1. Introduction

Sidra Capital is an asset manager providing Sharia-compliant finance opportunities with a focus on alternative assets. With a global presence, Sidra Capital offers international investment opportunities to its customers in assets such as private finance, private equity and real estate.

Sidra Capital respects the privacy of every client and is committed to protecting your right to privacy. This Privacy Notice explains how we process information about you (“personal data”) collected through our websites (https://sidracapital.com/) and (https://talainvest.com/en/)that expressly adopts, displays or links to this Privacy Notice (theWebsiteSocial Media Pages

Please note that this Privacy Notice does not apply to our recruitment activities. If you apply for a job using theCareer section available on our Website (https://sidracapital.com/careers/), or using any other method, the Candidate Privacy Notice will be applicable.

2. Data Controller

2.1 For data processed on our Website and Tala, Sidra Capital is the controller of your personal data. We are based at Level 3, Al Murjanah Tower, Prince Sultan Street, P.O. Box 118528, Jeddah 21312, Kingdom of Saudi Arabia. Our secondary address is Al Nemer Al Nakheel Center, Building (B), 1st floor, office: 11, An Nakheel, Riyadh 12381, Kingdom of Saudi Arabia.

2.2. For data processed in connection with your investment, the controller is the local Sidra Capital entity with which the investment is made.

3. Personal Data We Collect About You

We may collect the information described below directly from you, from third parties we partner with, or through cookies or other automated means.

3.1. Data is collected directly from you whenever you: visit our Website; contact us with questions or comments; engage our services; upload content to our Website or Social Media Pages; or fill out any forms on our Website or Social Media Pages.

Information that may be provided directly by you includes:

• Contact and identity data such as name, gender, passport, identity card, social security number, marital status, dependents, nationality, date and place of birth, address, residential status, email address, and phone number.
• Financial data such as annual income, assets, liabilities, source of funds, personal net worth, origin of wealth, and relationship with other banks.
• Taxation data such as in connection with US FACTA, OECD, Common Reporting Standards (CRS) or other information relating to legal or business regulatory requirements.
• Data regarding an investment such as investment history and the way you operate your accounts as part of the account opening procedures.
• Payment data such as bank details, transfers, account numbers and balances, IBAN, SWIFT and billing address.
• Securities and guarantees data such as the purpose of facilities and securities, guarantees of such facilities, personal and financial information relating to security providers and data relating to insurance coverage for our benefit.
• Marketing data such as marketing preferences, or survey responses.
• Emails or contact forms such as electronic communications including enquiries and complaints that you have sent us.
• Proof of eligibility such as data about your classification and suitability for trading including age, number of dependents, employment status, net worth and income, investment horizons, objectives and investment approach, investable assets, financial status, types of investments, experience in investments and risk tolerance.
• Telephone data such as recorded telephone conversations including but not limited to issuing instructions in relation to your accounts held with us, to submit a complaint or to contact our Data Protection Officer.

3.2. Other sources from which we collect data about you are as follows:

• Your authorised representatives, agents, lawyers, guardians or introducers: Certain information may be collected to verify a third party is authorised to represent you.
• Other organisations or people you have a relationship with: Certain information may be collected from organisations or persons you may have a relationship with such as a joint account holder.
• Your device or browser: Certain information is automatically collected from your device or browser and analysed when you visit our Website, interact with our Social Media Pages or online advertising, or open our emails.
• Third parties: We work with third parties who provide services to you or us such as credit reference agencies, debtor directories, fraud prevention or government agencies, and other banks and financial institutions such as correspondent banks. Your information may be collected and processed independently in accordance with the third parts privacy notices. These third parties share information they have collected with us. We may combine this information with any information we collect.
• Social Media Platforms: Social media platforms share information which is typically aggregated and does not include personal data, with us. You can learn more about how social media platforms collect and use your information by reviewing their privacy policies and settings.
• Cookies: We use cookies (small data files stored on your device or browser) and other similar technologies to automatically collect information when you visit our Website or interact with our emails. Through the use of cookies, we may link information about your interactions with our Website or emails over time. Any information collected by us or by third parties, through the use of cookies or similar technologies, may be linked with other information we collect about you. For more information, please find our cookie policy.
• Publicly available resources: Certain information may be collected from publicly available resources such as commercial and real estate registrars, central banks, databases maintained by local and foreign regulatory and supervisory authorities (such as the sanctions list), the press, the media, online search engines and other online resources.

