About
Bridging The Gap Our People Let's Work Together
Our Expertise
What Our Clients Say Insights Our Global Reach Get in Touch

Start Project

Go Back

Cavenwell Privacy Notice

1) Introduction

This Privacy Notice sets out how Cavenwell Group processes personal data. Cavenwell Group is committed to safeguarding your privacy and ensuring that personal data is processed in accordance with applicable Data Protection Laws, including the Federal Decree by Law No. (45) of 2021 Concerning the Protection of Personal Data, the Data Protection Law DIFC Law No. 5 of 2020, the Data Protection (Jersey) Law 2018, and the UK Data Protection Act 2018.

In this Privacy Notice, “controller”, “processing”, “processor” and “personal data” have the meanings given to them in the applicable Data Protection Laws.

In most circumstances, we consider that each member of the Cavenwell Group acts as a separate and independent controller in relation to any personal data that they process. In certain circumstances, however, where we exercise little or no autonomy or discretion in the role that we perform in connection with the provision of services, we may act as a processor under the applicable Data Protection Laws. When we do so, we will enter into a separate data processing agreement with you setting out our obligations as processor of that personal data, which will form part of our engagement terms in connection with the provision of the relevant services.

2) Contact details

You can contact us by email at hello@cavenwellgroup.com.

3) Who we are

The Cavenwell Group is a corporate services provider with offices in Dubai, Jersey and the UK. References to “Cavenwell”, “we”, “us”, or “our” means the relevant Cavenwell corporate entity responsible for processing your personal data, details of which will be set out in the engagement letter or terms of business, which we agree with you. If you are only a visitor to our website and not a Cavenwell client, the corporate entity processing your personal data is Cavenwell DMCC.

Our details are:

DIFC Office

Cavenwell Corporate Services (DIFC) Limited
Unit RT-208, Level 1
Gate Avenue
South Zone
DIFC
PO Box 213297
Dubai, UAE

DMCC Office

Cavenwell DMCC
Unit No: 303
SABA 1
Plot No: JLT-PH1-E3A
Jumeirah Lakes Towers
Dubai, UAE

Jersey Office

Cavenwell Trust Company (Jersey) Limited
2nd Floor
The Le Gallais Building
54 Bath Street
St Helier
JE1 1FW, Jersey

4) The Personal Data we process

We may collect and process various categories of personal data about you, including:

  • 4.1 Identification information: full name, date and place of birth, nationality, government-issued identification numbers, and other identification details.
  • 4.2 Contact information: postal address, email address, telephone numbers, and other contact details.
  • 4.3 Professional information: job title, company affiliation, and professional credentials.
  • 4.4 Personal information: family information such as marital status, the identity of your spouse and the number of children you have.
  • 4.5 Communication data: records of your communications with us including emails, phone calls, meetings notes, and records of your attendance at our offices.
  • 4.6 Financial data: bank account details, payment information, and records of transactions;
  • 4.7 Tax information: tax residency, tax ID and/or your tax status.
  • 4.8 Technical and biometric data: IP addresses, device identifiers, and other data generated during your interaction with our digital platforms and websites, which may include facial scans used for Digital ID Verification.
  • 4.9 AML/CTF/CPF information: source of wealth, source of funds, politically exposed person ("PEP") status, details of claims and criminal convictions, information about you that is available in the public domain, and such other information as may be required to satisfy our anti-money laundering (“AML“), countering the financing of terrorism (“CTF“) and countering proliferation financing (“CPF“) obligations under applicable law.
  • 4.10 Other information: any additional information that you may provide to us.

5) Special Category Data

In certain circumstances, we may process “Special Category Data”, or “Sensitive Personal Data” as defined in the applicable Data Protection Laws. This includes information on a person's race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data processed for the purpose of uniquely identifying a natural person, health data, data on a person's sex life or sexual orientation or data relating to a person's criminal record or alleged criminal activity). In such instances, legal bases for processing that data may include explicit consent, the processing is necessary for compliance with a legal obligation, the processing is necessary in order to protect the vital interests of the data subject or another natural person, the processing is necessary for the purposes of any legal proceedings, obtaining legal advice, or establishing, exercising or defending legal rights.

