforded to it. In some instances, your personal information may be transferred to countries that have been deemed to provide an adequate level of protection for personal information by the European Commission. In other instances, we will ensure at least one of the lawful safeguards are implemented, which may include:

  • Where we transfer personal information within Istimar and to certain external third parties, we may use specific contracts approved by the European Commission which give personal information the same protection it has in Europe; or
  • Where we use external third parties based in the US, we may transfer personal information to them if they are part of the EU-US Privacy Shield which requires them to provide similar protection to personal information shared between Europe and the US.


If you also visit our website, please note that we will process certain personal information about your visit to our website. Please therefore review our website privacy policy which can be found at


In relation to personal information we hold about you, you have the right to:

  • get access to your personal information and information about our processing of it;
  • ask us to correct the record of your personal information maintained by us if it is inaccurate r to complete incomplete personal information;
  • ask us, in certain limited instances, to erase your personal information or cease processing;
  • object to us processing your personal information for direct marketing purposes;
  • challenge us processing your personal information which has been justified on the basis of ur legitimate interests;
  • ask us, in certain limited instances, to restrict processing personal information to merely storing;
  • ask us, in certain limited instances, to transfer your personal information to another online provider;
  • object to decisions based solely on automated processing, including profiling;
  • prevent processing that is likely to cause damage or distress to you and seek compensation from us for any damages caused to you by us breaching DP Laws;
  • be notified of a personal data breach which is likely to result in high risk to your rights and freedoms; and
  • complain to the ICO if you believe we have breached DPA Laws (please contact the ICO via

If you would like to exercise any of these rights, please contact our DPO (we may ask you to verify your identity - please cooperate with us in our efforts to verify your identity). Please note that we may need certain personal information to enable us to work with you and/or information to you, so changes you make to your preferences, or restrictions you ask us to make on how we use personal information, may affect what information we can provide.

Please also note that sometimes we may not be able to stop using your personal information when you ask us to (for example, where we need to use it because the law requires us to do so or we need to need to retain the information for regulatory purposes). We will tell you if we are unable to comply with your request, or how your request may impact you, when you contact us.


We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.


You have the right to ask us not to process your personal information for marketing purposes. You can exercise this right simply at any time by carrying out 'unsubscribe' actions which are made available to you (such as clicking on the 'unsubscribe' link in each promotional email we send you). We will honour your choice and refrain from sending you such communications. Please note that if you ask us not to contact you by email at a certain email address, we will retain a copy of that email address on a 'suppression list' in order to comply with your no-contact request. You are free to change your marketing choices at any time.