Information that may be collected about you from the above sources include:

Technical data such as device type, web browser, IP address, and accessibility options.

Usage data such as account logins, site navigation, clicks and browsing time.

Location data when using the Website.

Preference data such as products and services you have indicated an interest in and preferred language.

Social media/third-party data such as your social media handle and activity on Social Media Pages.

Criminal record data such as, where permitted by law or to fulfil our regulatory requirements, information about criminal convictions or offences and alleged offences for specific and limited activities and purposes, such as to perform checks to prevent and detect crime and to comply with laws relating to money laundering, fraud, terrorist financing, bribery and corruption, and international sanctions. It may involve investigating and gathering intelligence on suspected financial crimes, fraud and threats, and sharing data between banks, with law enforcement and regulatory bodies.

4. How We Process Your Personal Data

We collect and process various categories of personal data at the start of and for the duration of your relationship with us. We limit the collection and processing of your data to that necessary to achieve one or more legitimate purposes as identified in this Privacy Notice.

Purpose/specific objective (Why do we process your data?)	Personal data (What personal data do we process?)	Legal basis (What is our legal basis for processing your personal data?)
To perform client acceptance procedures for products or services you are interested in purchasing	Contact and identity data, financial data, proof of eligibility data	Compliance with our legal obligations Legitimate interests
To create, maintain, support and administer our products and services including opening, servicing, or closing client accounts, collecting and issuing all necessary documentation, executing your instructions, processing your transactions, transferring money between accounts, making payments to third parties and resolving any discrepancies and/or queries or concerns that you may have	Contact and identity data, financial data, telephone data, payment data, securities and guarantees	Compliance with our legal obligations Performance of our contract
To manage and maintain our relationship with you and our third parties	Contact and identity data, telephone data, email or contact forms, data regarding an investment, and social media/third-party data	Performance of our contract Legitimate interests
To identify you as a client, counterparty and accountholder, and assess the risks involved with the services and transactions we provide or engage you with and to understand your needs and eligibility for our services	Contact and identity data, financial data, proof of eligibility, taxation data, preference data	Performance of our contract
To facilitate operational actions in connection with our business relationship (e.g. processing of payments)	Payment data, telephone data, emails or contact forms	Performance of our contract
To respond to our counterparties, correspondents, custodians, clearing houses, funds and other similar institution requests in connection with transactions relating to you as a client or with investments made by you or on your behalf	Social media/third-party data	Performance of our contract Legitimate interests
To fulfil reporting and other requirements in relation to our licenses and regulatory permissions	Social media/third-party data	Compliance with our legal obligations
To fulfil taxation, credit controls, regulatory and financial record keeping and reporting obligations	Taxation data, contact and identity data, data regarding an investment	Compliance with our legal obligations
To ensure compliance with licensing requirements and regulatory requests or guidance related to such licenses	Data regarding an investment, contact and identity data, financial data	Compliance with our legal obligations Legitimate interests
To facilitate and/or respond to administrative, regulatory and judicial requests and audits, and act in a collaborative manner with any competent supervisory authorities	Data regarding an investment, contact and identity data, financial data	Compliance with our legal obligations Legitimate interests
To protect our legal rights and interests (such as initiating legal claims and preparing our defense in litigation proceedings, which may include the disclosure of your data to your or our lawyers or consultants)	Contact and identity data, telephone data, emails or contact forms, data regarding an investment, payment data, criminal record data	Legitimate interests
To understand our client actions, preferences, expectations and feedback in order to improve the relevance of offers of our products and services, and ensure that our Website is being used appropriately to optimise its functionality	Preference data, location data, technical data, usage data	Legitimate interests
To prevent and/or investigate suspected financial crime, including fraud, terrorism, financing and money laundering, to comply with sanctions including Know Your Customer and Politically Exposed Persons (PEP) screenings and to manage and assess risks and to protect you from fraud and errors	Contact and identity data, taxation data, financial data, criminal record data, securities and guarantees data	Compliance with our legal obligations Legitimate interests
To perform statistical analysis particularly for regulatory purposes and for managerial reports	Contact and identity data, financial data, usage data, location data, preference data	Legitimate interests
To ensure network and information technology for the purpose of preventing cyber-attacks and unauthorised use of our telecommunications systems and Websites	Technical data	Legitimate interests
To manage and monitor our properties, offices, and branches by setting up CCTV systems for the purpose of safeguarding against trespassers, gathering evidence in the event of a robbery or fraud	Contact and identity data	Legitimate interests
To share data with fraud prevention agencies and law enforcement agencies	Contact and identity data, taxation data, financial data, criminal record data, social media/third-party data	Legitimate interests
To centralise appropriate data to coordinate services among different departments	Preference data, contact and identity data, data regarding an investment	Legitimate interests
To ensure business continuity and disaster recovery and respond to information technology and business incidents and emergencies	Contact and identity data, financial data, data regarding an investment	Legitimate interests
To assess the quality of our customer services and provide staff training	Emails or contact forms, telephone data	Legitimate interests
To perform analyses of your requests or complaints for the purposes of preventing errors and process failures, and rectifying negative impacts on clients and other parties we deal with	Emails or contact forms, telephone data	Legitimate interests
To address any of your complaints or claims	Emails or contact forms, telephone data	Legitimate interests
To perform analyses and review engagement with our Social Media Pages	Social media/third-party data	Legitimate interests
To conduct marketing or market and opinion research, including sending you research, event invitations, advertisements regarding our campaigns and to inform you about the goods, services or events that may be of interest to you, unless you have not provided consent to the use of your data in this way	Marketing data, social media/third-party data	Consent

