StashAway | Investing, redefined

Privacy Policy

1. INTRODUCTION AND APPLICATION

1. INTRODUCTION AND APPLICATION

1.1 This policy ("Privacy Policy") describes how StashAway Management (DIFC) Limited (Company No. 3982) ("StashAway") manages Personal Data which is in our possession or under our control. "Personal Data", is defined in the Dubai International Financial Centre (“DIFC”) Data Protection Law (DIFC Law No. 5 of 2020)) (“DPL”), and currently refers to any information referring to an identified or Identifiable Natural Person. An “Identifiable Natural Person” is defined in the DPL as a natural living person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one (1) or more factors specific to his biological, physical, biometric, physiological, mental, genetic, economic, cultural or social identity. Personal Data may also include “Special Categories of Personal Data”. Special Categories of Personal Data is Personal Data revealing or concerning (directly or indirectly) racial or ethnic origin, communal origin, political, affiliations or opinions, religious or philosophical beliefs, criminal record, trade-union membership and health or sex life ad including genetic data and biometric data where it is used for the purpose of uniquely identifying a natural person.

1.2 We process your Personal Data in accordance with the DPL. We process your Personal Data as required for the performance of your agreement(s) with us to use our services ("Services"), operating any account maintained with us, accessing the online platform operated by us (which is accessible through our website at www.stashaway.ae or through our mobile application) ("Platform"), websites or mobile applications, or otherwise to enable you to provide      information to or communicate      with us. We undertake the processing of your Personal Data as required to comply with Applicable Law (as defined below) that we are subject to. We also process your Personal Data for the purpose of legitimate interests pursued by us or a third party to whom your Personal Data is made available, except in the circumstances where such interests are overridden by your interests or rights as a data subject under the DPL. Please see clause 4 below for a detailed list of the “Purposes” for which we process your Personal Data.

1.3 The words "we", "us", "our" or any of their derivatives refer to Stashaway and its successors and any novatee, assignee, transferee or purchaser of Stashaway's rights and/or obligations hereunder and any reference to Stashaway includes a reference to such successor, novatee, assignee, transferee or purchaser. The words "you", "your", "yours" or any of their derivatives refer to the person using our Services, operating any account maintained with us, accessing our Platform, website or mobile applications, or otherwise providing information to or communicating with us and shall include, as the context may require, personal representatives (as the case may be).

1.4 This Privacy Policy shall be governed by, and construed in accordance with, the laws of the DIFC. Without prejudice to your rights under any applicable laws, any dispute arising out of or in connection with this Privacy Policy and/or the documents referred to herein, including any question regarding their existence, validity or termination, shall be referred to and finally resolved by the DIFC Courts and both you and we hereby unconditionally and irrevocably submit to the exclusive jurisdiction of the DIFC Courts.

BASICALLY,

The column on the left sets out StashAway's (i.e. our) Privacy Policy. The Privacy Policy describes how we manage Personal Data in our possession or under our control.

This Summary in this right column provides a short explanation of the Privacy Policy.

This is not legally binding and not comprehensive, and you are encouraged to read and understand the Privacy Policy.  

If there are any differences between the Summary and the Privacy Policy, the Privacy Policy prevails.

2. PERSONAL DATA THAT WE COLLECT

2. PERSONAL DATA THAT WE COLLECT

2.1 We collect, use, disclose, transfer and otherwise process Personal Data about you or Personal Data relating to individuals who are connected or associated with you including but not limited to your legal representatives that you provide to us (“Associated Persons”) in accordance with this Privacy Policy. 

2.2 The Personal Data that we collect or may collect include:

  • (a) personal contact data including name, telephone number, email address, residential address and correspondence address;

  • (b) specimen signature(s);

  • (c) occupation, education and income levels;

  • (d) identification card or passport number, date of birth, place of birth and other information for the verification of identity;

  • (e) financial and banking information (e.g. Information on net assets, income, expenses, credit history, bank account and banking transactions, securities trading account);

  • (f) images and voice recordings of our conversations with you;

  • (g) tax and insurance information;

  • (h) information about your risk profile, investments, investment objectives, knowledge and experience and/or business interests and assets;

  • (i) personal opinions made known to us (e.g. your feedback or responses to any surveys);

  • (j) browsing history, patterns or other unique information;

  • (k) your internet protocol address and information associated with such address;

  • (l) any other personal data reasonably required in order for us to provide the services requested by you; and

  • (m) any other Personal Data permitted by or required to comply with any applicable local or foreign laws, rules, acts, regulations, subsidiary legislation notices, notifications, circulars, licence conditions, directions, requests, requirements, guidelines, directives, codes, information papers, practice notes, demands, guidance and/or decisions of any national, state or local government, any agency, exchange, regulatory or self-regulatory body, law enforcement body, court, central bank or tax revenue authority or any other authority whether in the DIFC, Singapore or elsewhere, whether having the force of law or not (including any intergovernmental agreement between the governments or regulatory authorities of two or more jurisdictions or otherwise), as may be amended from time to time ("Applicable Laws") and our internal control and compliance policies.

