Privacy Policy

Last modified: March 2021

This Privacy Policy (“Policy”) may be amended or updated from time to time to reflect changes in our practices with respect to the processing of personal data, or changes in applicable law. We encourage you to read this Policy carefully, and to regularly check this page to review any changes we might make in accordance with the terms of this Policy.

1. About this Privacy Policy

Gulf Capital Limited (“Gulf Capital”, “we”, “us”, “our”) values your security and privacy and may for certain types of personal data processing, be subject to the Data Protection Law, DIFC Law No. 5 of 2020 (the “DP Law”) or laws from other jurisdictions.
For the purposes of this Policy “Personal Data” means any information that Gulf Capital processes that relates to identifiable or identified individuals.

This Policy:

  • is issued by Gulf Capital and addressed to individuals outside our organization and anywhere in the world who submit Personal Data to Gulf Capital or whose Personal Data we otherwise obtain in the course of our ordinary business activities; and
  • sets out the basis on which we collect, use and disclose your Personal Data.

Specifically, this Policy covers:

  • Employees of representatives of our service providers;
  • Clients or potential clients (or representatives of corporate clients or potential corporate clients);
  • Employees, representatives and / or directors of companies we are considering investing in (subject to having entered into appropriate confidentiality arrangement with such target companies); and
  • Shareholders of companies we are considering investing in.

This Policy does not cover:

  • Our employees, directors and contractors;
  • Our shareholders; and
  • Job applicants.

Such individuals will be provided with a separate privacy policy which is specific to our relationship with them.

For the purposes of the DP Law, we are a Controller in respect of your Personal Data. We are responsible for ensuring that we use your Personal Data in compliance with the DP Law.

2. Principles and Basis for Use of Personal Data

We will take all steps reasonably necessary to ensure your data is processed fairly and lawfully, in accordance with the DP Law, other applicable laws and this Policy. We will:

  • process your Personal Data in a lawful, fair, transparent and secure way;
  • collect your Personal data only for specific, explicit and legitimate purposes as explained to you when collecting your personal data;
  • not use your Personal Data in a way that is incompatible with those purposes;
  • process your Personal Data in a manner that is adequate and relevant to the purposes for which we have collected it and limited only to those purposes;
  • keep your Personal Data accurate, where necessary, up to date; and
  • keep your Personal Data in a form that identifies you only as long as necessary for the purposes we have informed you or as permitted by law.

We use your Personal Data on the following legal bases:

  • for our legitimate business interests as set out in Section 4 below;
  • because the information is necessary for the performance of a contract with you or to take steps at your request to enter into a contract;
  • because you have given your consent (if we expressly ask for consent to process your Personal Data for a specific purpose; and
  • to comply with legal and regulatory obligations (for example obtaining satisfactory due diligence for the purposes of UAE/DFSA anti-money laundering legislation).

With respect to any special categories of Personal Data (as set out under section 3 below), we rely on the following legal bases:

  • To comply with anti-money laundering or counter-terrorist financing obligations.

Should you have any questions with respect to the legal basis which we rely on in relation to a particular processing activity, please do not hesitate to contact us using the methods described at section 13.

3. Collection of Personal Data

The Personal Data we may collect from or in relation to you includes for example:

  • information establishing your identity (for example your name, address, email address, date of birth, passport or Emirates ID, photograph);
  • documents to verify information supplied to us, such as bills issued by third parties or endorsements issued by employers or institutions such as banks;
  • reference checking information obtained via third parties such as credit reference agencies, and sanctions lists;
  • financial information (for example, credit card details, bank account details);
  • information provided so that we are able to fulfil our regulatory compliance obligations including anti-money laundering and “know your client” checks (for example the information establishing your identity as set out above);
  • information you provide when you enter into any agreement or provide other documentation or information in respect of your interactions with us, or when you use our services;
  • any information you independently choose to provide to us (for example, if you send us an email or call us);
  • information relating to your use of our website (for example, domain name, IP address and cookies) or information you provide when you register for alerts and subscriptions and when you report a problem with any of our website services; and
  • any information collected where you are an employee of a target company (for example information establishing the identity of a target company employee’s spouse and children as detailed above, appraisals, ethnicity, sex, marital status, payroll number, salary, residency visa, criminal record, background checks, payroll register, designation, employee ID and qualifications).

