Contact Us

Privacy Policy

Last updated: 22 February 2023. GII Capital Ltd. operates (the “Site”). This page informs you of our policies regarding the collection, use and disclosure of Personal Information we receive from users of the Site. We use your Personal Information only for providing and improving the Site. By using the Site, you agree to the collection and use of information in accordance with this policy.

Information Collection and Use

While using our Site, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally, identifiable information may include, but is not limited to your name (“Personal Information”).

Log Data

Like many site operators, we collect information that your browser sends whenever you visit our Site (“Log Data”). This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages of our Site that you visit, the time and date of your visit, the time spent on those pages and other statistics.


Cookies are files with a small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your computer’s hard drive. Like many sites, we use “cookies” to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Site.


The security of your Personal Information is important to us but remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.

Changes to This Privacy Policy

This Privacy Policy has been updated as per new DIFC law No. 5 of 2020 and became effective as of 01st October 2020. The policy will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after the effective date being posted on this page. We reserve the right to update or change our Privacy Policy at any time and you can check this Privacy Policy below or by contacting us at . Your continued use of the Service after any modifications to the Privacy Policy will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy.

Contact Us

If you have any questions about this Privacy Policy, please contact us.

Privacy Policy

1. General

GII Capital Limited located at Unit 101, level 1, Currency House – Tower 2, DIFC, P.O. Box 507240, Dubai, UAE is subject to the Data Protection Law DIFC Law No. 5 of 2020 where it would be amended from time to time (collectively the “Data Protection Law”). The Data Protection Law prescribes rules and regulations regarding the processing such as collection, use and disclosure of Personal Data in the DIFC, the rights of individuals to whom the Personal Data relates and the power of the DIFC Commissioner of Data Protection in performing their duties in respect of matters related to the processing of Personal Data as well as the administration and application of the Data Protection Law.

This privacy policy sets out the basis on which any information, including any Personal Data we collect from our client, will be processed by GII Capital.

2. Definitions

Data controller: any person who alone or jointly with others determines the purposes and means of the Processing of Personal Data.

Data Processor: any person who processes Personal Data on behalf of the Data controller.

Data Protection Law: means the DIFC Data Protection Law 2020, Law No. 5 of 2020 as may be amended, and the related Data Protection Regulations.

Data Protection Officer (DPO): a person with expert knowledge of Data Protection Law and practices, officially appointed by the Data controller or Data processor to independently oversee data protection operations.

Personal Data: any information related to an identified or identifiable natural person; an identifiable person is one who can be directly or indirectly identified by an identifier (such as a name, an identification number, location data, an online identifier or to one or more factors specific to the biological, physical, biometric, physiological, mental, genetic, economic, cultural or social identity of that natural person).

Processing: any operation of  Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage and archiving, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restricting (meaning the marking of stored Personal Data with the aim of limiting Processing of it in the future), erasure or destruction.

Special Categories of Personal Data: means Personal Data revealing or concerning (directly or indirectly) racial or ethnic origin, communal origin, political affiliations or opinions, religions or philosophical beliefs, criminal record, trade-union membership and health or sex life and including genetic data and biometric data where it is used for the purpose of uniquely identifying a natural person.

High-Risk Processing Activities: Processing of Personal Data where one (1) or more of the following applies:

  • Processing that includes the adoption of new or different technologies or methods, which creates a materially increased risk to the security or rights of a Data Subject or renders it more difficult for a Data Subject to exercise his rights;
  • a considerable amount of Personal Data will be Processed (including staff and contractor Personal Data) and where such Processing is likely to result in a high risk to the Data Subject, including due to the sensitivity of the Personal Data or risks relating to the security, integrity or privacy of the Personal Data;
  • the Processing will involve a systematic and extensive evaluation of personal aspects relating to natural persons, based on automated Processing, including Profiling, and on which decisions are based that produce legal effects concerning the natural person or similarly significantly affect the natural person; or
  • a material number of Special Categories of Personal Data are to be Processed

3. Update Personal Data

It is important that the Personal Data maintained by GII Capital about the client is accurate and updated. The client is obliged to notify GII Capital if the personal data has been changed during the relationship with it. The client is aware If the Personal Data is not kept accurate and current, it may delay or prevent GII capital from providing the relevant services and products to the client or updating him on key changes to its products and services.