BASICALLY,

Section 2 sets out the type of Personal Data that we collect or may collect from you.

3. SOURCES OF INFORMATION

3. SOURCES OF INFORMATION

3.1 The Personal Data has/or will be obtained from the following sources, where applicable, or such other sources which we may see fit from time to time:

  • (a) information provided or submitted by you through among others, your dealings and agreements with us, which includes information provided when registering as a user, providing information regarding any account which you may open with us, providing answers to security questions, completing any confirmations, declarations or forms, or through your utilization of any of our Services, accessing or viewing our Platform;

  • (b) as applicable, publicly available or publicly accessible information; and

  • (c) such other written, electronic or verbal communications or documents delivered to us prior to and during the course of our contractual or pre-contractual dealings with you.

  • (d) screening service providers such as LexisNexis.

3.2 As the accuracy of your Personal Data depends largely on the information you provide to us, you should inform us as soon as practicable if there are any errors in the Personal Data or if there have been any changes to the Personal Data. Any errors or incomplete Personal Data may prevent us providing access to the Platform to you or providing Services to you.

BASICALLY,

Section 3 sets out where we may obtain Personal Data from.

As the accuracy of your Personal Data depends largely on the information you provide to us, you should inform us as soon as practicable if there are any errors in the Personal Data or if there have been any changes to the Personal Data.

4. PURPOSE OF COLLECTING, USING AND DISCLOSING YOUR PERSONAL DATA

4. PURPOSE OF COLLECTING, USING AND DISCLOSING YOUR PERSONAL DATA

4.1 We may use your Personal Data for our business purposes, including the provision and continuing operation of the Platform and the Services provided to you. This includes, the following purposes ("Purposes"):

  • (a) provision of the Services as requested by you;

  • (b) carrying out any transactions on your behalf contemplated on the Platform and the Services thereto;

  • (c) assessing and processing applications, instructions or requests from you;

  • (d) communicating with you, including providing you with updates on changes to our Services;

  • (e) to verify your identity for the purposes of providing Services to you;

  • (f) conducting due diligence checks, screenings or credit checks as may be required by any Applicable Laws or our internal policies and procedures;

  • (g) for the specific purpose for which it was volunteered or provided to us;

  • (h) to detect and protect us or any third parties against negligence, fraud, theft and other illegal activities;

  • (i) to understand your needs and preferences;

  • (j) improving the content, appearance and utility of the Platform;

  • (k) to manage and develop infrastructure and business operations;

  • (l) to administer any account which you may open with us;

  • (m) to process payments;

  • (n) to comply with our internal policies and procedures;

  • (o) to respond to queries or feedback;

  • (p) to address or investigate any complaints, claims or disputes;

  • (q) as permitted by any Applicable Laws;

  • (r) to comply with any Applicable Laws or any request from any relevant governmental or regulatory authority;

  • (s) financial reporting, regulatory reporting, management reporting, risk management, audit and record keeping purposes;

  • (t) enforcing obligations owed to us;

  • (u) seeking professional advice, including legal advice;

  • (v) any other reasonable purposes in connection with the provision of our Services;

  • (w) with your consent, providing you with marketing materials in connection with the services we may provide;

  • (x) fulfilling any purpose directly related to the above Purposes; or

  • (y) any other purposes that are appropriate or authorized by any Applicable Laws.

4.2 We will inform you if any of your Personal Data will be used for the purposes of direct marketing, whether by us or via a third party, and you will be offered the option of objecting to any such direct marketing. You may also, at any time, object to receive marketing information from us. If you wish to do so, please click on the “Unsubscribe” option available on all marketing/newsletter emails that you may receive from us or contact our Data Protection Officer (see the contact details in clause 12 below).  

BASICALLY,

Section 4 sets out how we may use your Personal Data. This includes using your Personal Data for the provision of our Services / Platform to you, for marketing purposes, and to comply with regulatory requirements.

