Privacy Statement

This Privacy Statement explains in a simple and transparent way how Badwa Capital Limited (in this Privacy Statement, “us”, “we” and “our”) collects, uses and discloses your personal data, and your rights in relation to the personal data it holds.

We are the data controller of your personal data and are subject to the DIFC Data Protection Law (DIFC Law no 5 of 2020) and DIFC Data Protection Regulations (hereafter referred to as the “Data Protection Law”).

In some cases, Badwa Growth Opportunities Fund GP Limited (“Badwa GP”) will process your personal data. This is generally the case in relation to present and prospective customer due diligence information, collected on our behalf. It is important that you read and retain this notice, together with any other privacy statement we may provide on specific occasions so that you are aware of how and why we are using your personal information and what your rights are under the data protection legislation.

This Privacy Statement supersedes any previous Privacy Statement or equivalent which you may have been provided with or seen prior to the effective date stated above.

1. Scope of this Privacy Statement

This Privacy Statement applies to the following individuals (“you”):

    • Our past, present and prospective customers;
    • Prospective employees;
    • Anyone involved in any transaction or interaction with us, whether it is in your personal capacity or as a representative of a legal entity (for example, director, a company manager, agent, legal representative, operational staff, other authorized representative, etc.); and
    • Our advisors, consultants or secondees.

2. How do we obtain your personal data?

We obtain your personal data as follows:

    • From the information you provide to us when you meet or interact with us;
    • From information about you provided to us by your company or an authorized intermediary;
    • When you communicate with us by telephone, , email or other forms of electronic communication. In this respect, we may monitor, record and store any such communication;
    • When you complete (or we complete on your behalf) client on-boarding or application or other forms; or
    • From publicly available sources or from third parties, most commonly where we need to conduct background checks about you.

    3. What do we do with your personal data?

    Processing means every activity that can be carried out in connection with personal data such as collecting, recording, storing, adjusting, organizing, using, disclosing, transferring or deleting it in accordance with applicable laws.

    We only use your personal data under one of the following legal grounds:

    • To conclude and carry out a contract with you;
    • To perform our pre-contractual employment obligations;
    • To comply with our legal obligations;
    • For our legitimate business interests. This data processing may be necessary to maintain good commercial relations with all our customers and other concerned parties. We may also process your data to prevent and combat fraud and to maintain the security of your transactions and of the operations made by us; or
    • Under limited circumstances, when we have your consent.

  • We do not conduct direct marketing.

    4. Purposes of Processing and Legal Basis

    The Data Protection Law requires us to provide you with information on the type of data we process and the purpose of processing, including the lawful basis. We have therefore included a guide below for you.

    • Personal details (which may be contained in ID documents, i.e. Residence ID, passport etc.), such as:
      • First and last name
      • date of birth
      • gender
      • contact details (such as phone number(s), email address(es))
      • residential and/or business address(es)
      • personal photograph
      • Purpose of processing may be:
        • in order to enter into a contract with you at your request or to perform our contract with you
        • in order to meet our obligations under applicable law
        • for our legitimate interest in using your details to share information for the efficiency of business communications
        • where we need to share your information in a life-or-death situation
        • pre-employment screening and tasks such as  recruitment, visa or work permit processing
    • Biographical information (which may confirm your identity), such as:
      • date and place of birth
      • tax identification number
      • your passport number
      • national identity card
      • visa details
      • country of domicile and/or your nationality
      • Purpose of processing may be:
        • In order to enter into a contract with you at your request or to perform our contract with you.
        • In order to meet our obligations under applicable law.
        • Pre-employment screening and tasks such as  recruitment, visa or work permit processing.
    • Financial information relating to your situation, such as:
      • Income and expenditure
      • assets and liabilities
      • sources of wealth
      • bank account details
      • Purpose of processing may be:
        • In order to enter into a contract with you at your request or to perform our contract with you.
        • To meet our obligations under applicable law. 
    • Your goals and objectives in procuring our services:
      • Purpose of processing may be:
        • In order to enter into a contract with you at your request or to perform our contract with you.
        • To meet our obligations under applicable law.
    • Recruitment information such as:
      • copies of right to work documentation 
      • employment references 
      • information included in a CV or cover letter, or application
      • information about your employment, education, family or personal circumstances, and interests,  compensation history, performance information.
      • Education or membership certificate copies
      • results of background check
      • Purpose of processing may be:
        • In order to enter into a contract with you at your request or to perform our contract with you.  
        • To meet our obligations under applicable law. 
        • Pre-employment screening and tasks such as  recruitment, visa or work permit processing.
      • Customer due diligence and pre-employment screening data such as:
        • Information about criminal convictions and offences
        • Purpose of processing may be:
          • To meet our obligations under an applicable law.
          • For our legitimate interest  – Where it is necessary to share such information to protect the public against dishonesty, malpractice or other improper behavior.
          • Pre-employment screening and tasks such as  recruitment, visa or work permit processing.
      • Non disclosure agreement
        • Purpose of processing may be:
          • In order to enter into a contract with you at your request or to perform our contract with you. 