Under certain circumstances, we may also collect special categories of Personal Data, specifically:

  • Criminal record checks.

We may obtain your Personal Data from:

  • you (for example, when you use our website, when you make an inquiry, send emails, or otherwise provide us with your Personal Data);
  • credit information, identity or criminal record checks;
  • suppliers, consultants or advisors; and
  • screening tools and information available in the public domain.

4. Use of Personal Data

We may use or process your Personal Data for the following purposes:

  • to provide you with information about our services and investments including by way of direct marketing;
  • verifying or confirming investments or instructions from you or for your account;
  • to establish your financial situation, risk profile, investment objectives to help you consider the suitability of the products you have invested in or intend to invest in;
  • to verify your identity and to undertake customer due diligence;
  • for audit purposes;
  • to resolve complaints and handling requests and enquiries;
  • preventing, detecting and investigating crime, including fraud and money-laundering or terrorist financing, and analyzing and managing commercial risks;
  • to respond to any queries, requests or comments that you may have;
  • to process your payments;
  • to review, develop and improve the services which we offer;
  • to review, analyse and assess potential investment into target companies; and
  • to comply with legal obligations.

5. Sharing of Personal Data

We may share your Personal Data with:

  • any member of the Gulf Capital group;
  • third party service providers who provide a service to us and need access to such Personal Data to carry out work on our behalf or to perform a contract we enter into with them (including but not limited to marketing and advertising, data processing, IT and office services);
  • professional advisors such as our auditors, lawyers and fund administrators;
  • any competent authority or government entities if required by any applicable law, regulation, or legal process;
  • if we otherwise notify you and you consent to the sharing; and
  • with third parties in an aggregated and/or anonymized form which cannot reasonably be used to identify you.

6. Transferring Personal Data Internationally

The information you submit may be transferred, stored and hosted outside the DIFC, and may be transferred to countries which do not have data protection laws or to countries where your privacy and other fundamental rights will not be protected as extensively. 

We will implement appropriate measures to ensure that your Personal Data remains protected and secure while and for as long as it remains under our control.

Should you have any questions with respect to safeguards we employ when transferring your Personal Data out of the DIFC, please do not hesitate to contact us using the methods described at section 13.

7. Data Retention

We will keep your Personal Data for as long as is necessary for the specific purpose which we collected it, or to comply with any legal obligations to which we may be subject.

8. Your Rights

You may contact us if you wish to:

Access your Personal Data: request a copy of your Personal Data that we process about you.

Rectify your Personal Data: request us to amend or update your Personal Data where it is inaccurate or incomplete. We are not responsible for the accuracy of the information you provide, and will modify or update your Personal Data upon your request.

Erase your Personal Data: request us to delete your Personal Data where it is no longer necessary for the purpose(s) for which your information was collected. We will erase or archive from active use your Personal Data upon request, unless we are required to retain it in accordance with DIFC or other applicable laws or to perform agreed services.

Restrict your Personal Data: request us to temporarily or permanently to stop processing all or some of your Personal Data.

Object to use of your Personal Data: at any time, object to us processing your personal data where it is based exclusively on our legitimate interests or for direct marketing purposes.

Receive or transmit your Personal Data in machine-readable and structured format (also known as “data portability”): request the receipt or transmission of your personal data to another organization, in a structured and machine-readable format.

Withdraw your consent: withdraw your consent at any time to the use of your Personal Data for a particular purpose (where we have asked for your consent to use your information for that particular purpose).

For any of the above, please see Contact Us below.

