Data Protection Policy

Client Data Protection Policy – NAV Capital Limited

This policy (“Policy“) applies to personal information about any persons anywhere in the world who access or use NAV Capital Limited’s (“NAV, us, our“) website or its services, including a prospective or actual client or any of a prospective or actual client’s customers, suppliers or any other relevant individual engaged with in the ordinary course of business (“Users“, “you“, “your“) held by NAV whose principal place of business is Office 812, Level 8, Burj Daman, Dubai International Financial Centre, Dubai, United Arab Emirates. See “Contacting Us” below for our contact details.

In this Policy “Data Protection Legislation” means the Data Protection Law (DIFC Law No.5 of 2020); together with all other applicable legislation relating to privacy or data protection; and where we use the terms “personal data“, “data subject“, “controller“, “processor” and “process” (and its derivatives), such terms shall have the meanings given to them in the Data Protection Legislation.

Using your Information

We may collect and process information relating to Users in order to provide our services to them. We shall process any information we collect in accordance with Data Protection Legislation and the provisions of this Policy.

Your Information

The information referred to above includes personal data, which means information that can be used to identify a natural person, including (but not limited to) the following categories of personal information:

  • contact information, such as an individual’s home or work address and contact details (including mobile telephone number);
  • date of birth, marital/civil partnership status, details of dependants and next of kin;
  • financial information (including bank details, tax rates and information in relation to investments);
  • employment status;
  • information about an individual’s professional qualifications;
  • pay records and national insurance number;
  • other information about an individual disclosed to us when communicating with us;
  • details of any complaints or concerns raised by Users;
  • information we obtain from the instructions Users give to us;
  • information we collect when Users communicate with us or any other time Users contact us; and
  • information we obtain from third parties, such as information that we obtain when verifying details supplied by Users. This information obtained from other third-party organisations may include fraud prevention agencies and information which is collected from publicly available sources such as the DIFC Public Register.

Some of the information that we collect about Users may include special categories of personal data (such as information about racial or ethnic origin, criminal or alleged criminal offences, criminal record or health and lifestyle). We will usually seek separate permission from Users in writing to process these special categories of personal data.

If Users fail to provide us with this information, or Users object to us processing such information (see “General Rights” for more information about the rights of Users in relation to their information) the consequences are that we may be prevented from providing our services to Users, or continuing with relevant client engagements.

Our Use of Your Information

We may collect, record and use information about Users, and the services we provide to them, in physical and electronic form and will hold, use and otherwise process the data in accordance with the Data Protection Legislation and as set out in this Policy. This may include sharing this information with third parties and transferring it abroad. More information about sharing and transferring such information is set out below.

We may process any information we hold about Users for a number of business purposes.  Examples of the types of uses of such information are set out below:

  • to provide our services to Users;
  • to administer and operate your account(s) and engagements;
  • to monitor and analyse the conduct of client account(s) and engagements;
  • to assess any billing matters or credit decisions;
  • to enable us to carry out statistical and other analysis and to meet our legal or regulatory obligations;
  • for our reasonable commercial purposes (including in connection with our insurance, quality control and administration and assisting us to develop new and improved services);
  • to confirm the identity of a User and carry out background checks, including as part of our checks in relation to anti-money laundering, compliance screening and to prevent fraud and other crimes;
  • to follow up with a User after requesting information to see if we can provide any further assistance;
  • to comply with any requirement of applicable laws or regulations;
  • to fulfil our obligations under any reporting agreement entered into with any tax authority or revenue service(s) from time to time;
  • to check User’s instructions;
  • to circulate attendee lists to other attendees of our events;
  • to monitor, record and analyse any communications between a User and us, including phone calls to analyse, assess and improve our services to Users, as well as for training and quality purposes;
  • to prevent or detect abuse of our services or any of our rights (and attempts to do so), and to enforce or apply this Policy and/or any other agreement and to protect our (or others’) property or rights;
  • in the context of a sale or potential sale of a relevant part of our business, subject always to confidentiality obligations;
  • if instructed to do so by a User or where we have consent to the use and/or processing involved; and
  • to bring to the attention of a User (in person or by post, email or telephone) information about additional services offered by us, which may be of interest to them, unless they indicate at any time that they do not wish us to do so.

Lawful Grounds For Using Your Information

We have described the purposes for which we may use information about Users. We are permitted to process such information in this way, in compliance with the Data Protection Legislation, by relying on one or more of the following lawful grounds:

  • Users have explicitly agreed to us processing such information for a specific reason;
  • the processing is necessary to perform the agreement we have with Users or to take steps to enter into an agreement with Users;
  • the processing is necessary for compliance with a legal obligation we have; or
  • the processing is necessary for the purposes of a legitimate interest pursued by us, which might be:
    1. to ensure that our engagements are well-managed;
    2. to prevent fraud;
  • to protect our business interests;
  1. to ensure that complaints are investigated;
  2. to evaluate, develop or improve our services; or
  3. to keep our clients informed about relevant services.

In relation to any processing of special categories of personal data, we will generally rely on obtaining specific consent in order to process such information. Where Users have consented to our processing of such information (including special categories of personal data) you may withdraw such consent at any time, by contacting us using the contact details set out in “Contacting Us” below. Please note, however, withdrawing your consent will not affect the lawfulness of the processing conducted before withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.

Automated processing

We do not carry out automated decision-making or profiling in relation to our clients.

Information sharing

Sharing Your Information With Others

We keep all client information confidential.  However, in order to be able to service our clients’ needs to the best of our ability, we may provide third party service providers access to client information where they support or provide services to us. We will ensure that if we share information with, or provide access to, third party service providers, any such disclosure or access is at all times in compliance with Data Protection Legislation.

