About
Bridging The Gap Our People Let's Work Together
Our Expertise
What Our Clients Say Insights Our Global Reach Get in Touch

Start Project

Go Back

Cavenwell Privacy Notice

  1. INTRODUCTION

    This Privacy Notice sets out how Cavenwell Group deals with your personal data which we collect in the course of you and people and entities connected with you interacting with Cavenwell.

    We are the Cavenwell group of companies as set out in our Terms of Business. When we mention ‘we’, ‘us’ or ‘our’ in this privacy notice, we are referring to the Cavenwell corporate entity controlling your Personal Data. If you are only a user of this website and not a Cavenwell client, the entity controlling your data is Cavenwell DMCC.

    We take privacy and security of your information seriously and will only use such personal information as set out in this Privacy Notice and in ways which are reasonably ancillary to what is set out below.

    You can contact us by email at hello@cavenwellgroup.com.

    Visitors to our website should review our Website Privacy Notice at www.cavenwellgroup.com.

  2. CONTACT DETAILS

    You can contact us by email at hello@cavenwellgroup.com

  3. THE PERSONAL INFORMATION WE PROCESS

    We may collect various types of personal data about you, including:

    1. Your identification information (which may include your name, ID card and passport numbers, nationality, place and date of birth, gender, photograph and/or IP address and personal data relating to claims, court cases and convictions, politically exposed person (PEP) status, personal data available in the public domain and such other information as may be necessary for Cavenwell to provide its services and to complete its CDD process and discharge its AML/CFT obligations);

    2. Your tax status information (which may include your tax residency, tax ID and/or tax status);

    3. Your contact information (which may include postal address and e-mail address and your home and mobile telephone numbers);

    4. Your family relationships (which may include your marital status, the identity of your spouse and the number of children that you have);

    5. Your professional and employment information (which may include your level of education and professional qualifications, your employment, employer’s name and details of directorships and other offices which you may hold);

    6. Financial information, sources of wealth and your assets (which may include details of your assets, sources of wealth, shareholdings and your beneficial interest in assets, your bank details and your credit history);

    7. Biometric data (which may include facial scans used for digital ID verification);

    We may also collect and process personal data regarding people connected to you, either by way of professional (or other) association or by way of family relationship.

  4. SPECIAL CATEGORY DATA

    We may collect and process special categories of personal data, which include information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying an individual, data concerning health, and data concerning a natural person's sex life or sexual orientation.

    The processing of special category data will only be carried out under the following lawful grounds, in accordance with the DIFC Data Protection Law:

    1. The data subject has given explicit consent to the processing of those personal data for one or more specified purposes;

    2. Processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law, to the extent authorized by DIFC law;

    3. Processing is necessary to protect the vital interests of the data subject or another natural person where the data subject is physically or legally incapable of giving consent;

    4. Processing relates to personal data which are manifestly made public by the data subject;

    5. Processing is necessary for the establishment, exercise or defense of legal claims or whenever courts are acting in their judicial capacity;

    6. Processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services.

    7. Processing is necessary for reasons of substantial public interest, based on applicable law.

  5. WHERE WE OBTAIN YOUR PERSONAL INFORMATION

    We collect your personal information from the following sources:

    1. Personal information which you give to us, including but not limited to:

      1. Such other forms and documents as we may request that are completed in relation to the administration/management of any of our services;

      2. Information gathered through client due diligence carried out as part of our compliance with regulatory requirements; or

      3. Any personal information provided by way of correspondence with us by phone, e-mail or otherwise.

    2. Personal information we receive from third-party sources, such as:

      1. Entities in which you or someone connected to you has an interest;

      2. Your legal and/or financial advisors;

      3. Other financial institutions who hold and process your personal information; and

      4. Credit reference agencies and financial crime databases for the purposes of complying with our regulatory requirements; and

      5. Personal information received in the course of dealing with advisors, regulators, official authorities, and service providers by whom you are employed or engaged or for whom you act.

  6. WHY WE COLLECT YOUR PERSONAL INFORMATION

    LAWFUL GROUNDS FOR PROCESSING:

    1. We may hold and process your personal information on the following lawful grounds:

      1. The processing is necessary for our legitimate interests, provided your interests and fundamental rights do not override those interests;

      2. The processing is necessary to comply with our contractual duties;

      3. The processing is necessary to comply with our legal and regulatory obligations;

      4. Where we have obtained your consent to processing your personal information for a specific purpose; and

      5. On rare occasions, where it is needed in the public interest.

    2. Pursuant to paragraph 6.1 above, your personal information may be processed for the purposes set out below (“Purposes”). The Purposes based on our legitimate interests are set out in paragraphs 6.2.1 to 6.2.4 inclusive):

      1. Facilitating the administration of our business and/or our service providers;

      2. Communicating with you as necessary in connection with our services;

      3. Monitoring and recording telephone and electronic communications and transactions: Pursuant to paragraph 5.1 above, your personal information may be processed for the purposes set out below (“Purposes”). The Purposes based on our legitimate interests are set out in paragraphs 6.2.1 to 6.2.4 inclusive);

      4. For quality, business analysis, training, and related purposes in order to improve service delivery; and

      5. For investigation and fraud prevention purposes, for crime detection, prevention, investigation, and prosecution of any unlawful act (or omission to act)

      6. Disclosing your personal information to any bank or financial institution in providing our services;

      7. To enforce or defend our legal and contractual rights or those of third-party service providers;

      8. To comply with legal or regulatory obligations imposed on us (including but not limited to AML/CDD obligations);

      9. Collecting, processing, transferring, and storing customer due diligence, source of funds information, and verification data under applicable anti-money laundering and terrorist financing laws and regulations; and

      10. Liaising with or reporting to any regulatory authority (including tax authorities) with whom we are either required to cooperate or report to, or with whom we decide or deem it is appropriate to cooperate in relation to tax matters.

