Welcome to Carrhae Capital

Our website uses essential cookies that are required for the website to function properly. Our website also uses analytical, functionality and marketing cookies.

For more information please see our Cookie Policy.

Carrhae Capital Logo

Dubai Privacy Statement

Introduction

We recognise the importance of your privacy and understand your concerns about the security of your Personal Data. We are committed to ensuring that when you share Personal Data with us or we collect Personal Data about those who visit our websites, we do so in accordance with applicable and relevant privacy laws and principles.

This Privacy Notice details how we generally collect, hold, use and disclose Personal Data, your rights in relation to the Personal Data that we hold about you and the third parties to whom it may be disclosed. We do this in compliance with our obligations as a data controller under the Dubai International Financial Centre (“DIFC”) Data Protection Law No.5 of 2020 (“DPL”).

It is important that you read and retain this notice, together with any other Privacy Notice we may provide on specific occasions.

Any reference to “us”, “our”, “we” or “the Company” in this Privacy Notice is a reference to Carrhae Capital (DIFC) Limited (“CCDL”) as the context requires unless otherwise stated.

The Privacy Notice may form among other documents an integral part of the master agreement we have with you.

This Privacy Notice applies to the following individuals (“you”):

  • Our past, present and prospective customers;
  • Website users;
  • Anyone involved in any transaction or interaction with us, whether it is in your personal capacity or as a representative of a legal entity (for example, director, a company manager, agent, legal representative, operational staff, other authorized representative, etc.); and
  • Our advisors, consultants or secondees.

Data protection principles

The DIFC DPL requires us to demonstrate that any Personal Data we hold about you is:

  • used lawfully, fairly and in a transparent manner
  • collected or used only for legitimate purposes that we have explicitly and specifically explained to you at the time of collection and not collected or used in any way that is incompatible with those purposes
  • relevant to the purposes we have told you about and limited only to those purposes
  • accurate and, where necessary, kept up to date including via erasure or rectification
  • kept only as long as necessary for the purposes we have told you about
  • kept securely.

Personal Data Processing

Personal Data means any information about an individual from which that person can be identified, directly or indirectly. It does not include data where the identity has been removed (anonymous data).

We collect your Personal Data from various sources, such as through our company website, consent driven mailing lists for marketing purposes, and our interactions with you. We may also obtain Personal Data from other sources, background and/or identity checks or via cookies on our website.

The Personal Data processed by the Company depends on the purpose for such processing.

  • Clients, potential Clients, and any third parties that interact with us:
    • As part of our due diligence and onboarding processes and to comply with ongoing legal obligations on anti-money laundering and counter terrorist financing, taxation, crime detection, crime prevention, investigation, the prevention of fraud, bribery, anti-corruption, tax evasion; we may process Personal Data such as name, signature, postal address, email Carrhae Capital (DIFC) Limited address, date and place of birth, nationality, professional or employment related information, source of funds/wealth details, tax identification, signatures, other contact details, account numbers (or functional equivalent) and transaction details (including transactions with our affiliates), your tax or other government issued ID numbers, utility bills for the purposes of address verification, photographic identification and verification such as copies of your passport, passport number and driver’s license, information relating to your status as an ultimate beneficial owner of an entity, a politically exposed person or a designated individual on a sanctions list.
    • We may collect and process Personal Data relating to you in connection with our on-going relationship with you, such as via correspondence and calls, and in connection with the administration of our relationship with you. Telephone calls with you may be recorded for the purposes of record keeping, security and training.
    • We Process your Personal Data for the purpose of delivering a service to you, for the purpose of maintaining appropriate business records, including maintaining appropriate registers required under applicable law and regulation, for the purpose of quality control, data security, business and statistical analysis, market research, to meet our internal and external audit requirements, for the purpose of tracking fees and costs and for the purpose of customer service. We may also use your Personal Data for the future planning of our business, including product development and research.
  • Website, applications and other social media platform visitors:
    • when you visit our website, and app we automatically collect certain technical data including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website. We also provide you with an option to accept, reject or manage cookies that may be dropped on your device while you navigate our website. Details of such cookies can be found in the section on ‘cookies’ below. Please refer to our Cookie Policy for further information.
    • We process your social media platform account details when you connect with us there.
  • Attendance at our offices and events:
    • we also collect and process your name, contact details, image, in relation to your attendance at our offices or at an event or seminar organised by the Company or our business partners.

