Privacy policy

Data Privacy Notice

Data protection under the DIFC Data Protection Law No 5 of 2020 (“DP Law”).

Capital Asset Management Limited Limited (“the Firm”, “us”, “we”), as a Data Controller, have an obligation under DP Law to inform individual Data Subjects of their rights in relation to data held about them. We are committed to safeguarding personal data and processing data in line with applicable privacy and data protection laws. As part of our commitment to protect your Personal Data in a transparent manner, we want to inform you:

  • why and how the Firm collect, treats and stores your Personal Data;
  • the legal basis on which your Personal Data is processed; and
  • what your rights and our obligations are in relation to such processing.

1- What does this Privacy Notice cover?

This notice applies to all forms of use of Personal Data (“processing”) by the Firm in the DIFC.

2- How we get your information

We collect your information in different ways, specifically:

  • Information you give to us. This covers data given by you as well as data provided by people linked to your business service or people working on your behalf.
  • Form[VA1] [L2] third party companies (business introducers).

3- Information we hold about you

Depending on the service we provide to you, we collect Personal Data about you including:

  • Personal details (e.g. name, date of birth, proof of address and residency, copy of utility or telephone bill, bank statement);
  • Identification data and authentication data (e.g. passports, Emirates ID or other government issued ID numbers, sample signature, photographs);
  • Contact details (e.g. phone number, email address, postal address or mobile number);
  • Financial information (e.g. bank account number, credit or debit card numbers, financial history);
  • Data obtained during the fulfillment of our contractual obligations;
  • Information about a client's or a Data Subject's financial situation e.g. creditworthiness data, scoring/rating data, origin of assets, source of wealth;
  • where relevant, professional information about you, such as your job title and work experience;
  • Data related to designation as a politically exposed person (PEP);
  • Access requirements (e.g. for event organization purposes);
  • Data from interactions with us together with documentation data e.g. file notes or meeting minutes;
  • Marketing and sales data;
  • your knowledge of and experience in investment matters;
  • in some cases (where permitted by law), special categories of Personal Data, such as your biometric information, political opinions or affiliations, religious or philosophical beliefs, and, to the extent legally possible, information relating to criminal convictions or offences.

4- Purpose of Processing

We will always process your Personal Data for a specific and only process Personal Data which is relevant to achieve that purpose. We process Personal Data for the following purposes:

  • Client Onboarding
  • Client Relation management
  • To undertake checks for the purposes of security, detecting and preventing fraud and money laundering, and to verify your identity before we provide services to you. These checks may reveal political opinions or information about criminal convictions or offences
  • To comply with regulatory and legal obligations to which we are subject and cooperate with regulators and law enforcement bodies.
  • To prevent and detect fraud, money laundering and other crimes (such as identity theft).

5- What we use your information for and the legal basis for doing so?

5.1 Legal basis for Processing

The Firm processes Personal Data in accordance with DIFC Laws and Regulations. We are not permitted to process Personal Data if we do not have a valid legal ground. Accordingly, we will only process your Personal Data if one of the following legal basis applies:

  • To allow us perform our contractual obligations towards you or take pre-contractual steps at you’re your request;
  • To allow us to comply with our legal or regulatory obligation, for example obtaining proof identification to meet our AML obligations;
  • To allow us protect the vital interests of the relevant individual or of another natural person;
  • Necessary for the legitimate interests of the firm, without unduly affecting your interests or fundamental rights and freedoms and to the extent such Personal Data is strictly necessary for the intended purpose
  • Where we have your consent to do so.

Where required, we process your data beyond the actual fulfillment of the contract for the purposes of the legitimate interests pursued by us or a third party such as:

  • Consulting with third party data providers.
  • Reviewing and optimising procedures for needs assessment for the purpose of direct client discussions.
  • Marketing unless you have objected to the use of your data.
  • Obtaining personal data from publicly available sources.
  • Measures for business management and further development of services and products.
  • Risk and compliance control.
  • Regulatory matters and reporting.
  • IT security and IT operation.
  • Prevention and investigation of crimes.
  • Measures to protect our premises to keep out trespassers and to provide site security (e.g. access controls).