5. DISCLOSURE AND SHARING OF YOUR PERSONAL DATA

5. DISCLOSURE AND SHARING OF YOUR PERSONAL DATA

We may from time to time disclose and share your Personal Data to our directors, officers, employees, representatives, agents or delegates or any third parties, whether located in DIFC, Singapore or otherwise, to carry out the Purposes. This includes, disclosing and sharing your Personal Data with the following:

  • (a) any of our directors, officers, employees, representatives, agents or delegates;

  • (b) any of our shareholders or related corporations, and any of their successors or assigns, and their directors, officers, employees, representatives, agents or delegates;

  • (c) our professional advisers, consultants and auditors;

  • (d) any service providers, agents, contractors, delegates, suppliers or third parties which we may appoint from time to time to provide us with services in connection with the Platform or the Services that we offer to you, and their directors, officers, employees, representatives, agents or delegates;

  • (e) any sub-contractors which any of our service providers, agents, suppliers, delegates or contractors may appoint from time to time to provide them with services in connection with the Platform or the Services that we offer to you, and their directors, officers, employees, representatives, agents or delegates;

  • (f) anyone who takes over or may take over all or part of our rights or obligations under any agreement we have with you or anyone any agreement we have with you (or any part thereof) is transferred to or may be transferred to;

  • (g) any person who we believe in good faith to be your legal advisers or other professionals;

  • (h) any relevant governmental or regulatory authority, in so far as we need to do so to keep to any Applicable Laws, or which we in good faith believe that we should keep to; and

  • (i) pursuant to a request by any relevant governmental or regulatory authority (regardless of the reason for such request and whether such request is exercised under a court order or otherwise);

  • (j) parties which assist us in carrying out the Purposes laid out above in this Privacy Policy; and

  • (k) any person to whom we are, in our belief in good faith, under an obligation to make disclosure as required by any Applicable Laws,

provided that

  • (1) in the case of disclosures under any of the circumstances in (a) to (f), we shall procure that the recipient is subject to the same duty of confidence; and 

  • (2) In the case of disclosures under any of the circumstances in (h) and (k), we shall disclose such Personal Data in accordance with the terms of the DPL. We shall exercise reasonable caution and diligence to determine the validity and proportionality of any request and where reasonably practicable obtain appropriate written and binding assurances from the recipient of the Personal Data in relation to the disclosures. 

BASICALLY,

We may also disclose and share your Personal Data with other persons in connection with the Purposes described in Section 4.

6. TRANSFER OF YOUR PERSONAL DATA OUTSIDE THE DIFC

6. TRANSFER OF YOUR PERSONAL DATA OUTSIDE THE DIFC

We may transfer, store, process and/or deal with your Personal Data outside the DIFC for one or more of the Purposes set out above. In doing so, we will comply with the DPL and other applicable data protection and privacy laws. For example, if we transfer your Personal Data to a country outside the DIFC that lacks an adequate level of data protection, as determined by the DPL, we will ensure that appropriate safeguards are in place. You can contact our Data Protection Officer using the contact details in clause 12 below for further details of the safeguards we put in place. We implement appropriate technical and organisational measures to ensure that any processing of your Personal Data is undertaken securely and in compliance with the DPL. This includes encrypting all Personal Data stored outside the DIFC, both whilst in transit and also whilst in storage.

BASICALLY,

We may transfer your Personal Data outside the DIFC. If we do, we will comply with applicable data protection and privacy laws.

7. RETAINING YOUR PERSONAL DATA

7. RETAINING YOUR PERSONAL DATA

Your Personal Data is retained as long as the purpose for which it was collected remains and until it is no longer necessary for any other business purposes or to comply with any Applicable Laws (including the DPL). This means that we will normally retain your Personal Data for a period of 6 years following the end of our relationship with you. 

BASICALLY,

We may retain your Personal Data for as long as it is necessary for the purpose it was collected, for business purposes or to comply with applicable laws.

8. RIGHTS OF ACCESS AND RECTIFICATION

8. RIGHTS OF ACCESS AND RECTIFICATION

You have a number of key rights under the DPL. We have set these out below:

8.1 You may request access to your Personal Data that we hold, or request the rectification of any inaccurate Personal Data or the erasure of Personal Data under certain circumstances. You may also restrict our processing of your Personal Data under certain circumstances.

8.2 You have the right to object to the processing of your Personal Data on reasonable grounds and where the processing of your Personal Data is being undertaken in relation to the performance of a task carried out in the public interest or in the exercise of any official authority vested in us or where the processing is necessary for the purposes of our or a third party’s legitimate interests.

8.3 You have the right to receive Personal Data you have provided to us in a structured, commonly used and machine-readable format in the circumstances where we have processed your Personal Data in relation to our agreement with you and that processing has been carried out by automated means. 

8.4 In the circumstances where we are undertaking automated decision making in relation to you, you have the right to object to any decision based solely on such automated processing which produces legal consequences or otherwise seriously impacts you. You have the right, in such circumstances to have the decision reviewed manually.      