6) How do we collect your Personal Data

We collect personal data directly from you and from third-party sources. Third party sources include entities in which you or someone connected to you have an interest, your legal and/or other professional advisors, other financial institutions who hold and process your personal information, credit reference agencies and financial crime databases for the purposes of complying with our regulatory requirements, and personal data received in the course of dealing with advisors, regulators, official authorities and service providers by whom you are employed or engaged or for whom you act.

7) How we use your Personal Data

We use your data for the following purposes, in each case, in reliance on the following lawful basis for processing as required by the applicable Data Protection Laws:

  • 7.1 To provide our services to you: We process personal data to deliver our services in the performance of a contract that we have agreed with you.
  • 7.2 To communicate with you: We process personal data to communicate with you either to deliver our services in the performance of a contract that we have agreed with you, or as part of our legitimate interests in managing our relationship with you.
  • 7.3 To comply with our legal and regulatory obligations: We process personal data to ensure that we can comply with our legal and regulatory obligations. These include legal and regulatory obligations applicable to us as a corporate services provider requiring us to undertake and collect customer due diligence, and comply with record keeping and other obligations under applicable AML/CTF/CPF and other related rules and regulations.
  • 7.4 To monitor and record telephone and other electronic communications and transactions: We have a legitimate interest to monitor and record all telephone and electronic communications and transactions with you to ensure that we are able to safeguard our systems against unauthorised access, cyber threats and fraudulent activities, to monitor service performance, resolve technical issues and enhance the overall quality of our services, and to identify, assess and mitigate risks associated with our communications and transaction processes.
  • 7.5 To improve our business operations: We process personal data as part of our legitimate interests to ensure the efficient operation of our business and to enhance, develop, and improve our services. In doing so, we process personal data for quality assurance, business analysis, training and other related purposes.
  • 7.6 To market our services to you: We process personal data with your consent, or where otherwise lawful as part of our legitimate interests to market our services and communicate with you on topics and events, which may be of interest to you.
  • 7.7 To liaise with or report to any regulatory authority: We process personal data to liaise with, or report to, regulatory authorities (including tax authorities) to ensure that we can comply with legal and regulatory obligations applicable to us, or where we decide or deem it appropriate to cooperate with with a regulatory or tax authority, in accordance with our legitimate interests to safeguard the integrity of our services and our business.

8) How we share your Personal Data

The provision of personal data to one member of the Cavenwell Group may result in that data being accessible to, or shared with, other members of the Cavenwell Group. In addition, we may share personal data with the following third parties:

  • 8.1 Professional advisers, agents, or third parties providing services to you, or in connection with a legal transaction or proceedings involving you and/or the services which we have been engaged to provide to you.
  • 8.2 Sub-contractors, agents or service providers providing services to the Cavenwell Group, including IT providers (including cloud services), telecommunications providers, auditors, lawyers, consultants, insurers and other providers.
  • 8.3 Law enforcement agencies, regulators or other governmental, judicial or supervisory bodies where it is considered necessary for the Cavenwell Group to fulfil its legal and regulatory obligations, or who have a legitimate interest in such information.
  • 8.4 Third parties with whom a member of the Cavenwell Group has engaged for the purposes of hosting events (including virtual events) or other marketing activities.
  • 8.5 Any registrar of a public register where the data is required to be included in the public registry.

Third parties providing services to members of the Cavenwell Group may be based, or may store or process personal data provided by us in other jurisdictions, including jurisdictions outside the European Economic Area ("EEA"). Where these services are integral to the services that we provide to you (for example the use of Google Workspace), we deploy these as a matter of course and the use of such services may require information to be stored or processed in a cloud or infrastructure managed by the relevant service provider. The confidentiality and security of your personal data is of paramount importance to use and we conduct careful due diligence on such providers and, wherever possible, request that service providers use data centres based in either an European Union member state or in the UK.

9) Cross-border transfers of Personal Data

We may transfer personal data we hold to and from the jurisdiction in which it is collected. In relation to personal data that we transfer out of the DIFC, DMCC, Jersey, or the UK (as the case may be) to a jurisdiction which is not considered to provide an adequate level of protection under the applicable Data Protection Laws, we will ensure that one of the following conditions applies:

  • 9.1 The transfer is subject to appropriate safeguards that provide an adequate level of protection or otherwise satisfy the requirements for such transfers as set out in the Data Protection Laws.
  • 9.2 You have given us your consent to the transfer.
  • 9.3 The transfer is necessary for one of the reasons or special circumstances set out in the applicable Data Protection Laws.