5.2 Your obligations

In the context of our relationship, you must provide all Personal Data that is required for accepting and carrying out a business relationship and fulfilling the accompanying contractual obligations or that we are legally obliged to collect.

In particular, anti-money laundering regulations require us to identify you on the basis of your identification documents before establishing a business relationship and to collect and put on record information which may include name, place and date of birth, nationality, address and identification details for this purpose.

In order for us to be able to comply with these statutory obligations, you must provide us with the necessary information and documents in accordance with applicable anti-money laundering regulations, and to immediately disclose any changes over the course of our relationship. If you do not provide us with the necessary information and documents.

Where the Personal Data we collect from you is needed to comply with our legal or regulatory obligations or enter into an agreement with you, if we cannot collect this Personal Data there is a possibility we may be unable to onboard you as a client or provide our services to you (in which case we will inform you accordingly).

5.3 Your Consent

If you have granted us consent in accordance with the DIFC regulations to process your personal data for certain purposes, this processing is legal on the basis of your consent. Consent given can be withdrawn at any time by notifying us using the contact methods set out under the heading “Who is responsible for data processing & how can I contact them?” above. Withdrawal of consent does not affect the legality of data processed prior to the withdrawal.

6- How data is processed

Personal data is processed both manually and electronically in accordance with the above-mentioned purposes and, in any case, in order to guarantee data security and data confidentiality in compliance with current regulations. Our Employees and Third-Party processors can access your data. Our Employees and Third-Party processors are appropriately designated and trained to process data only according to the instructions we provide them. All the data will be processed for the duration of this contract and subsequently for the fulfillment of legal obligations.

7- Who has access to Personal Data and with whom are they shared?

7.1 Outside the firm

To extent permitted under applicable law, we may also transfer Personal Data to Third Parties outside the Firm, such as:

  • Authorities, e.g. regulators, enforcement or exchange body or courts or party to proceedings where we are required to disclose information by applicable law or regulation or at their request, or to safeguard our legitimate interests;
  • Other financial service institutions or comparable institutions in order to carry out services required by you.
  • To third parties for the purpose of ensuring that we can meet the requirements of applicable law, contractual provisions, market practices and compliance standards in connection with services we provide to you.
  • To a natural or legal person, public authority, agency or body for which you have given us your consent to transfer personal data to or for which you have released us from banking confidentiality.
  • To service providers and agents such as IT services, logistics, printing services, telecommunications, collection, advice and consulting, and sales and marketing.

We have implemented appropriate organizational and technical safeguards to protect Personal Data for which we act as data controller or processor, including when disclosing such data to third parties or group entities.

7.2 Data transfers to other countries

Your Personal Data may in some cases be processed outside the DIFC. We will only transfer Personal Data outside DIFC, provided:

  • The third countries which are considered by the DIFC Commissioner of Data Protection as a jurisdiction providing adequate level of Data Protection;
  • In the absence such legislation that provides adequate protection, based on appropriate suitable safeguards (i.e. standard data protection contractual clauses and enforceable data subject rights or statutory exemption provided by local applicable law); or
  • You have explicitly consented to the proposed transfer.

Please contact us if you would like to request to see a copy of the specific safeguards applied to the processing of your information.

8- Data Retention

We will process and store clients and Data Subjects Personal Data for as long as it is necessary to fulfill the purpose for which it was collected to comply with legal, regulatory or internal policy requirements.

We will only retain information that enables us to:

  • Maintain business records for analysis and/or audit purposes
  • Comply with record retention requirements under the law (for example, as required under legislation concerning the prevention, detection and investigation of money laundering and terrorist financing)
  • Defend or bring any existing or potential legal claims
  • Deal with any future complaints regarding the services we have delivered
  • Assist with fraud monitoring
  • Legal Hold requirements

9- Your rights

We always aim to use our Personal Data in a way that is fair to you. You have a legal right to:

  • Request a copy of the personal data we hold about you.
  • Inform us to correct or rectify any inaccuracy in the data we hold about you.
  • Exercise your right to restrict use of your Personal Data;
  • Exercise your right to erase your Personal Data;
  • Withdraw your consent where the firm obtained your consent to process Personal Data
  • Object to decisions based solely on automated processing including profiling

In addition to the above rights, you have the right to object at any time to:

  • the processing of your personal data to the extent permitted
  • for direct marketing purposes, and profiling to the extent related to direct marketing
  • where your personal data being disclosed to third parties for the purposes of direct marketing.