Where we process your personal data with your consent, especially when the personal data is of a sensitive nature, you can withdraw your consent at any time by using the contact details in theContact detail section below. However, if you do so, we may no longer be in a position to continue providing you with any related services. Additionally, we are obligated to keep a copy of any data provided as per Capital Market Authority regulations.

On a case-by-case basis, we may also use your personal data for subsequent purposes that are compatible with the purpose which the data originally was collected for such as knowledge management, handling of potential claims and proceedings, and handling of requests from supervisory authorities.

Except in relation to marketing, advertisements and Personal Data subject to our cookie policy, providing the above Personal Data is mandatory and if you fail to provide personal data when required:

• to offer you some of the services available on the Website, you will not be able to access all the available services;
• to enter into a contract, we will not be able to conclude the respective contract with you; and/or
• by a statutory or contractual requirement, you will be liable as provided in the statute/contract.

5. How We Share or Disclose Your Personal Data

Sidra Capital is an international company, and we may disclose your data to different legal entities within our Group and to third parties on a recurring basis.

• Our affiliated companies: We may share your personal data with other companies in the Sidra Capital Group within the scope of this Privacy Notice.
• Funds and other institutions: We may share your personal data in connection with your investments and when conducting assessments of our client statuses, particularly risk and/or compliance-related assessments. This may include banks and financial institutions or similar institutions to perform our contractual obligations or for transactions related to our clients.
• Service providers: We partner with third parties to assist with many aspects of our business, including fulfilling investments, advertising, analysing your interests and activity on our Website, and helping us communicate with our clients. These third parties may provide services related to any of the purposes described in the “How We Process Your Personal Data” section, and we may share with them any information described in thePersonal Data We Collect About Yo section. This may include credit checking to allow Sidra to obtain and exchange information relating to prospective borrowers, valuators, appraisers, surveyors, and experts in connection with your requests. This may include those providing services to Sidra and/or our clients for the purposes of financial services and operations, particularly without limitation in connection with electronic financial trading platforms, payment-related services, electronic services, notification of correspondences, archiving and such other services that necessitate engaging service providers. We may also receive information collected by these third parties and combine it with the information we have collected Your information may also be collected and processed by third parties, such as the payment providers you select, who will process your information independently in accordance with their own privacy notices.
• Receivers: We may share your personal data for the purposes of any formality or measure which Sidra may take to procure guaranties from third parties or to protect, implement and collect its rights under a contract, document or by virtue of law or regulations.
• Insurance companies: We may share your personal data in connection with insuring Sidrs business and risks or in connection with the financial services we provide. This may also include Sidrs counterparty insurance companies, particularly to insure bank accounts, operations and liabilities.
• Exchanges, clearing institutions, administrators, custodians and counterparties: We may share your personal data where these parties are involved in client transactions and with counterparties within the scope of or in connection with any financing obtained by Sidra in connection with or based on or against the cliens transactions, and/or any credit facilities granted by Sidra to the client and which are financed or refinanced through such counterparties and/or if and when required under any laws or regulations application to the transactions.
• Marketing providers: We partner with third parties to assist with the advertising and marketing of our business We may share with them the types of information described in thePersonal Data We Collect About Yo section We may receive information collected by these third parties and combine it with the information we have collected.
• Parties to a business transaction: If we are ever merged with or acquired by another company or are involved in a corporate reorganisation or other change in corporate control, your information could be shared with that business entity.
• Client guarantors and security providers: We may share your personal data for the purposes of the guaranteed indebtedness.
• Disclosures Required by Law: We may also share personal data where required by law This may include disclosing personal data to public authorities, such as tax authorities, or disclosing personal data in connection with legal proceedings. This may include relevant US authorities and bodies upon their request, in case the client is classified as a Recalcitrant Accountholder under FATCA.
• Reporting: We may disclose your data to relevant authorities and bodies in connection with the implementation of the OECD Common Reporting Standards for the purposes of the CRS requirements (OECD CRS).
• Other agents: We may disclose your personal data to other agents working on our behalf from time to time.
• General authority: We may disclose your personal data for statistics.

