This Privacy Statement explains in a simple and transparent way how Capital Investments (DIFC) Ltd (in this Privacy Statement, “us”, “we” and “our”) collects, uses and discloses your personal data, and your rights in relation to the personal data it holds. Our approach can be summarized as: the right people use the right data for the right purpose.
We are the data controller of your personal data and are subject to the DIFC Data Protection Law (DIFC Law no 5 of 2020) and DIFC Data Protection Regulations (hereafter referred to as the “Data Protection Law”).
This Privacy Statement supersedes any previous Privacy Statement or equivalent which you may have been provided with or seen prior to the effective date stated above.
This Privacy Statement applies to the following individuals (“you”):
We obtain your personal data as follows:
We collect the following categories of personal data about you:
Special categories of personal data is data relating to your health, ethnicity, religious and political beliefs, genetic or biometric data, or criminal data.
We may process your special categories of personal data if:
Processing means every activity that can be carried out in connection with personal data such as collecting, recording, storing, adjusting, organizing, using, disclosing, transferring or deleting it in accordance with applicable laws.
We only use your personal data under one of the following legal grounds:
We may process your data for the following purposes:
For example, when you wish to become our customer we are legally obliged to collect personal data that verifies your identity (such as a copy of your ID card or passport) and to assess whether we can accept you as a customer. We also need to know your postal, e-mail address or phone number to contact you.
Performance of agreement to which you are a party or taking steps prior to entering into agreements
We use information about you when you enter into an agreement with us or when we have to contact you. We analyze information about you to assess whether you are eligible for our products and services.
Safety and security
We have a duty to protect your personal data and to prevent, detect and contain any breaches of your data. This includes personal data we are obliged to collect about you, for example to verify your identity when you become a customer. Furthermore, we not only want to protect you against fraud and cybercrime, we have also a duty to ensure the security and integrity of ourselves and the financial system as a whole by combatting crimes like money laundering, terrorism financing and tax fraud.
Compliance with legal obligations to which we are subject
We process your data to comply with a range of legal obligations and statutory requirements.
To provide you with our services, we share certain data within our group / related parties or externally with third parties.
Whenever we share your personal data externally with third parties in countries without a deemed adequate level of protection for personal data, we ensure the necessary safeguards are in place to protect it. We rely hereby upon, amongst others:
To comply with our regulatory obligations, we may disclose personal data to the relevant government, supervisory and judicial authorities such as:
When we use other service providers or third parties to carry out certain activities in the normal course of business, we may have to share personal data required for a particular task. The service providers include:
We respect your individual rights to determine how your personal data is used. These rights include:
Right to access information
You have the right to ask us for an overview of your personal data that we process.
Right of rectification
If your personal data is incorrect, you have the right to request us to rectify it. If we shared data about you with a third party and that data is later corrected, we will also notify that party accordingly.
Right to object processing
You can object us using your personal data for our own legitimate interests (for example, marketing). We will consider your objection and stop processing your data unless we assess that we have legitimate and imperious reasons that justify processing your data.
You can also object to receiving commercial messages from us (by e-mail, mail and phone) or for statistical purposes. When you become our customer, we may ask you whether you want to receive personalized offers. Should you later change your mind, you can choose to opt out of receiving these messages by sending an email to us (see section “Our contact details” below).
Right to restrict processing
You have the right to ask us to restrict using your personal data for the period necessary to us for our verifications if:
Right to data portability
You have the right to ask us to transfer some of your personal data directly to you or to another company. This applies to personal data we process by electronic means and with your consent or because of a contract with you. Where technically feasible, we will transfer your personal data.
Right to erasure (also known as right to be forgotten)
Unless required by law, you may ask us to erase your personal data if:
Right to complain
Should you not be satisfied with the way we have responded to your concerns you have the right to submit a complaint to us. If you are still unhappy with our reaction to your complaint, you can escalate it to our Compliance Department at firstname.lastname@example.org. You can also contact the DIFC Protection Commissioner (DIFC the Gate, Level 14, PO Box 74777, Dubai, T.: +971 4 362 2600)
Exercising your rights
You can also exercise your rights by contacting us (see section “Our contact details” below).
We aim to respond to your request as quickly as possible. In some instances, this could take up to one month. Should we require more time to complete your request, we will let you know how much longer we need and provide reasons for the delay. In certain legal cases, we may deny your request. If it’s legally permitted, we will let you know in due course why we denied it.
In some cases, we are legally required to collect personal data, or your personal data may be needed before we may perform certain services and provide certain products. We undertake to request only the personal data that is strictly necessary for the relevant purpose. Failure to provide the necessary personal data may cause delays or lead to refusal of certain products and services.
We take appropriate technical and organizational measures (policies, procedures, IT security, etc.) to ensure the confidentiality and integrity of your personal data and the way it’s processed. We apply an internal framework of policies and minimum standards across our business to keep your personal data safe. These policies and standards are periodically updated to keep them up to date with regulations and market developments.
In addition, our employees are subject to confidentiality obligations and may not disclose your personal data unlawfully or unnecessarily. To help us continue to protect your personal data, you should always contact us if you suspect that your personal data may have been compromised.
We will only retain your personal data for as long as we have a lawful reason to do so. In particular:
When your personal data is no longer necessary for a process or activity for which it was originally collected, we delete it, or bundle data at a certain abstraction level, render it anonymous and dispose it in accordance with the applicable laws and regulations.
We may amend this Privacy Statement to remain compliant with any changes in law or to reflect how our business processes personal data. This version was created and published at the end of October 2020 and enters into force on October 2020. The most recent version is available on our website: https://www.capitalinv.com/en/about/capinvest-difc-privacy-statement/
You can address your queries regarding this Privacy Statement to:
Capital Investments (DIFC) Ltd
Index Tower, Floor 21, Office 2102, DIFC
+971 4 3161900
You can also address your queries or complaints to our legal and compliance department/data protection officer:
Index Tower, Floor 26, DIFC
+971 56 9949440