Your right to exercise these rights are not absolute. They will depend on a number of factors and in some instances, we will not be able to comply with your request as exemptions may be engaged. We will usually, in response to a request, ask you to verify your identity and/or provide information that helps us to understand your request better. If we do not comply with your request, we will explain why.

10- Extent of automated decision making

In establishing and carrying out a business relationship, we generally do not use any fully automated decision-making. If we use this procedure in individual cases, we will inform you of this separately, provided it is a legal requirement to inform you. You have a right to object in certain instances where a decision is taken by us based only on automated decision making and to require such decision to be reviewed manually.

Profiling

We process some of your data automatically, with the goal of assessing certain personal aspects (profiling). For example, we use profiling for compliance with legal and regulatory requirements particularly, where we are required to combat money laundering, terrorism financing, fraud, and assess risk and offences that pose a danger to us, our clients, or the wider community at large.

11- Cookies

As with most websites, our websites use small pieces of code called “cookies” to log certain information from each visitor to the sites. When you first visit our websites, we may send you a cookie. A cookie is a small file that can be placed on your computer’s hard drive for record-keeping purposes. The data collected is not personal to you and is gathered only on an aggregate basis. In general, we use cookies to help measure traffic to different parts of our websites, improve our contact, offer members-only discounts and content, and prevent malicious activity. In particular:

Cookies help us to recognise you when you visit the websites and note the pages you visit, your search queries, your preferences, location and device-specific information. This information may be used to build customer profiles that help us deliver a more tailored and relevant experience. Your customer profile is anonymous and we do not store any personally identifiable information.

Cookies may be used to compile anonymous statistics related to the use of services or patterns of browsing. When used in this manner, you are not individually identified, and information collected in this manner is only used in aggregate and non-attributably.

Data derived from cookies is primarily used to optimise our website for our visitors; however, we may use this data for internal marketing purposes, and when required for regulatory purposes. For example we may tell potential advertisers how many visitors we get to the websites, where our visitors come from and how they arrive at our websites. We also may document online training you have taken to demonstrate completion of professional education credits and to meet regulatory training requirements.

Visitors to our websites who have JavaScript enabled are tracked using Google Analytics. Google Analytics collects the following types of information from users: type of user agent (web browser) used, software manufacturer and version number; type of operating system; colour processing ability of the user’s screen; JavaScript support; Flash version; screen resolution; network location and IP address. Collected information may also include country, city, state, region, county or other geographic data; hostname; bandwidth (internet connection speed); time of visit; pages visited; time spent on each page of the websites; referring site statistics; the website URL the user came through in order to arrive at the websites (example: typing a phrase into a search engine like Google and clicking on a link from that search engine).

12- Exercising your right

Please send your request using the attached form to:

Data subject rights request form

  • Contact details

If you feel that we have not complied with applicable data protection and privacy rules, please let us know and we investigate your concern. Please raise any concerns by contacting the Data Protection Office:

Address : Unit Unit 10, Level 4, Building 1 Currency House, Dubai International Financial Centre, Dubai, United Arab Emirates

E-mail: victor@jawanpartners.com

Telephone: +971 585202549

If you feel that we have not complied with applicable data protection and privacy rules, you may lodge a complaint with the Competent Authority.

13- Changes to the privacy notice

This notice explains how the Firm handles your Personal Data and your rights under the DP Law, rather a document that binds the Firm or any other party contractually. A copy of this privacy notice can be requested from us using the contact details set out above. We may modify or update this privacy notice from time to time.

Where changes to this privacy notice will have a fundamental impact on the nature of the processing or otherwise have a substantial impact on you, we will give you sufficient advance notice