  7. SHARING PERSONAL INFORMATION

    1. We may share your personal information with third parties, including banks, financial institutions, or other third-party lenders, IT service providers, auditors, and legal professionals to facilitate the running of our business.

    2. Where we share your information with a third party, we require the recipients of that personal information to put in place adequate measures to protect it.

  8. DATA TRANSFERS

    We may transfer any Personal Data we hold to and from the jurisdiction in which it is collected. In relation to Personal Data that i) we transfer out of the DIFC or ii) specifically to the UK, the EU, or a country within the European Economic Area ("EEA"), we may subsequently transfer that Personal Data to another country provided that one of the following conditions applies:

    1. One of the appropriate safeguards is in place under Article 27(2) of the DIFC DP Law 2020.
    2. The country to which the Personal Data are transferred ensures an adequate level of protection for the Data Subjects' rights and freedoms.
    3. The Data Subject has given their consent.
    4. The transfer is necessary for one of the reasons set out in the Applicable Laws, including the performance of a contract between us and the Data Subject, or to protect the vital interests of the Data Subject.
    5. The transfer is legally required on important public interest grounds or for the establishment, exercise, or defense of legal claims.
    6. The transfer is authorized by the relevant data protection authority where we have adduced adequate safeguards with respect to the protection of the Data Subjects' privacy, their fundamental rights and freedoms, and the exercise of their rights.

  9. DIGITAL ID VERIFICATION

    For the purpose of verifying your identity, we use a digital ID verification system provided by Sumsub. This may involve the collection and processing of your biometric data, such as facial scans. For more details on how your data is processed by Sumsub, please review their privacy notice.

  10. RETENTION OF PERSONAL INFORMATION

    Your personal information will be retained for as long as required:

    1. For the purposes for which the personal information was collected;

    2. In order to establish or defend legal rights or obligations or to satisfy any reporting or accounting obligations; and/or

    3. As required by data protection laws and any other applicable laws or regulatory requirements.

  11. ACCESS TO AND CONTROL OF PERSONAL INFORMATION – YOUR RIGHTS

    1. You have the following rights (which may be exercisable depending on the circumstances) in respect of the personal information about you that we process:

      1. The right to access and port personal information;

      2. The right to rectify personal information;

      3. The right to restrict the use of personal information;

      4. The right to request that personal information is erased; and

      5. The right to object to the processing of personal information.

    2. Where we have relied on consent to process your personal information, you have the right to withdraw consent at any time. You also have the right to object to processing on the basis of legitimate interests (although this right is subject to certain exceptions).

  12. INACCURATE OR AMENDED INFORMATION

    Please let us know as soon as possible if any of your personal information changes (including your correspondence details) by contacting us at privacy@cavenwellgroup.com. Failure to provide accurate information or to update information when it changes may have a detrimental impact upon our ability to provide our services. When receiving updated information, we must also comply with all local laws and regulations with respect to anti-money laundering and associated verification and these legal obligations override any rights under relevant data protection laws.

  13. COMMUNICATIONS AND MEDIA

    People who email us:

    Cavenwell enforces the use of TLS (an encrypted end-to-end tunnel) for the secure transmission of emails. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit. Please contact us for further detail should you require it.

    We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.


    Visitors to our website:

    We are committed to protecting and respecting your privacy online. We are aware of the concern which exists over the use of personal information provided over the internet and therefore, we do not collect personal data through our website.

    We do not control and are not responsible for the privacy policy of any website or organization to which our website provides links. By including references, hyperlinks, or other connections to such third-party websites, we do not imply any endorsement of them or any association with their owners or operators.


    Google Analytics:

    Our website uses Google Analytics to help analyze how users use the site. The tool uses “cookies,” which are text files placed on your computer, to collect standard Internet log information and visitor behavior information in an anonymous form. The information generated by the cookie about your use of the website (including IP address) is transmitted to Google. This information is then used to evaluate visitors’ use of the website and to compile statistical reports on website activity for Cavenwell.

    Google may use the data collected on the Websites to contextualize and personalize the ads of its own advertising network. Google’s ability to use and share information collected by Google Analytics about your visits to the Websites is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. Google offers an opt-out mechanism for the web available here.

    We use Third Party Advertising Cookies – Some organizations use anonymous cookies to see how many people have viewed an advert once or more than once on a website. A company that generates these cookies will have their own privacy policies which mean we have no access to read or write the cookies that they place on our website. These companies may use cookies to anonymously target you for advertising on other websites based on visits made to our website.

    You can opt out of Performance and Advertising cookies by deleting or blocking these in your browser settings at any time.


    14. QUESTIONS

    If you have any questions about this data protection Privacy Notice or how we handle your personal information (e.g., our retention procedures or the security measures we have in place), or if you would like to make a complaint, please contact the Data Protection Representative at privacy@cavenwellgroup.com.

    You can also contact us by couriered mail at 208, Level 1 Gate Avenue, Dubai International Financial Centre, Dubai, United Arab Emirates.


    CHANGES TO THIS PRIVACY NOTICE

    We keep our privacy notice under regular review. This privacy notice was last updated on 22 July 2024