Purpose and scope

EGS | CAPITAL LIMITED is committed to protecting the personal data of its clients, employees and website visitors. This Privacy Policy explains how we collect, use, disclose and protect personal data in accordance with the DIFC Data Protection Law No. 5 of 2020. The DIFC’s data protection law provides a legal framework that governs how personal data is handled within the centre and seeks to uphold transparency, security and respect for privacy rights.

Personal data we collect

Depending on your relationship with EGS | CAPITAL LIMITED, we may collect and process:

• Identification and contact information – such as your name, address, telephone number, email and passport or national ID details
• Financial and account information – such as bank account details, transaction history and information about your assets and liabilities
• Client due diligence data – information we require under anti money laundering laws, including copies of identification documents and proof of address
• Professional information – such as employment history and source of funds for know your client purposes
• Website usage data – see our Cookies Policy below for details on how we collect data via cookies and other technologies

We may obtain data directly from you, from third party service providers, from publicly available sources, or from regulators such as the DFSA.

Legal basis and purposes of processing

EGS | CAPITAL LIMITED processes personal data where:

• Performance of a contract – to open and administer accounts, execute transactions and provide investment services
• Compliance with legal obligations – to satisfy regulatory requirements, including client identification, anti money laundering and counter terrorist financing obligations, tax reporting and record keeping
• Legitimate interests – to manage our business, maintain records, monitor and improve our services and protect our legal rights. The DIFC Data Protection Law emphasises that organisations must process data in a transparent, lawful and fair manner
• Consent – where we rely on your consent to process personal data, you may withdraw your consent at any time
• Website usage data – see our Cookies Policy below for details on how we collect data via cookies and other technologies

We may obtain data directly from you, from third party service providers, from publicly available sources, or from regulators such as the DFSA.

Use and disclosure of personal data

We may use and disclose your personal data for the purposes described above, including to:

• Execute and settle transactions on your behalf and maintain your account records
• Verify your identity and conduct due diligence checks
• Respond to queries and provide customer support
• Comply with requests from regulatory or law enforcement authorities. The DFSA may require us to provide information in connection with regulatory investigations or to protect the integrity of the financial system
• Share data with our affiliates or service providers (including custodians, clearing houses and IT providers) who process data on our behalf under appropriate confidentiality and security arrangements
• Transfer personal data outside the DIFC. Where we transfer data to jurisdictions that may not have an equivalent level of data protection, we will take appropriate measures to safeguard your data in accordance with the DIFC Data Protection Law (e.g., contractual clauses or reliance on adequacy decisions)

We do not sell personal data. We may disclose aggregated or anonymised data that cannot reasonably identify individuals.

Data retention

We retain personal data for as long as necessary to fulfil the purposes for which it was collected and to comply with legal or regulatory requirements. In many cases we are required by DFSA rules to keep records for at least six years. When data is no longer needed, we will securely delete or anonymise it.

Security of personal data

EGS | CAPITAL LIMITED implements appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, alteration or destruction. These measures include encryption, access controls, secure servers and staff training. The DIFC data protection principles require organisations to ensure data is kept secure throughout its lifecycle.

Data subject rights

Under the DIFC Data Protection Law you have rights to:

• Access your personal data and obtain information about how it is processed.
• Rectify inaccurate or incomplete data
• Erase personal data in certain circumstances (the “right to be forgotten”).
• Restrict or object to the processing of your data where legally applicable.
• Data portability where processing is based on consent or contract

To exercise these rights please contact us using the details below. We may require proof of identity before processing your request.

Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will post any updated version on the Site and, where appropriate, notify you via email or other communication.

Contact us

If you have any questions about this Privacy Policy or our data practices, please write to Compliance Department, EGS | CAPITAL LIMITED, Unit 1011, Level 10, Index Tower, DIFC, PO Box 507028, Dubai, UAE, or email compliance@egscapitalltd.com. You also have the right to lodge a complaint with the DIFC Commissioner of Data Protection if you believe your data has been processed unlawfully.