Privacy Statement

This Privacy Statement, dated 16 December 2022, explains in a simple and transparent way how Badwa Capital Limited (in this Privacy Statement, “us”, “we” and “our”) collects, uses and discloses your personal data, and your rights in relation to the personal data we hold.

We are the data controller of your personal data and are subject to the Dubai International Financial Centre (“DIFC”) Data Protection Law no 5 of 2020 (hereafter referred to as the “Data Protection Law”).

This Privacy Statement supersedes any previous Privacy Statement or equivalent which you may have been provided with or seen prior to the effective date stated above.

1. Scope of this Privacy Statement

This Privacy Statement applies to the following individuals (“you”):


      • Our past, present and prospective customers;

      • Anyone involved in any transaction or interaction with us, whether it is in your personal capacity or as a representative of a legal entity (for example, director, a company manager, agent, legal representative, operational staff, other authorized representative, etc.);

      • Suppliers and third parties; and

      • Prospective employees.

    2. How do we obtain your personal data?

    We obtain your personal data as follows:


        • From the information you provide to us when you meet or interact with us;

        • From information about you provided to us by your company or an authorized intermediary;

        • When you communicate with us by telephone, email or other forms of electronic communication. In this respect, we may monitor, record and store any such communication;

        • When you complete (or we complete on your behalf) client on-boarding or application or other forms; or

        • From publicly available sources or from third parties, most commonly where we need to conduct background checks about you.

      3. What types of personal data do we process?

      We collect the following categories of personal data about you:


          • Your name and contact information such as your home or business address, email address, telephone number and social media contact details;

          • Biographical information which may confirm your identity including your date and place of birth, tax identification number, your passport number or national identity card and visa details, country of domicile and/or your nationality;

          • Information relating to your financial situation such as income, expenditure, assets and liabilities, sources of wealth, as well as your bank account details;

          • Information about your knowledge and experience in the investment field;

          • An understanding of your goals and objectives in procuring our services;

          • Information about your employment, education, family or personal circumstances, and interests, where relevant;

          • Know our customer data as part of customer due diligence and to prevent fraudulent conduct or behavior that contravenes sanctions and to comply with regulations against money laundering, terrorist financing and tax fraud; and special categories of personal data are data relating to your religious and political beliefs or criminal data.

        We may process your special categories of personal data if:


            • We have your explicit consent to do so;

            • Processing is necessary for the purpose of recruitment, visa or work permit processing;

            • We are required or allowed to do so by applicable local law ; or

            • It is necessary to comply with the law applicable to us in relation to anti-money laundering or counter-terrorist financing obligations or the prevention, detection, or prosecution of any crime.

          4. What do we do with your personal data?

          Processing means every activity that can be carried out in connection with personal data such as collecting, recording, storing, adjusting, organizing, using, disclosing, transferring or deleting it in accordance with applicable laws.

          We only use your personal data under one of the following legal grounds:


              • To conclude and carry out a contract with you;

              • To comply with our legal obligations;

              • For our legitimate business interests. This data processing may be necessary to maintain good commercial relations with all our customers and other concerned parties. We may also process your data to prevent and combat fraud and to maintain the security of your transactions and of the operations made by us;

              • When we have your consent. In this case, you may withdraw your consent at any time.

            We may process your data for the following purposes:


            For example, when you wish to become our customer we are legally obliged to collect personal data that verifies your identity (such as a copy of your ID card or passport) and to assess whether we can accept you as a customer. We also need to know your postal, e-mail address, or phone number to contact you.

            In the case of prospective employees, we will use information about you to make decisions in relation to your recruitment or appointment. Also, to determine the terms on which you may work for us and your legal entitlement to work in the UAE and DIFC.

            For our legitimate interest to provide company updates, provide marketing material, notify of changes to service terms and peruse potential candidates for employment opportunities

            Performance of agreement to which you are a party or taking steps prior to entering into agreements

            We use information about you when you enter into an agreement with us or when we have to contact you. We analyze information about you to assess whether you are eligible for our products and services.

            In relation to third parties and suppliers, we may use your information to enter into an agreement, and to maintain and improve our working relationship. For example, to facilitate payment, verify your details, and send administrative messages, whether information or required by applicable law.

            Safety and security

            We have a duty to protect your personal data and to prevent, detect and contain any breaches of your data. This includes personal data we are obliged to collect about you, for example to verify your identity when you become a customer. Furthermore, we not only want to protect you against fraud and cybercrime, we have also a duty to ensure the security and integrity of ourselves and the financial system as a whole by combatting crimes like money laundering, terrorism financing and tax fraud.