10) Digital ID Verification

For the purposes of verifying your identity, we use a digital ID verification system provided by Sumsub. This may involve the collection and processing of your biometric data, such as facial scans. For more details on how your data is processed by Sumsub, please review their privacy notice.

11) Data retention

We will only keep your personal data for as long as it is required to be retained for the purposes for which the personal data was collected, to establish or defend legal rights or obligations or to satisfy any reporting, record-keeping or accounting obligations as required by the applicable Data Protection Laws and/or any other applicable law or regulation.

12) Your Rights in respect of your Personal Data

You have the following rights (which may be exercisable depending on the circumstances) with respect to your personal data:

  • 12.1 the right to access personal data;
  • 12.2 the right to rectify personal data;
  • 12.3 the right to request that personal data be erased;
  • 12.4 the right to object to the processing of personal data;
  • 12.5 the right to restrict the use of personal data; and
  • 12.6 the right to port your personal data.

Where we have relied on your consent to process your personal data, you have the right to withdraw your consent at any time (although please note that withdrawing your consent will not affect the lawfulness of any processing based on your consent before its withdrawal). You also have the right to object to our processing of your personal data on the basis of legitimate interests (although this right is subject to certain exceptions).

13) Inaccurate or amended information

Please let us know as soon as possible if any of your personal data changes (including your correspondence details) by contacting us at privacy@cavenwellgroup.com. Failure to provide accurate information or to update information when it changes may have a detrimental impact upon our ability to provide our services. When receiving updated information, we must also comply with all local laws and regulations with respect to our AML/CTF/CPF obligations.

14) Communications and Media

Cavenwell Group enforces the use of TLS (an encrypted end-to-end tunnel) for the secure transmission of emails. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit. Please contact us for further detail should you require it. We will also monitor any emails sent to us, including file attachments, for viruses or malicious software.

We are committed to protecting and respecting your privacy online. We are aware of the concerns which exist over the use of personal data provided over the internet and therefore, we do not collect personal data through our website (other than as described below). We do not control and are not responsible for the privacy policy of any website or organisation to which our website provides links. By including references, hyperlinks, or other connections to such third-party websites, we do not imply any endorsement of them or any association with their owners or operators.

Our website uses Google Analytics to help analyze how users use the site. The tool uses “cookies,” which are text files placed on your computer, to collect standard internet log information and visitor behaviour information in an anonymous form. The information generated by the cookie about your use of the website (including IP address) is transmitted to Google. This information is then used to evaluate visitors' use of the website and to compile statistical reports on website activity for Cavenwell Group.

Google may use the data collected on our website to contextualise and personalise the ads of its own advertising network. Google's ability to use and share information collected by Google Analytics about your visits to our website is restricted by Google Analytics terms of use and the Google Privacy Policy. Google offers an opt-out mechanism available here.

We use Third Party Advertising Cookies. Some organisations use anonymous cookies to see how many people have viewed an advert once or more than once on a website. A company that generates these cookies will have their own privacy policies which mean we have no access to read or write the cookies that they place on our website. These companies may use cookies to anonymously target you for advertising on other websites based on visits made to our website.

You can opt out of Performance and Advertising cookies by deleting or blocking these in your browser settings at any time.

Questions

If you have any questions about this Privacy Notice or how we handle your personal data please contact privacy@cavenwellgroup.com. You can also contact us by couriered mail at the contact details provided above.

Complaints

If we are unable to address your questions or concerns to your satisfaction, you may be able to make a complaint to a Data Protection Supervisory Body, to the extent that there is such a body within the relevant jurisdiction. Please see below for jurisdictional contact details.

DIFC

The Commissioner of Data Protection. For more information on how to make a complaint please refer to the Accountability and Rights section on the DIFC's website here.

DMCC

The UAE Data Bureau (currently pending establishment)

Jersey

Jersey Office of the Information Commissioner
2nd Floor
5 Castle Street
St Helier
Jersey, JE2 3BT
+44 (0) 1534 716530
enquiries@jerseyoic.org

UK

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
0303 123 1113
privacy@hmtreasury.gov.uk

Changes to this Privacy Notice

We keep our Privacy Notice under regular review. This Privacy Notice was last updated on 22nd April 2025.