      Special Categories of Personal Data

      “Special categories” of particularly sensitive personal information require higher levels of protection, for example information relating to criminal convictions and health data. We have justification for collecting, storing, and using this type of personal information. We have in place an appropriate policy document and safeguards in compliance with the law. We are likely process special categories of personal information in the following circumstances where:

      • In limited circumstances, we have your explicit written consent.
      • It is necessary to comply with the law applicable to us in relation to anti-money laundering or counter-terrorist financing obligations or the prevention, detection, or prosecution of any crime.
      • It is necessary for the compliance with specific requirements pursuant to laws applicable to us. In such circumstances, we will provide you with clear notice unless the obligation in question prohibits such notice being given. 
      Less commonly, we may process this type of information where it is needed in relation to legal claims, where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.

       

    5. With whom do we share your personal data and for which reasons?

    To comply with our regulatory obligations, we may disclose personal data to the relevant government, supervisory and judicial authorities such as:

    • Public authorities, regulators and supervisory bodies such as the financial sector supervisors in the countries in which we operate;
    • Tax authorities may require us to report customer assets or other personal data such as your name and contact details and other information about your organization. For this purpose, we may process your identification data such as your tax identification number or any other national identifier in accordance with applicable local law; or
    • Judicial/investigative authorities such as the police, public prosecutors, courts and arbitration/mediation bodies on their express and legitimate request.

  • When we use other service providers or third parties to carry out certain activities in the normal course of business, we may have to share personal data required for a particular task. For instance:

    • IT service providers who may provide application or infrastructure (such as cloud) services;
    • Marketing activities or events and managing customer communications;
    • Legal, auditing or other special services provided by lawyers, notaries, trustees, company auditors or other professional advisors; or
    • Identifying, investigating or preventing fraud or other misconduct by specialized companies.

  • 6. Legal Obligations

    We may be required to retain and use personal data to meet our internal and external audit requirements, for data security purposes and as we believe to be necessary or appropriate:

    • to comply with our obligations under applicable law and regulations, which may include laws and regulations outside your country of residence;
    • to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence; 
    •  to carry out anti-money laundering, sanctions or Know Your Customer checks as required by applicable laws and regulations; or
    • to protect our rights, privacy, safety, property, or those of other persons. We may also be required to use and retain personal data after you have doing business with us for legal, regulatory and compliance reasons, such as the prevention, detection or investigation of a crime; loss prevention; or fraud prevention.  

    7. Joint Controller Arrangement

    We are considered joint controllers with Badwa Capital Company as we jointly determine the purpose and means of processing the data we hold for business operational purposes. Due to this arrangement, we have a written agreement in place which defines our responsibilities. Data Subjects may request further details via the ‘Our contact details’ section below.

    8. How long do we keep your personal data?

    We will retain your personal information for the length of time needed to fulfil the purposes for which it was collected, unless we specifically agree a longer retention period with you, or a longer retention period is required or permitted by law.

