Privacy Policy

Secure Capital Group Ltd ("the Company") is committed to protecting the privacy and personal data of all individuals with whom it interacts, including counterparties, service providers, website visitors, and any other persons whose data the Company may process.

This Privacy Policy explains how the Company collects, uses, stores, shares, and protects personal data in connection with its operations and website (securecapitalgroup.ltd). By accessing or using the Company's website or engaging in a business relationship with the Company, you acknowledge that you have read and understood this policy.

The data controller responsible for the processing of your personal data is: Secure Capital Group Ltd, Registration No. 01011132, License No. 07011065, RAK Innovation City Free Zone, Ras Al Khaimah, United Arab Emirates. Email: contact@securecapitalgroup.ltd.

The Company may collect and process the following categories of personal data:

• Personal identification data: full name, date of birth, nationality, gender, and government-issued identification document details (passport number, national ID number)
• Contact data: email address, telephone number, residential or business address
• Verification data: photographs of identification documents, selfie photographs with liveness check data, and results of identity verification checks conducted through SumSub (sumsub.com)
• Financial and compliance data: source of funds declarations, source of wealth information, transaction records, and risk assessment results
• Website usage data: IP address, browser type, operating system, pages visited, time spent on pages, referring URL, and other standard web analytics data
• Communication data: records of correspondence, inquiries, and communications between you and the Company

The Company processes personal data for the following purposes:

• KYC/AML compliance: to verify the identity of counterparties and service providers, conduct due diligence, screen against sanctions and PEP databases, and comply with the Company's obligations under UAE Federal Decree-Law No. 20 of 2018 and Cabinet Decision No. 10 of 2019
• Counterparty verification: to assess and manage the risks associated with business relationships and transactions
• Legal and regulatory obligations: to comply with applicable laws, regulations, court orders, and requests from regulatory or law enforcement authorities
• Communication: to respond to inquiries, provide information, and manage the business relationship

The Company processes personal data on the following legal bases:

• Legal obligation: processing is necessary for compliance with AML/CFT legislation, tax reporting obligations, and other legal requirements applicable to the Company
• Legitimate interest: processing is necessary for the Company's legitimate interests in conducting proprietary trading operations, managing business relationships, and protecting the Company from financial crime, provided that such interests are not overridden by your fundamental rights and freedoms
• Consent: where required, the Company obtains your explicit consent for the processing of personal data for specific purposes, such as the use of non-essential cookies on the website

The Company may share personal data with the following categories of recipients:

• SumSub (sumsub.com): the Company's identity verification and compliance platform provider, which processes personal data as a data processor on behalf of the Company for the purposes of KYC verification, identity checks, and sanctions/PEP screening
• Regulatory and law enforcement authorities: the Company may disclose personal data to the UAE Financial Intelligence Unit (FIU), licensing authority, or other competent authorities where required by law or in connection with suspicious activity reporting

The Company does not sell, rent, or otherwise commercially exploit personal data. Data is shared only to the extent necessary to fulfil the purposes described in this policy.

Personal data collected by the Company may be transferred to and processed in countries outside the United Arab Emirates, including but not limited to countries where the Company's service providers (such as SumSub) maintain their infrastructure.

Where personal data is transferred outside the UAE, the Company ensures that appropriate safeguards are in place to protect your data, including contractual obligations on the recipient to maintain equivalent levels of data protection.

The Company retains personal data for the following periods:

• KYC/AML records: a minimum of five (5) years from the date of the last transaction or the termination of the business relationship, in accordance with UAE Federal Decree-Law No. 20 of 2018
• Website usage data: retained for a period of up to twenty-four (24) months from the date of collection, unless a longer retention period is required for legal or security purposes

Subject to applicable law, you may have the following rights in relation to your personal data:

• Right of access: the right to request confirmation of whether the Company processes your personal data and to obtain a copy of such data
• Right to rectification: the right to request correction of inaccurate or incomplete personal data
• Right to erasure: the right to request deletion of your personal data, subject to the Company's legal obligation to retain certain records (e.g., AML/CFT records for a minimum of five years)
• Right to data portability: the right to receive your personal data in a structured, commonly used, and machine-readable format
• Right to object: the right to object to the processing of your personal data where the processing is based on legitimate interest

To exercise any of these rights, please contact the Company at contact@securecapitalgroup.ltd. The Company will respond to your request within a reasonable timeframe and in accordance with applicable law.

Where the Company processes personal data of individuals located in the European Union or European Economic Area, the Company processes such data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"). EU/EEA data subjects are entitled to the full range of rights set out in the GDPR, including the rights described in Section 9 above.

Where the Company relies on consent as the legal basis for processing, EU/EEA data subjects have the right to withdraw their consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to such withdrawal.

The Company processes personal data in accordance with applicable UAE data protection legislation, including Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data ("UAE PDPL"), to the extent applicable to the Company's operations.

The Company's website uses cookies and similar tracking technologies. For detailed information about the types of cookies used, their purpose, and how to manage your cookie preferences, please refer to our Cookie Policy.

The Company implements appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include, but are not limited to:

• Encryption of personal data in transit and at rest using industry-standard encryption protocols
• Access controls limiting access to personal data to authorised personnel on a need-to-know basis
• Regular security assessments and audits of the Company's information systems and data processing practices

The Company's website and services are not intended for individuals under the age of eighteen (18). The Company does not knowingly collect or process personal data from children. If the Company becomes aware that it has collected personal data from a child, such data will be deleted without undue delay.

The Company reserves the right to update or modify this Privacy Policy at any time. Any changes will be posted on this page with an updated "Last Updated" date. Continued use of the Company's website or maintenance of a business relationship with the Company after such changes constitutes acceptance of the revised policy.

For any questions, concerns, or requests relating to this Privacy Policy or the Company's data processing practices, please contact us at contact@securecapitalgroup.ltd.