4. Intermediary/ Service Provider

The intermediary or service provider can only act as a data Processor to process the Personal Data of the client on GII capital’s behalf based on GII capital instructions. In accordance with the Data Protection Law, they are subject to appropriate obligations in terms of confidentiality, security and personal data protection.

5. Purpose of Data Processing

The following demonstrate the purposes behind processing the client’s Personal Data:

  • The management of our business relationship with the client, in order to administer this relationship;
  • Complying with legal and regulatory obligations to which we are subject (fight against anti-money laundering and terrorist financing; anti-bribery and corruption; accounting and tax purposes; etc.);
  • Internal financial accounting, information technology and other administrative support services;
  • To establish, exercise or defend legal rights;
  • It may be used to produce statistical research and reports.
  • Unrelated purposes where in case the client’s consent is required.

6. Categories of Personal Data

GII capital processes only the Personal Data about clients that are needed to establish and maintain a business relationship with as the Data Protection Law allows or requires to collect. The company may collect Personal Data about the client that is “non-public.” Non-public Personal Data is data that would be obtained in connection with providing a financial product or service to the client. This includes but is not limited to:

  • Title, full name, signature, and contact details, including for instance your email address, home and mobile telephone numbers and fax number;
  • Home address, correspondence address (where different from your home address) and address history;
  • Date of birth and/or age, e.g. GII capital should the client is eligible and suitable to apply for the product;
  • Place of birth, nationality, residency details and any other citizenships if this is necessary for GII capital to comply with the legal and regulatory requirements;
  • Government identification number and identification documents including for instance document type, number, country of issue and expiry date;
  • Records of how the client contacted GII capital and, if the client reached the company online, details such as the client’s mobile number and location data, IP address and MAC address;
  • Details of client’s marital status, spouse’s name, dependents, beneficiaries, beneficial owners, representatives, indemnifiers, tax status, sources of income and funds, assets and liabilities, and whether the client is a politically exposed person (PEP);
  • Details of shareholdings, prominent functions, directorships and/or employment including for instance: occupation, salary, employer and length of service;
  • Details of the products and services the client applied for and received from the company, including for instance application/ subscription information, investment certificate/ note and investments information/ monthly report, payment transactions, information relating to complaints and/or fraud reports, and details associated with the existing the relationship with the client;
  • Security identifiers;

 7. Source of Personal Data

GII capital generally collects Personal Data from the client directly and from the following sources:

  • Application Information:

GII capital retains Personal Data from any application the client would submit for financial services. This includes but is not limited to Personal Data such as name, postal and e-mail address, phone numbers, employment and financial status, and credit history.

  • Online:

GII Capital obtains information online when the client visits the company’s website This includes retaining Personal Data when the client communicates with the company by e-mail.

  • Intermediary & Other Resource

For those clients who are introduced to GII Capital by an intermediary, some of the Personal Data about the client might be obtained indirectly from them for Personal Data completeness.

In addition, GII capital may obtain the Personal Data of the client from other sources such as fraud prevention agencies, publicly available directories, and information (e.g., telephone directory, social media, internet, news articles), other organizations to assist in prevention and detection of crime, police and law enforcement agencies. In addition, some of the client’s Personal Data may come from other members of our Group if the client already has a product with them.

8. Legal Grounds for Processing Personal Data

As required by Data Protection law, GII Capital should explain the legal grounds behind Processing the Personal Data of the client (this includes sharing it with other organizations). For some Personal Data Processing activities, more than one legal ground may be relevant (except where GII Capital relies on the client’s consent as the legal ground for Processing the client’s Personal Data). Below are the legal grounds that are most relevant to GII Capital:

  • Processing is necessary to perform the contract with the client or for taking steps prior to entering it.
  • Administering and managing the client’s investment and related services and updating the client’s records
  • Sharing client’s Personal Data with other payment services providers especially when the client asks the company to share information about his/ her investment with them; and
  • All stages and activities are relevant to managing the client’s investment including inquiry, application, administration and management, illustrations, requests for transfers of equity etc.