Our website is not targeted, intended or expected to be of use to children. Apart from providing information for specific services or purposes, as directed by DIFC processes, user-provided contributions of content or contact information regarding or about children are expressly prohibited.

If you choose not to provide the Personal Data we request, we may not be able to provide you with the product or service you need.

Legal Basis for Processing

We only use your Personal Data under one of the following legal grounds:

  • To conclude and carry out a contract with you
  • To comply with our legal obligations such as:
    • to comply with our obligations under applicable law and regulations, which may include laws and regulations outside your country of residence;
    • to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence; and
    • to carry out anti-money laundering, sanctions or Know Your Customer (“KYC”) checks as required by applicable laws and regulations.
  • For our legitimate business interests, the legitimate interests pursued by us in this regard include:
    • conducting our business in a responsible and commercially prudent manner and dealing with any disputes that may arise
    • preventing, investigating or detecting theft, fraud or other criminal activity
    • pursuing our legitimate corporate and ethical, social, and governance responsibility
    • to maintain good commercial relations with all our customers and other concerned parties
    • conducting our business in a responsible and commercially prudent manner and dealing with any disputes that may arise
    • to protect our rights, privacy, safety, property, or those of other persons.
  • When we have your consent.

Special Categories of Personal Data

“Special Categories" of particularly sensitive Personal Data require higher levels of protection. We have in place safeguards in compliance with the law. We are likely to Process Special Categories of Personal Data based on the following justifications where:

  • in limited circumstances, we have your explicit written consent;
  • it is necessary for performance of the contract you enter into with us;
  • it is necessary to comply with the law applicable to us in relation to anti-money laundering or counter-terrorist financing obligations or the prevention, detection, or prosecution of any crime; or
  • it is necessary for the compliance with specific requirements pursuant to laws applicable to us.

We envisage that we may hold information about criminal convictions. We will only collect Personal Data about criminal convictions if it is appropriate given the nature of the role and where we are legally able to do so. For example, when performing screening for anti-money laundering purposes.

Less commonly, we may Process this type of Personal Data where it is needed in relation to legal claims, where it is needed to protect your interests (or someone else's interests) and you are not capable of giving your consent, or where you have already made the information public.

For marketing purposes, we would not obtain Special Categories of Personal Data, however, if we do, we will issue a separate notice on how we would use the data.

Your Consent

In general, we do not rely on consent as our Processing reason and also would not require consent if we use Special Categories of your Personal Data in accordance with our written policy to carry out our legal obligations.

In limited circumstances, we may approach you for your written consent to allow us to Process certain data particularly sensitive data. If we do so, we will provide you with full details of the Personal Data that we would like and the reason we need it so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your relationship with us that you agree to any request for consent from us and that you have the right to withdraw your consent for that specific Processing at any time, and this will not affect the lawfulness of Processing before the consent has been withdrawn.

With whom do we share your Personal Data and for which reasons

To comply with our regulatory obligations, we may disclose Personal Data to the relevant government, supervisory and judicial authorities such as:

  • Public authorities, regulators and supervisory bodies such as the financial sector supervisors in the countries in which we operate.
  • Tax authorities may require us to report customer assets or other Personal Data such as your name and contact details and other information about your organization, for this purpose, we may Process Carrhae Capital (DIFC) Limited your data such as your tax identification number or any other national identifier in accordance with applicable local law.
  • Judicial/investigative authorities such as the police, public prosecutors, courts and arbitration/mediation bodies on their express and legitimate request.

When we use third parties to carry out certain activities in the normal course of business, we may have to share Personal Data required for a particular task. For instance:

  • IT service providers who may provide application or infrastructure (such as cloud) services;
  • Marketing activities or events and managing customer communications;
  • Legal, auditing or other services provided by lawyers, notaries, trustees, company auditors or other professional advisors;

We may also share Personal Data with Carrhae Capital LLP (“Carrhae Capital”) for administrative purposes. Personal Data in the form of ID documents, KYC data and financial information may be shared with Carrhae Capital as a pre-contractual or contractual measure.