If you would like to exercise any of your rights in relation to your Personal Data or require further information on the scope of any such rights please contact our Data Protection Officer (see the contact details in clause 12 below). You also have the right to lodge a complaint with the DIFC Data Protection Commissioner in relation to both your data subject rights and, more broadly, any DPL issues you have encountered.

BASICALLY,

You have various data subject rights and we have set out what these are in detail and how you may exercise them.    

9. USE OF COOKIES AND RELATED TECHNOLOGIES

9. USE OF COOKIES AND RELATED TECHNOLOGIES

9.1 Our Platform, websites and mobile applications (“apps” or an “app”) use cookies. A cookie is a small text file placed on your computer, system or mobile device when you visit a web site or use an app. Cookies collect information about users and their visit to the web site or use of the app, such as their Internet protocol (IP) address, how they arrived at the web site (for example, through a search engine or a link from another web site) and how they navigate within the web site or app. We use cookies and other technologies to facilitate your internet sessions and use of our apps, offer you products and/or services according to your preferred settings, track use of our web sites and apps and to compile statistics about activities carried out on our web sites and/or through our apps.

9.2 A pixel tag, also known as a web beacon, is an invisible tag placed on certain pages of our web site but not on your computer. Pixel tags are usually used in conjunction with cookies and are used to monitor the behaviour of users visiting the web site.

9.3 You may set up your web browser to block cookies which will in turn disable the pixel tags from monitoring your web site visit. You may also remove cookies stored from your computer or mobile device. However, if you do block cookies and pixel tags, you may not be able to use certain features and functions of our web sites or the Platform.

9.4 We also use analytics programs such as Google Analytics for web analytics purposes to manage and improve our websites, mobile applications, the Platform and/or our Services. Features of Google Analytics that we may use include Remarketing with Google Analytics, Google Display Network Impression Reporting, and Google Analytics Demographics and Interest Reporting. Accordingly, your Personal Data      may be collected for reports such as impression reporting, demographic reporting, interest reporting and to assist with tailoring our online advertising to provide you with a better experience. You may refer to this link for more information about how your Personal Data is collected through Google Analytics.

9.5 We and our third-party vendors, including Google, use first-party cookies (such as the Google Analytics cookie) or other first-party identifiers, and third-party cookies (such as Google advertising cookies) or other third-party identifiers together, to inform, analyse, optimise, and serve custom ads based on your interests, searches and prior usage patterns when visiting our websites, mobile applications and Platform, and for other market research analysis purposes such as impression reporting and how your interactions with these ads are related to visits to our websites, mobile applications and Platform, amongst others. As a consequence, third party vendors may show our ads on other websites or mobile applications. We neither support nor endorse the goals, causes or statements of these websites or mobile applications which display our ads.

9.6 Using the Google Ad Settings, you may control the ads you view, block specific advertisers, learn how ads are selected for you, and opt-out of Google Analytics for Display Advertising. To opt out from any collection or use of information by Google Analytics, please download and install the Google Analytics Opt-Out Browser Add-on available at this link. By opting out, you will not be subject to online advertising or marketing analysis by Google Analytics and you will no longer receive ads tailored to your browsing patterns and usage preferences.

BASICALLY,

We may collect information, your Personal Data, through cookies on our Platform, website and mobile applications. We use analytics programs such as Google Analytics to manage and improve our websites, mobile applications, the Platform and/or our Services. We may with the help of Google Analytics use your browsing behaviour and prior usage patterns together with any other Personal Data previously provided by you in accordance with this Privacy Policy.

10. THIRD PARTY SITES

10. THIRD PARTY SITES

Our web sites may contain links to other web sites which are not maintained by us. This Privacy Policy only applies to our websites, mobile applications, the Platform and/or our Services. When visiting these third-party web sites, you should read their privacy policies which will apply to your use of the web sites.

BASICALLY,

This Privacy Policy does not apply to third party web sites which may be linked to our web sites.

11. CHANGES

11. CHANGES

Our Privacy Policy may change from time to time. We will post any privacy policy changes on this page, for which you will be notified. If you continue to use our Services, operate any account maintained with us, access our Platform, websites or mobile applications, and/or otherwise provide information to or communicate with us, you are deemed to have agreed to such changes without reservation.

BASICALLY,

The Privacy Policy is subject to changes made by us; and if you continue to use our Services, operate any account maintained with us, access our Platform, websites or mobile applications, and/or otherwise provide information to or communicate with us, you will be treated as if you have agreed to the changes.

12. CONTACTING US

12. CONTACTING US

If you have any questions about any aspects of this policy or your Personal Data, please contact our Data Protection Officer at dataprotection@stashaway.com or +971 800 032 0398.

BASICALLY,

You may contact our Data Protection Officer if you have any questions about this Privacy Policy.