            Compliance with legal obligations to which we are subject

            We process your data to comply with a range of legal obligations and statutory requirements including to meet our anti-money laundering (AML) and other regulatory obligations in relation to Know Your Client (KYC) and client due diligence obligations.

            5. With whom do we share your personal data and for which reasons?

            To comply with our regulatory obligations, we may disclose personal data to the relevant government, supervisory and judicial authorities such as:


                • Public authorities, regulators and supervisory bodies such as the financial sector supervisors in the countries in which we operate.

                • Tax authorities may require us to report customer assets or other personal data such as your name and contact details and other information about your organization. For this purpose, we may process your identification data such as your tax identification number or any other national identifier in accordance with applicable local law.

                • Judicial/investigative authorities such as the police, public prosecutors, courts and arbitration/mediation bodies on their express and legitimate request.

              When we use other service providers or third parties to carry out certain activities in the normal course of business, we may have to share personal data required for a particular task. For instance:


                  • IT service providers who may provide application or infrastructure (such as cloud) services;

                  • Marketing activities or events and managing customer communications;

                  • Legal, auditing or other special services provided by lawyers, notaries, trustees, company auditors or other professional advisors;

                  • Identifying, investigating or preventing fraud or other misconduct by specialized companies.

                6. Transfers of data outside of the DIFC

                In the course of business, and to manage our relationship we may transfer personal data to a jurisdiction that does not have the same level of data protection as the DIFC.

                Third parties who have access to personal data obtained from us are either subject to standard data protection clauses or the personal data transfer is subject to a lawful derogation, in order to treat your data in a manner consistent with this Privacy Notice and in line with the Data Protection Law no. 5 of 2020. You may ask us for further details of these safeguards, where required.

                7. Cookie Policy

                Cookies are small text files that can be used by websites to make a user’s experience more efficient. We can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.This site uses necessary cookies only for the purpose of remembering your user consent preferences to be applied when you visit our site. These cookies do not collect or store your personal information for marketing purposes, nor do they track your online presence. Necessary cookies cannot be disabled as this would impact the functionality of the site.

                8. What are your rights and how do we respect them?

                We respect your individual rights to determine how your personal data is used. Under certain circumstances, and where the conditions specified in the DIFC Law are met, by law you have the right to:


                    • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.

                    • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

                    • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).

                    • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.

                    • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.

                    • Data portability which enables you to receive, or request transfer (see below), of the data you have provided us in a structured, commonly used and machine-readable format.

                    • Request the transfer of your personal information to another party.

                    • Withdraw consent to us collecting or using your data where the basis of processing your data was subject to your consent.

                  Exercising your rights

                  You can exercise your rights by contacting us (see “Our contact details” below).

                  We aim to respond to your request as quickly as possible. In some instances, this could take up to one month. Should we require more time to complete your request, we will let you know how much longer we need and provide reasons for the delay.  

                  Generally, you will not have to pay a fee to exercise your rights. However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances and where permitted by law

                  9. Are you obliged to provide us with your personal data?

                  In some cases, we are legally required to collect personal data, or your personal data may be needed before we may perform certain services and provide certain products. We undertake to request only the personal data that is strictly necessary for the relevant purpose. Failure to provide the necessary personal data may cause delays or lead to refusal of certain products and services.

                  10. How do we protect your personal data?

                  We have implemented reasonable administrative, technical and physical measures to protect your personal information against loss, misuse and alteration.

                  11. How long do we keep your personal data?

                  We will retain your personal information for the length of time needed to fulfil the purposes for which it was collected, unless we specifically agree a longer retention period with you, or a longer retention period is required or permitted by law.

                  12. Changes to this Privacy Statement

                  We reserve the right to update this Privacy Statement, at any time, to remain compliant with any changes in law or to reflect how our business processes personal data. This version was created and published on 16 December 2022. The most recent version is available on our website

                  13. Right to complain to the Commissioner

                  Should you not be satisfied with the way we have responded to your concerns you have the right to submit a complaint to our compliance department or Data Protection Officer (“DPO”). If you remain unsatisfied, you may contact the DIFC Data Protection Commissioner at:

                  Dubai International Financial Centre Authority
                  Level 14, The Gate Building
                  +971 4 362 2222

                  14. Our contact details

                  We have appointed a DPO in accordance with Article 16 of the Data Protection Law. The DPO Kate Brookstein may be contacted via email at

                  You can also address your queries or complaints:

                  Data Protection Officer
                  Badwa Capital
                  ICD Brookfield Place Suite 30-02
                  DIFC, Dubai, UAE