Privacy Policy & Data Protection

Capital Digital ("we," "our," or "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our digital banking services, website, mobile applications, and related services (collectively, the "Services").

Scope of Policy

This policy applies to all personal data processed by Capital Digital in connection with our financial services, including but not limited to:

• Account registration and maintenance
• Transaction processing and monitoring
• Customer support services
• Marketing communications (where consented)
• Compliance with legal and regulatory requirements

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.

We collect several types of information from and about users of our Services, including:

Personal Identification Information

• Identity Data: Full name, date of birth, government-issued identification numbers, photographs
• Contact Data: Email address, telephone number, physical address, proof of address documents
• Financial Data: Bank account information, transaction history, credit information, source of wealth documentation
• Employment Data: Occupation, employer details, salary information for credit assessments

Technical and Usage Information

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Data: Pages visited, time spent on pages, features used, transaction patterns
• Location Data: General geographic location derived from IP address for security purposes
• Security Data: Login attempts, authentication data, security question responses

Special Category Data

In certain circumstances and as required by law, we may process special category data including biometric information for authentication purposes, with appropriate safeguards in place.

We use the information we collect for various business purposes, including:

Service Provision & Account Management

• To create and maintain your banking account
• To process transactions and provide account statements
• To verify your identity and prevent fraud
• To provide customer support and respond to inquiries
• To notify you about account activity and service updates

Legal & Compliance Obligations

• To comply with anti-money laundering (AML) regulations
• To fulfill know-your-customer (KYC) requirements
• To report to regulatory authorities as required by law
• To detect and prevent financial crime and fraud
• To comply with court orders and legal processes

Business Improvement & Analytics

• To improve our Services and develop new features
• To conduct data analysis and business intelligence
• To monitor service quality and performance
• To conduct market research and customer surveys

Marketing Communications

We will only send you marketing communications with your explicit consent. You can opt-out at any time using the unsubscribe link in our emails or through your account settings.

We implement robust technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

Security Measures

• Encryption: All data transmissions are encrypted using TLS 1.2+ protocols
• Access Controls: Strict role-based access controls and authentication requirements
• Network Security: Firewalls, intrusion detection systems, and regular security audits
• Physical Security: Secure data centers with 24/7 monitoring and biometric access
• Employee Training: Regular privacy and security training for all staff

Incident Response

We maintain an incident response plan to address any potential data breaches. In the unlikely event of a breach, we will notify affected users and regulatory authorities as required by law within 72 hours of discovery.

We do not sell your personal data to third parties. We may share your information in the following circumstances:

Service Providers

We engage trusted third-party service providers to perform functions and provide services to us, including:

• Payment processing and settlement services
• Cloud storage and infrastructure providers
• Customer support and communication platforms
• Fraud detection and prevention services
• Analytics and marketing service providers

All service providers are contractually obligated to maintain the confidentiality and security of your data.

Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities, including:

• Regulatory bodies and financial authorities
• Law enforcement agencies with proper legal process
• Courts and judicial proceedings
• Tax authorities for compliance purposes

Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website of any change in ownership or uses of your information.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Access & Portability

• Right to Access: Request a copy of the personal data we hold about you
• Right to Data Portability: Receive your data in a structured, commonly used format
• Right to Rectification: Request correction of inaccurate or incomplete data

Control & Objection

• Right to Erasure: Request deletion of your personal data under certain circumstances
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects concerning you or similarly significantly affect you.

Exercising Your Rights

To exercise any of these rights, please contact our Data Protection Officer using the contact information provided in Section 12. We will respond to your request within 30 days and may request additional information to verify your identity.

We use cookies and similar tracking technologies to track activity on our Services and hold certain information.

Types of Cookies We Use

• Essential Cookies: Required for the basic functions of our Services
• Security Cookies: Used for fraud prevention and authentication
• Performance Cookies: Help us understand how users interact with our Services
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Collect information about usage patterns

Managing Cookies

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept essential cookies, you may not be able to use some portions of our Services.

For detailed information about the cookies we use and your choices regarding cookies, please visit our Cookie Policy.

Your information may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction.

Transfer Mechanisms

We ensure appropriate safeguards are in place for international data transfers, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions for countries with equivalent data protection laws
• Binding Corporate Rules for intra-group transfers
• Additional technical and organizational security measures

Our Global Operations

Capital Digital operates globally with data processing centers in multiple jurisdictions. Our primary data centers are located in:

• United Arab Emirates (Primary Operations)
• European Union (Backup & Disaster Recovery)
• Singapore (Asia-Pacific Operations)

All data transfers comply with applicable data protection laws and regulations.

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Retention Periods by Data Type

• Account Data: 7 years after account closure for regulatory compliance
• Transaction Records: 10 years as required by financial regulations
• KYC/AML Documentation: 10 years after the business relationship ends
• Marketing Data: 3 years from last interaction or until consent is withdrawn
• Support Communications: 7 years for quality and training purposes

Deletion Procedures

Upon expiration of the retention period, we securely delete or anonymize your personal data using industry-standard methods that prevent recovery or reconstruction.

Our Services are not intended for individuals under the age of 18 ("Children"). We do not knowingly collect personally identifiable information from Children.

Age Verification

During account registration, we verify that all users are at least 18 years old. If you are a parent or guardian and you believe your child has provided us with personal data, please contact us immediately.

Student Accounts

For student banking products, we require parental consent and additional verification procedures in compliance with applicable laws and regulations.

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements.

Update Notification

We will notify you of any material changes by:

• Posting the new Privacy Policy on this page with an updated "Last Updated" date
• Sending an email notification to registered users
• Displaying a prominent notice on our website or mobile applications

Review Period

We encourage you to review this Privacy Policy periodically for any changes. Your continued use of our Services after any modification to this Privacy Policy will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy.

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:

Data Protection Officer

Email: dpo@capitaldigitalplc.online
Phone: +971 4 420 6262 (Privacy Matters Only)
Address: Data Protection Office, Etihad Towers, Tower 2, Corniche West Street, Al Bateen Area, Abu Dhabi, UAE

Regulatory Authority

You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data infringes applicable data protection laws.