    9. Do we need your consent?

    We generally do not rely on consent as our processing reason. However, if we do so, we will provide you with full details of the information that we would like and the reason we need it so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your relationship with us that you agree to any request for consent from us.

    In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time.

    10. What are your rights and how do we respect them?

    We respect your individual rights to determine how your personal data is used. These rights include:

    Right to access information
    You have the right to ask us for an overview of your personal data that we process.

    Right of rectification
    If your personal data is incorrect, you have the right to request us to rectify it. If we shared data about you with a third party and that data is later corrected, we will also notify that party accordingly.

    Right to object processing
    You can object us using your personal data for our own legitimate interests (for example, marketing). We will consider your objection and stop processing your data unless we assess that we have legitimate and imperious reasons that justify processing your data.

    Right to restrict processing
    You have the right to ask us to restrict using your personal data for the period necessary to us for our verifications if:

    • You believe the information is inaccurate;
    • we are processing your personal data unlawfully;
    • you have objected to us processing your personal data for our own legitimate interests;
    • you have the same right if we no longer need your personal data, but you want us to keep it for use in a legal claim.

    Right to restrict processing
    Unless required by law, you may ask us to erase your personal data if:

    • We no longer need it for its original purpose;
    • You withdraw your consent for processing it;
    • You object to us processing your data for our own legitimate interests (except for legitimate and compelling interests) or for commercial messages; or
    • we unlawfully process your personal data.

    Right to complain
    Should you not be satisfied with the way we have responded to your concerns you have the right to submit a complaint to us. If you are still unhappy with our reaction to your complaint, you can escalate it to our Compliance Department. You can also contact the DIFC Protection Commissioner (DIFC the Gate, Level 14, PO Box 74777, Dubai, T.: +971 4 362 2600)

    Exercising your rights
    You can also exercise your rights by contacting us (see section “Our contact details” below).

    We aim to respond to your request as quickly as possible. In some instances, this could take up to one month. Should we require more time to complete your request, we will let you know how much longer we need and provide reasons for the delay. In certain legal cases, we may deny your request. If it’s legally permitted, we will let you know in due course why we denied it.

    11. To inform us of changes

    It is important that the personal information we hold about you is accurate and, where necessary, kept up to date. Please keep us informed if your personal information changes during your working relationship with us and respond promptly to our request for updates of your data.

    12. Are you obliged to provide us with your personal data?

    In some cases, we are legally required to collect personal data, or your personal data may be needed before we may perform certain services and provide certain products. We undertake to request only the personal data that is strictly necessary for the relevant purpose. Failure to provide the necessary personal data may cause delays or lead to refusal of certain products and services.

    13. How do we protect your personal data?

    We have implemented reasonable administrative, technical and physical measures to protect your personal information against loss, misuse and alteration.

    14. Changes to this Privacy Statement

    We may amend this Privacy Statement to remain compliant with any changes in law or to reflect how our business processes personal data. The most recent version is available on our website www.badwacapital.com.

    15. Our contact details

    You can also address your queries or complaints to our legal and compliance department/data protection officer:
    Data Protection Officer
    Badwa Capital
    ICD Brookfield Place Suite 31-12
    DIFC, Dubai, UAE
    info@badwacapital.com

    Last updated: 3rd Sept 2025

Badwa Capital Limited (UAE)

ICD Brookfield Place Suite 31-12
DIFC, Dubai, United Arab Emirates

Badwa Capital UAE is the parent company of Badwa Capital KSA and is licensed and regulated by the Dubai Financial Services Authority.

Badwa Capital is licensed and regulated by the Dubai Financial Services Authority to provide Financial Services in and from the Dubai International Financial Centre to Professional Clients (as defined in the DFSA Rulebook).

Badwa Capital Company (KSA)
Office 9, 3599 Abdullah Alsahmi Street, Riyadh
12512, Saudi Arabia 

Licensed by the Saudi Arabian Capital Market Authority to provide arranging services within the Kingdom of Saudi Arabia to qualified and institutional clients.

Regulated Information
Privacy Statement
Menu
Connect