Privacy Policy
Effective Date: 7 April 2026
Shipfinex FZCO ("we," "us," or "our") is committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy outlines how we collect, use, disclose, and protect your personal information in compliance with United Arab Emirates (UAE) laws, including UAE Federal Decree-Law No. 45 of 2021 (Personal Data Protection Law), and the Virtual Assets Regulatory Authority (VARA) regulations. By using our services, you consent to the practices described herein.
1. Scope of the Policy
This Privacy Policy applies to the collection, processing, and storage of personal data by Shipfinex FZCO, operating as a Virtual Assets Service Provider (VASP) under VARA. It covers all interactions with the Shipfinex platform, including website access, mobile applications, and any other services offered by us in the UAE.
2. Definitions
The following terms are used in this Privacy Policy:
Personal Data: Any information relating to an identified or identifiable natural person.
Controller: The entity (Shipfinex FZCO) that determines the purposes and means of processing personal data.
Processor: A third-party entity that processes data on behalf of the controller.
Data Subject: The individual to whom personal data relates.
Consent: A freely given, specific, informed, and unambiguous indication of the data subject's wishes.
Sensitive Data: Data such as health information, racial or ethnic origin, and religious beliefs that require special protection under UAE law.
3. Data We Collect
We collect the following types of personal data when you interact with our services:
a. Data You Provide
Personal Identification Information: Name, contact details (email, phone), nationality, and residency status.
KYC (Know Your Customer) Information: Identification documents (passport, national ID), financial information, and proof of address for anti-money laundering and compliance purposes.
Account Data: Username, password, and account activity information.
b. Data Collected Automatically
Technical Data: IP address, browser type, device type, and cookies for tracking platform use.
Usage Data: Platform interactions, transaction history, and user preferences.
4. Legal Basis for Processing
We process personal data based on the following legal grounds:
Consent: Where explicit consent is required (e.g., for marketing communications).
Contractual Necessity: To provide services under a user agreement.
Legal Obligations: Compliance with UAE laws and VARA regulations (e.g., AML/CFT requirements), and the VARA Technology and Information Rulebook.
Legitimate Interests: For purposes such as fraud detection and improving the platform.
5. How We Use Your Data
We use your personal data to:
Provide Services: Facilitate transactions, account management, and secure virtual asset trading including Maritime Asset Tokens (MAT).
Regulatory Compliance: Conduct KYC/AML/CFT checks and comply with UAE financial and legal regulations.
Communications: Send account-related notifications, updates, and (with consent) marketing communications.
Security and Fraud Prevention: Detect and prevent fraud, enhance the platform's security, and mitigate risks.
6. Data Sharing and Transfers
Your personal data may be shared in the following circumstances:
Regulatory Disclosures: Shared with VARA, law enforcement, or other governmental bodies as required by UAE laws.
Third-Party Service Providers: Shared with entities such as KYC/AML verification providers and IT service providers who assist in delivering our services.
International Transfers: In cases where data is transferred outside the UAE, we will ensure that appropriate safeguards (such as standard contractual clauses) are in place to protect your personal data.
7. Data Retention
We retain personal data only for as long as necessary to meet legal, regulatory, or business purposes. The following retention schedule applies:
Data Category | Retention Period |
KYC/AML Data | 8 years after relationship termination |
Transaction Records | 8 years |
Marketing Consent | Until consent withdrawn |
Technical/Usage Data | 2 years |
Complaints Data | 8 years |
8. Your Rights
Under UAE law, you have the following rights concerning your personal data:
Right to Access: Request information about the personal data we hold about you.
Right to Rectification: Correct inaccurate or incomplete personal data.
Right to Erasure: Request the deletion of your personal data, provided it is no longer required for regulatory or contractual reasons.
Right to Restrict Processing: Request limited use of your personal data under certain conditions.
Right to Object: Object to the processing of your personal data for marketing or other specified purposes.
Right to Data Portability: Receive a copy of your personal data in a structured, machine-readable format.
To exercise any of these rights, please contact us at [email protected].
9. Data Breach Notification
In the event of a personal data breach, Shipfinex FZCO will notify VARA and affected individuals within 72 hours of becoming aware of the breach, in accordance with VARA incident reporting requirements and UAE data protection laws.
10. Security Measures
We implement industry-standard security measures to protect your personal data, including:
Encryption: Data is encrypted both at rest and in transit, in accordance with the VARA Technology and Information Rulebook.
Access Controls: Restricted access to personal data, with multi-factor authentication.
Regular Audits: Conducted to ensure compliance with VARA and UAE data protection regulations.
11. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to enhance user experience, analyse usage patterns, and provide personalised content. For detailed information about our cookie practices, please refer to our Cookie Policy.
12. International Transfers of Data
When transferring personal data outside of the UAE, we will ensure that your data receives an adequate level of protection. This may include the use of standard contractual clauses or other legally recognised safeguards, in line with VARA standards and UAE law.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in legal requirements or operational needs. Any significant changes will be communicated via email or through the platform.
14. Data Protection Officer
For all data protection and privacy-related inquiries, please contact our Data Protection Officer:
Manish Kumar, Chief Information Security Officer & Data Protection Officer
Email: [email protected]
15. Contact Information
If you have any questions about this Privacy Policy, or if you wish to exercise your data rights, please contact:
Shipfinex FZCO
IFZA Business Park, Dubai Silicon Oasis, Dubai, United Arab Emirates
Email: [email protected]