Where GII Capital considers that it is appropriate to do so, processing necessary for the following legitimate interests which apply to GII Capital, and in some cases, to other organizations are:

  • Administering and managing clients’ investments and related services, updating clients’ records and addresses to advise the clients about their investments, services and products.
  • To test the performance of the products, services and internal processes;
  • For management and audit of GII Capital business operations including accounting and insurance;
  • To carry out searches at pre-application, at the application stage and periodically after that. Where the client has been introduced to GII Capital by an intermediary, then they may do these searches on behalf of GII Capital;
  • To carry out monitoring and to keep records;
  • To administer good governance requirements and those of other members of GII Capital or its parent company;
  • For market research and analysis and developing statistics;
  • To share the client’s Personal Data with these other people or organizations;
  • Client’s guarantor;
  • Trustees and beneficiaries and any person with power of attorney over your affairs, where applicable.
  • Parent company;
  • Other financial services providers; financial agencies, backup and server hosting providers, IT software and maintenance providers, document storage providers and suppliers of other back office functions;
  • GII Capital legal and other professional advisers, auditors and actuaries;
  • Financial institutions and trade associations;

GII Capital considers the Processing of personal data is also necessary to comply with the company’s legal obligations:

  • For compliance with laws that apply to the company (e.g. fight against anti-money laundering and terrorist financing, etc.);
  • Establishment, defense and enforcement of the company’s legal rights or those of any other member of the Group;
  • For activities relating to the prevention, detection and investigation of crime;
  • To carry out identity checks, financial checks, and checks with fraud prevention agencies pre-application, at the application stage, and periodically after that. Where the client has been introduced to GII capital by the intermediary, then they may do these searches on behalf of GII Capital;
  • To carry out monitoring and to keep records;
  • To deal with the client’s requests to exercise his rights under the Data Protection Law;

Processing as per client’s consent:

  • When the client requests to share his Personal Data with a third party.
  • When GII Capital would like to use the client’s Personal Data for a purpose unrelated to the one for which it was initially collected.

The client has the right to withdraw the consent that was granted before at any time.

9. Withdrawal of Consent

Most Personal Data Processing is not based on the client’s consent, instead, it is based on other legal grounds. For processing that is based on the client’s consent, the said client has the right to withdraw that consent for future processing at any time by contacting GII capital using the contact details below (please refer to the below section “contact us”). Any processing of Personal Data that GII Capital undertook prior to the withdrawal of consent remains lawful.

GII Capital must ensure to contact the intermediary/ service provider who introduced the client to the company that the consent has been withdrawn by the said client, this would be done only if it is a GII Capital data processor (this means an organization that is processing Personal Data on the company behalf) or if the company is required to do so when the client exercises certain other rights under the Data Protection Law.

10. Transfer Personal Data outside of DIFC

Dubai has been identified by the DIFC Data Protection Commissioner as having an adequate level of protection. Transfer of Personal Data can be made to these countries that have an adequate level of protection for personal data without the need for putting additional, suitable, safeguards in place. Where a country has not been identified as having an adequate level of protection, GII Capital will make sure that suitable safeguards are in place before any transfer of client’s Personal Data to such countries. These suitable safeguards include standard data protection clauses issued by the DIFC Data Protection Commissioner for use in these circumstances.

11. Importance of Providing Personal Data

GII Capital may be unable to provide products and services or to process a client’s application without having certain Personal Data about the client. Personal Data is required before the client can enter into a relevant contract with the company, or it is required during the life of that contract, or it is required by laws that apply to the company. If the company already holds some of the required Personal Data– for instance, if he is an existing client– the company may not need to collect it again when the client submits his application.

12. Monitoring of Personal Data

Monitoring means any listening to, recording of, viewing of, intercepting of, or taking and keeping records (as the case may be) of calls, emails, text messages, social media messages, in-person face-to-face meetings and other communications.

Some of the monitoring may comply with regulatory rules, self-regulatory practices or procedures relevant to the business, to prevent or detect crime, in the interests of protecting the security of the communications systems and procedures, to have a record of the discussion with the client along with the agreed action for protection and security purposes (such as in relation to fraud risks on the client’s investment) and for quality control and staff training purposes.

13. Retention of Personal Data

GII Capital will only retain the Personal Data about the client for as long as necessary to fulfill the purposes collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for Personal Data, GII Capital considers the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of the Personal Data, the purposes of processing the client’s Personal Data and whether the company can achieve those purposes through other means, and the applicable legal requirements as provided by local sectorial law, where applicable.

In principle, the Personal Data of the client is retained for a duration of + 6 years.