The recipients, or categories of recipients, of your information, or information relating to Users, may be:

  • any revenue service or tax authority, if obliged to do so under applicable regulations;
  • User’s other advisers (including, but not limited to, accountants or other professional advisers) where authorised to do so by a User;
  • DIFC and overseas regulators, courts and authorities in connection with their duties (such as crime prevention);
  • fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify Users identity. We and fraud prevention agencies may also enable law enforcement agencies to access and use User’s information to detect, investigate and prevent crime;
  • third party service providers who support or provide services to us;
  • attendees of our events where we circulate names, corporates names and corporate email addresses on an attendee list for our events;
  • anyone to whom we may transfer our rights and/or obligations under this Policy; and
  • any other person or organisation after a restructure, sale or acquisition.

If we, or a fraud prevention agency, determine that Users pose a fraud or money laundering risk:

  • we may refuse to provide the services you have requested, or we may stop providing existing services to you; and
  • a record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you or them.

Sharing Third Party Information With Us

If any information which Users provide to us relates to any third party, by providing us with such information Users confirm that they have obtained any necessary permissions from such persons to the reasonable use of that information in accordance with this Policy, or are otherwise permitted to give us this information on their behalf.

Transferring Your Information Outside The DIFC

Information about Users in our possession may be transferred to other countries for any of the purposes described in this Policy.

Users understand and accept that these countries may have differing (and potentially less stringent) laws relating to the degree of confidentiality afforded to the information they hold and that such information can become subject to the laws and disclosure requirements of such countries, including disclosure to governmental bodies, courts regulatory agencies and private persons, as a result of applicable governmental or regulatory inquiry, court order or other similar process. In addition, a number of countries have agreements with other countries providing for exchange of information for law enforcement, tax and other purposes.

When we, or our permitted third parties, transfer information outside the DIFC, we or they will impose contractual obligations on the recipients of that data to protect such information to the standard required in the DIFC. In the case of transfers by us, we may also transfer User’s information where:

  • the transfer is to a country deemed by the Commissioner of Data Protection (as appointed by the President of the DIFC) to provide adequate protection of User’s information;
  • Users have consented to the transfer, or
  • such transfer is otherwise permissible under Data Protection Legislation (for example if we are required to provide such information by law).

Your Rights In Relation To Your Information

General Rights

Users have a number of rights concerning the way that we use your information. Users are responsible for ensuring they are aware of these rights, which comprise:

  • to request access to, or a copy of, any personal data we hold about Users;
  • to request the rectification of a User’s personal data, if a User considers that it is inaccurate;
  • to request the erasure of a User’s personal data, if a User consider that we do not have the right to hold it;
  • to object to a User’s personal data being processed for a particular purpose or to request that we stop using a User’s information;
  • to request not to be subject to a decision based on automated processing and to have safeguards put in place if a User is being profiled based on their personal data;
  • to ask us to transfer a copy of a User’s personal data to another party where technically feasible and otherwise required by applicable regulations;
  • to withdraw, at any time, any consent that a User have previously given to us for our use of a User’s personal data;
  • to ask us to stop or start sending them marketing messages at any time; or
  • the right not to be discriminated against for choosing to exercise a User’s data protection rights as set out in this section of the Policy.

Any request for access to or a copy of personal data must be in writing and we will endeavour to respond within a reasonable period and in any event within one month in compliance with Data Protection Legislation. We will comply with our legal obligations as regards any individual’s rights as a data subject.

If you would like to contact us in relation to any of the rights set out above please contact us using the contact details in the “Contacting Us” section below.

Retaining Your Information

We will only keep the information we collect about a User on our systems or with third parties for as long as required for the purposes set out above or as required to comply with any legal obligations to which we are subject. This will involve us regularly reviewing our files to check that information is accurate and up-to-date and still required.

If a User terminates their relationship with us, an engagement comes to an end, we decline to act on an engagement, or a User decides not to go ahead with a matter, we may still keep a User’s information.

Sending You Marketing Information

We may use your information from time to time to inform Users by letter, telephone, text (or similar) messages, email or other electronic means, about similar services (including those of third parties) which may be of interest to them.

Users may, at any time, request that we cease or do not send such information by one, some or all channels, by contacting us using the contact details set out below or by clicking “unsubscribe” for the relevant communication.

Contacting Us

If a User wishes to exercise any of the rights relating to their information set out above, or if they have any questions or comments about data protection, or they wish to raise a complaint about how we are using their information they can contact us using the following details, or any other details notified to them from time to time:

  • Write to NAV Capital Limited, at Office 812, Level 8, Burj Daman, Dubai International Financial Centre, Dubai, United Arab Emirates, email us using info@navcapital.ae or call +971 4 439 6769. Please note calls may be recorded or monitored for training purposes.

If Users have any concerns about our use of their information, they also have the right to make a complaint to the Commissioner of Data Protection (as appointed by the President of the DIFC), which regulates and supervises the use of personal data in the DIFC: e-mail: commissioner@dp.difc.ae, telephone number +971 4 362 2222.

We may make changes to this Policy and how we use the information of Users in the future.  If we do this, we will ensure that the version available on our website is the current version.

Legal company information

NAV Capital Limited (“NAV Capital”) is a company incorporated under the laws of the Dubai International Financial Centre (“DIFC”) with its registered office at Office 812, Level 8, Burj Daman, Dubai International Financial Centre, PO Box no. 506910, Dubai, United Arab Emirates. NAV Capital is authorized and regulated by the Dubai Financial Services Authority (“DFSA”) with DFSA Reference Number F006655.