9. Security

Gulf Capital makes every effort to ensure that your Personal Data is secure on its system. Gulf Capital has staff dedicated to maintaining our data protection and security policies, periodically reviewing them and making sure that Gulf Capital employees are aware of our data protection and security practices. Unfortunately, no data transmission over the internet can be guaranteed to be 100% secure. As a result, Gulf Capital cannot warrant or guarantee the security of any Personal Data you transmit to us, and you do so at your own risk.

Gulf Capital has established policies and procedures for securely managing information and protecting Personal Data against unauthorized access. We continually assess our data privacy, information management and security practices. We do this in the following ways:

  • Establishing policies and procedures for securely managing information;
  • Limiting employee access to viewing only necessary information in order to perform his or her duties;
  • Protecting against unauthorized access to Personal Data by using data encryption, authentication and virus detection technology, as required;
  • Requiring service providers with whom we do business to comply with relevant data privacy legal and regulatory requirements;
  • Monitoring our websites through recognized online privacy and security organizations; and
  • Conducting background checks on employees and providing training to our employees.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

10. Cookies

A cookie is a small text file that is unique to the web browser on your computer or mobile device, which is used to retain user preferences, and enhance browsing experience (“Cookie”). Gulf Capital uses Cookies to track overall site usage and enables us to provide a better user experience.

We do not use Cookies to “see” other data on your computer or determine your email address.

Types of cookies we drop and the information collected using them include:

Essential

  • Google Tag Manager – helps make tag management simple, easy and reliable by allowing marketers and webmasters to deploy website tags all in one place.

Site Analytics

  • Google Analytics – gives website owners the digital analytics tools needed to analyse data from all touchpoints in one place, for a deeper understanding of the customer experience.
  • Pingdom – monitors sites and servers on the internet, alerting the website owners if any problems are detected.
  • Hotjar – by combining both analysis and feedback tools, Hotjar helps website owners understand what users want, care about and interact with on their website by visually representing their clicks, taps and scrolling behavior.

Advertising

  • LinkedIn Analytics – enables website owners to promote their company updates to targeted audiences on desktop, mobile, and tablet.

Most browsers accept and maintain Cookies by default. Check the ‘Help’ or ‘Settings’ menu of your browser to learn how to change your Cookie preferences. You can choose to alter Cookies settings related to the use of our website services, but this may limit your ability to access certain areas of our website.

Alternatively you may wish to visit an independent source of information, www.aboutcookies.org, which contains comprehensive information on how to alter settings or delete Cookies from your computer as well as more general information about Cookies. For information on how to do this on the browser of your mobile phone you will need to refer to your handset manual or network operator for advice.

11. External Links

The website may contain links to other websites on the Internet that are owned and operated by third parties. If you access those links, you will leave our website. These links are provided solely as a convenience to you and not as an endorsement by Gulf Capital of their content or reliability. You acknowledge that Gulf Capital is not responsible for the availability of, or the information and content of any external links. If you decide to access linked third party websites, you do so at your own risk. Gulf Capital does not accept liability and shall not be liable to you for any loss or damage arising from or as a result of your acting upon the content of another website to which you may link from the website services.

This Policy does not cover the personal data you choose to give to unrelated third parties. We encourage you to review the privacy policy of any company before submitting your Personal Data.

12. Changes to this Privacy Policy

We may change this Policy from time to time and without notice. If we make significant changes in the way we treat your Personal Data, or to the Policy, we will endeavor to provide you notice through the website services or by some other means, such as email. Your continued use of the website services after such notice constitutes your acceptance of the changes. We encourage you to periodically review this Policy for the latest information on our privacy practices. We provide links to it through:

  • website services;
  • referencing it in our Terms and Conditions; and
  • incorporating it into our contracts, agreements, and other documents as necessary or appropriate.

13. Contact Us

If you have any questions relating to this Policy or if you have any complaints related to how Gulf Capital processes your Personal Data, please contact our Data Protection Officer by email at LCD@gulfcapital.com or at Office 3001, Level 30, Al Fattan Currency House Tower 2, DIFC, Dubai, UAE.

You also have a right to lodge a complaint with the DIFC Commissioner for Data Protection at any time.