The third parties may be located in a jurisdiction that does not have the same level of data protection as the DIFC. In such cases the third parties will be required to abide by standard data protection clauses or the Personal Data transfer may be subject to a lawful derogation. You may ask us for further details of these safeguards, where required.

Companies acting on our behalf are required to keep your Personal Data confidential.

How we protect your Personal Data

We take our obligations to protect your Personal Data from unauthorised access, loss, misuse, modification or unauthorised disclosure seriously and as such we take reasonable steps to hold Personal Data securely in electronic or physical form.

We have appropriate technical and organisational measures in place to safeguard your Personal Data. Once we receive your Personal Data, we will take reasonable steps to use technical measures to prevent unauthorised access, modification or disclosure, and take steps to protect the Personal Data we hold from interference, misuse, loss, unauthorised access, modification or unauthorised disclosure. Measures include but are not limited to role-based access controls, strict password protocols, training, encryption, data protection and information security policies and procedures. Some electronic communications through non-secure web platforms may not be secure, virus- free or successfully delivered. If you communicate with us using a non- secure web platform, you assume the risks that such communications between us are intercepted, not received, delayed, corrupted or are received by persons other than the intended recipient.

How long do we keep your Personal Data?

We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, compliance, accounting, or reporting requirements. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we Process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements. We have a Retention Policy which outlines the applicable periods.

What happens if we make changes to this Privacy Notice

If we change this Privacy Notice we will post the changes on this website, therefore please check back regularly to ensure you are aware of any changes to our Personal Data Processing operations. The changes will take effect as soon as they are posted on our website.

Cookies

We collect information from you electronically when you visit our website, including date and time of visit, number of pages viewed, and how you navigate through our websites. Like most websites you visit, we use cookies to monitor your use of our website to observe behaviour, compile aggregate data and provide you with a more effective service.

You can choose whether to accept cookies or not on your computer, and once selected you can click the icon in the bottom-right corner of the website to manage your cookie setting to update your preferences at any time.

For further details please refer to our Cookie Policy

What are your rights and how do we respect them

Under certain circumstances, and where the conditions specified in the DIFC DPL are met, by law, you have the right to:

  • Request access to your Personal Data. This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully Processing it.
  • Request rectification of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us to continue to Process it.
  • Right to be notified regarding rectification or erasure of Personal data or restriction of processing- unless it has a disproportionate effect
  • Object to Processing of your Personal Data. You have the right to object to the processing of your personal data in certain circumstances.
  • Request the restriction of Processing of your Personal Data. This enables you to ask us to suspend the Processing of Personal Data about you, for example, if you want us to establish its accuracy or the reason for Processing it.
  • Data portability enables you to receive or request transfer of the data you have provided us in a structured, commonly used and machine-readable format.
  • Object to automated Processing, including profiling which produces legal or other seriously impactful consequences concerning you. However, note that as we do not conduct automated decision making, this right is not applicable.
  • Right to not to be discriminated against for exercising the rights mentioned above.

If you choose to exercise your rights, we may need to request specific Personal Data from you to help us confirm your identity and ensure your right to access the Personal Data (or to exercise any of your other rights). This security measure ensures that Personal Data is not disclosed to an unauthorised person.

You will not have to pay a fee to exercise your rights. However, we may charge a reasonable fee if your request for access is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances, where permitted by law.

Complaints, concerns, and exercising your rights

If you have any concerns or questions regarding this notice, you may contact our Data Protection Officer(“DPO”) through the contact methods below.

Fathima Valiyaveettil Nooh

[email protected]

Floor 16, Unit 1606,
Index Tower, Happiness Street,
Trade Centre,
Dubai International Finance Centre,
Dubai,
United Arab Emirates

We will make every effort to resolve your complaint internally and as soon as practicable and as prescribed by law. However, if we are unable to satisfactorily resolve your complaint you have the right to make a complaint to the DIFC Data Protection Commissioner.

DIFC Data Protection Commissioner Contact Details :

Telephone: +971 4 362 2222

Address: Dubai International Financial Centre Authority
Level 14, The Gate Building, DIFC, UAE
[email protected]

Last Updated : August 2025