Privacy Policy
Introduction
Protecting the confidentiality and security of personal information is integral to the way in which Finneva Financial Services (DIFC) Limited (formerly known as MeCred (DIFC) Ltd) (“FFSDL”, “we”, “our”, or “us”) conducts business worldwide.
We are committed to safeguarding the privacy of our clients’ data and to using such data in accordance with the principles set out in this Privacy Policy while providing our services to you.
This Privacy Policy explains how personal data is collected, processed, and protected in accordance with the DIFC Data Protection Law (DPL). FFSDL acts as the data controller for the purposes of the DPL.
Purposes of Data Processing and Lawful Basis
Personal data collected from you, provided by you, or obtained from other sources on your behalf will be held, disclosed, and processed by FFSDL for the purposes of providing services and maintaining our relationship with you.
We process personal data only where we have a lawful basis to do so.
Performance of Contract
We process personal data to:
- Carry out relationship opening processes upon receiving your application and signed subscription or investment agreements, including collection of required documentation.
- Advise on and administer your portfolio and related accounts on an ongoing basis, including redemption processing, distribution of payments, and future subscriptions.
- Disclose information to third parties identified in agreements or offering memoranda, including auditors, regulatory bodies, tax authorities, and technology providers.
- Record, maintain, store, and use telephone call recordings made to or from FFSDL or its authorized agents for instruction verification, advisory services, account administration, dispute resolution, record keeping, security, and training purposes.
- Circulate periodic reports.
- Respond to queries and provide client support.
- Fulfil any other purposes outlined in agreements between you and FFSDL.
Compliance With Legal Obligations
FFSDL processes personal data to comply with applicable legal, tax, and regulatory obligations, including but not limited to:
- AML Regulations: In accordance with DFSA anti-money laundering requirements and globally recognized AML standards, all customers must be identified.
- CRS / FATCA: FFSDL is required to collect and report certain tax-related information and may legally disclose this information to relevant tax authorities under applicable jurisdictions.
- Screening: Conducting AML, counter-terrorist financing, politically exposed persons (PEP) screening, and sanctions screening as required under UN, EU, UAE, and other applicable regimes.
Legitimate Interests
FFSDL may process personal data based on legitimate interests, including:
- Conducting statistical analysis and market research.
- Recording, storing, and using telephone call recordings for operational and compliance purposes.
Where processing is based on legitimate interests, you have the right to object. FFSDL will cease processing unless compelling legitimate grounds exist or the processing is required for legal claims.
Consent
From time to time, FFSDL may send information relating to financial markets or services by telephone, email, or other reasonable means of communication.
- Consent is not required for processing personal data for the purposes outlined above.
- Consent is required for direct marketing communications.
- You may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.
To withdraw consent, contact:
Finneva Financial Services (DIFC) Limited
Unit 410, Level 4, Liberty House
Dubai International Financial Centre, Dubai
United Arab Emirates
Email: info@finneva.ae
Disclosure to Data Processors and Third Parties
Personal data may be handled by FFSDL or its duly appointed agents for the purposes outlined in this policy.
FFSDL may disclose personal data where required by law or for legitimate business interests, including disclosures to:
- Auditors
- Regulatory authorities
- Tax authorities
- Technology and service providers
All such parties are required to comply with applicable data protection legislation.
Transfers Outside the DIFC
Personal data may be processed outside the DIFC and transferred to jurisdictions that may not provide the same level of data protection as the DIFC.
Such transfers will only occur where necessary and may include transfers within the same corporate group or to service providers acting on behalf of FFSDL.
Data Retention
FFSDL retains personal data only for as long as necessary to fulfil the purposes outlined in this policy, unless a longer retention period is required or permitted by law.
Security Measures
We maintain reasonable and appropriate technical and organizational security measures to protect personal data from loss, misuse, unauthorized access, disclosure, alteration, or destruction.
Access to personal and financial data is restricted to authorized personnel only.
Your Data Protection Rights
You have the right to:
- Access your personal data.
- Rectify or update inaccurate or incomplete personal data.
- Request erasure of personal data (right to be forgotten).
- Restrict processing of your personal data.
- Data portability.
- Object to processing based on legitimate interests.
- Withdraw consent for direct marketing.
You also have the right to lodge a complaint with the relevant DIFC supervisory authority if you believe FFSDL has infringed applicable data protection regulations.
Exercising Your Rights
To exercise any of your data protection rights, please submit a written request to:
Mr. Vikas Jha
c/o Finneva Financial Services (DIFC) Limited
Unit 410, Level 4, Liberty House
Dubai International Financial Centre, Dubai
United Arab Emirates
Email: info@finneva.ae
Miscellaneous
- FFSDL does not track online activities across the internet.
- FFSDL does not use personal data for automated decision-making or profiling.
- FFSDL does not sell or rent personal data to third parties.
Refusal to Provide Personal Data
The provision of personal data by you, as outlined in the section titled “Purposes of processing and lawful basis for processing” is required for us to accept your application and manage and administer your business relationship with us, and so that we can comply with the contractual, tax, legal and regulatory requirements referenced above. Where you fail or refuse to provide such personal data, we may not be able to perform the contract we have entered into with you, or we may be prevented from complying with our legal obligations, in which case we will terminate the contract or business relationship with you with immediate effect.