In the event of a claim, the Personal Data of the client is retained until the end of the applicable statute of limitation period or, if there are legal proceedings, until the end of these proceedings.

14. Sharing Personal Data

GII Capital is totally obliged to maintain the confidentiality of the Personal Data of the client. The company will also comply with all legal requirements regarding the sharing and disclosure of Personal Data. As already mentioned above, the Company may disclose Personal Data to the following recipients where it is lawful to do so:

A. Sharing Information with Third-Party Service Providers

In order for GII Capital to conduct its operations, including servicing investment or processing transactions of the client, the company may need to share Personal Data with the service providers, including fund administrators and other service providers such as an internal and external auditor. These service providers act on behalf of the company and have agreed in writing to keep the customer Personal Data that the company provides to them confidential. The company shares the following categories of information with third-party service providers depending on the specific services provided:

  • Personal Data relating to identity (name, address and account number)
  • Transaction data (dates, amounts, locations and type of transaction)

GII capital does not share the client’s personal data with independent third-party marketers offering their own products and services. While GII capital may assist in offering financial products and services to the company’s affiliates or other financial service providers, GII Capital controls the client’s personal data used in connection with these offers and ensure that this is processed in accordance with the company’s instructions.

B. Sharing Information as Legally Required or Permitted

GII capital may share the Personal Data about the client in response to a lawful request issued by the following public authorities or otherwise as permitted by applicable law:

  • Court
  • government agency
  • regulatory authority

15. Security of Personal Data

A. Confidentiality and Security Safeguards

The company maintains strict security controls to assure that customer Personal Data in the computer systems and files is protected. The employees and contractors are only permitted access to customer information that they may need to perform their jobs and to provide services to the client. All employees and contractors have access to such customer information as necessary to conduct a transaction or respond to your inquiries. All employees and contractors are required to respect the client’s privacy. No one except employees and contractors has access to the GII Capital computer system and records storage. GII Capital has ensured internal security controls, including physical, electronic and procedural safeguards to protect the information that is provided and collected to and from the client. The internal security controls are subject to review on regular basis to safeguard the client’s personal information and when the company employs new technology in the future.

B. Information Integrity Measures

GII Capital works hard to ensure that the maintained customer information is complete and accurate. And the company must ensure that they have adequate procedures and processes for updating customer information as well as removing old, outdated information. Also, the company should ensure that they have measures in place to protect the integrity of customer information such as maintaining backup copies of data in the event of power outages or other business interruptions. The computers have virus detection and eradication software and employ other technical means to be protected from unauthorized computer entry into systems containing customer information.

16. Client’s Rights

Under certain circumstances, the Data Protection Law provides the clients with the right to, where applicable:

  • Request rectification of the Personal Data that the company holds about the client. This enables the client to have any incomplete or inaccurate Personal Data the company holds about him rectified, as long as it is technically feasible to do so.
  • Client’s Request of his Personal Data. This enables the client to ask the company to delete or remove his Personal Data where the processing of his Personal Data is no longer necessary in relation to the purposes for which it was collected. The client also has the right to ask the company to delete his Personal Data where he has exercised his right to object to processing and there are no overriding legitimate grounds for the company to continue with the Processing or where the client has withdrawn his consent (in the circumstances where we are processing Personal Data on the basis of that consent) or where the processing is unlawful or the company needs to erase the Personal Data to comply with applicable law.
  • Object to processing the Personal Data based on reasonable grounds relating to the client’s particular situation where the company is relying on a legitimate interest (or those of a third party) to process the client’s, Personal Data. GII Capital must ensure also to inform the client before processing the subject client’s Personal Data for direct marketing purposes, and the client has the right to object to the said processing of his Personal Data.
  • Client’s Request for the restriction of processing of his Personal Data. This enables the client to ask the company to suspend the processing of Personal Data about him, for example when the client asked the company to establish its accuracy or the reason for processing it.

GII Capital may need to request specific information from the client to help the company to confirm the identity of the subject client. This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. The company may also contact the client to ask for further information in relation to the client’s request to speed up the response from the company side.


Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Consent to display content from - Youtube
Consent to display content from - Vimeo
Google Maps
Consent to display content from - Google
Consent to display content from - Spotify
Sound Cloud
Consent to display content from - Sound
Get In Touch