SHUAA Privacy Policy
1. Application of this Privacy Policy
This Privacy Policy applies to personal information collected by SHUAA Capital PSC and its affiliates (“SHUAA”, “we”, “us”, “our”) from users of SHUAA’s website, mobile application, and any related digital services. It also applies to personal information collected in the course of providing financial services to individual, corporate, and institutional clients.
This Policy governs all digital interactions with SHUAA, including browsing our website, downloading or using the SHUAA mobile application, online onboarding, electronic communications, and digital transaction services.
2. Categories of Personal Information We Collect
2.1 Information You Provide Directly
We may collect:
• Name, address, and contact information;
• Age, occupation, and marital status;
• Financial information including source of wealth, investment experience and objectives, risk tolerance and, where applicable, representations required under applicable law or regulation concerning your financial resources;
• Identity verification information as may be required to verify your identity in accordance with laws and regulations addressing money laundering and other matters (e.g., KYC documentation).
2.2 Information Collected Automatically
When you use our website or mobile app, we may automatically collect technical information, including: IP address, device model, operating system, browser type, device identifiers, usage data, interaction logs, page visits, time spent, clicks, features accessed, geolocation data (where permission is granted), and app performance metrics and crash logs.
2.3 Mobile Application–Specific Data
The SHUAA mobile application may request access to: Camera (for identity verification), Photos & files (for uploading KYC documents), Biometric data (facial recognition/Touch ID for secure login), Push notifications, and Device storage (to store encrypted credentials). All permissions are optional except those required to deliver regulated services (e.g., identity verification).
2.4 Cookies & Digital Tracking
We use cookies, SDKs, pixels, and analytics tools to recognize returning users, understand usage patterns, improve service performance, personalize content, and facilitate secure login. You may disable cookies via browser settings, but some features may not function properly.
3. How We May Use Your Personal Information
• Administer operate, facilitate and manage your relationship and/or account with SHUAA This may include sharing such information internally as well as disclosing it to third parties, as described below;
• Communicate with you or, if applicable, your designated representative(s) regarding your relationship and/or account with SHUAA;
• Provide research, recommendations, or advice concerning products and services offered by SHUAA;
• Personalize website and app experiences;
• Meet legal and regulatory obligations;
• Detect and prevent fraud, money laundering, and abuse.
We also process
information to enable digital onboarding and verification; provide secure
biometric login; send push notifications related to account activity,
regulatory alerts, or service updates; improve app functionality, troubleshoot
issues, and enhance cybersecurity protections; and conduct analytics and
measure engagement across digital channels.
4. Sharing Your Information
We may share personal information with non‑affiliated service providers supporting account services, and with legal, professional, or regulatory partners. We may disclose information to law enforcement and regulators when legally required or to protect our rights.
We do not sell your personal information.
For digital services, we may share anonymized or aggregated device and analytics data with trusted third‑party technology partners such as cloud hosting providers, cybersecurity monitoring services, and mobile analytics SDK providers. This data cannot identify you personally.
5. Your Rights
Depending on applicable laws, you may request access to, correction of, or deletion of your personal data, object to or restrict certain processing, and withdraw consent where processing is based on consent.
You may also opt out of push notifications, disable app permissions, or request deletion of your digital account via the SHUAA app or support channels.
6. Information Security
We maintain physical, electronic, and procedural safeguards designed to protect personal information against loss, misuse, alteration, and unauthorized access or disclosure.
Mobile‑specific measures include encryption of data at rest and in transit, secure biometric authentication, tokenized sessions and auto‑logout, firewall and penetration‑tested environments, and secure data centers with redundancy.
7. Data Retention
We retain your information as long as necessary to fulfil regulatory, operational, and legal requirements.
Certain digital onboarding and transactional records may be retained for up to 15 years, as required under UAE financial regulations.
8. Changes to this Policy
SHUAA may update this Policy at any time by posting updates on the website.
Updates may be communicated through the website, mobile app notifications, or email, depending on regulatory requirements.