For further information on the entities and third parties we share your Personal Data with, please reach out using our contact details in theContact Detail section below.

Transferring your personal data across geographies

As the recipients mentioned above may be established anywhere in the world, the personal data may be transferred globally. Where we transfer your personal data across national boundaries, we will protect your information by ensuring that those transfers are made in compliance with applicable data protection laws. If data originating from the Kingdom of Saudi Arabia is transferred to countries outside the Kingdom of Saudi Arabia which do not offer an adequate level of protection, we will adopt appropriate safeguards to protect your privacy. This may include adopting standard contractual clauses, binding common rules, certificates of accreditation or approved binding codes of conduct.

When we transfer your personal data outside of us or to third parties, we obtain contractual commitments from them to protect your personal data. When we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal information is disclosed.

6. Third-Party Links

Our Website may contain links to third-party online websites/apps. Such third parties have their own policies and notices that govern their collection, use, and disclosure of information. We suggest that you read their privacy notices to learn about their practices.

Social media provides tools and links that we may include on our Website If you choose to use such tools or links, that social media platform may collect information from your visit to our Website We also have Social Media Pages where we provide information about our products and interact with the users. On such Social Media Pages, we may receive anonymised insight, such as statistics about the age, gender, and location of our users We will also receive information that you decide to share with us, such as chat, comments and likes.

Your experience on social media sites will be governed by the privacy and other policies and notices of those sites. The privacy settings you have chosen on those websites will determine the degree to which your information is made public. We encourage you to choose your privacy settings on those websites accordingly. As we are joint controllers with social media platforms for data processed from your use of our Social Media Pages or links on our site, and for aggregated insight that we get from your use of our Social Media Pages, you may also contact us if you would like more information, or if you want to exercise your privacy rights However, please note that we may not be able to respond to all requests and that we may have to refer you to the relevant social media platform for further information.

7. How Long We Store Your Personal Data

We will retain your personal data for as long as necessary for the purposes for which we collect it. We are obliged to retain your data for 10 years as enforced by the Kingdom of Saudi Arabis Capital Market Authority. We have implemented appropriate measures to ensure your data is securely destroyed in a timely and consistent manner when it is no longer required. In specific circumstances, we may store your personal information for longer periods and the precise period will depend on the purpose for which we hold your information, these are the criteria that we use to determine when we will delete your data:

• We retain data to the extent required by law (such as tax/bookkeeping laws).
• We retain data such as contact data, marketing data, location data and preference data as long as you have consented to receive marketing communication from us.
• We retain data so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal data or dealings.
• We retain data collected through cookies as mentioned in our cookie policy.

8. Your Privacy Choices

You can control the information we collect and use in the following ways:

• Location information: You can disable location-based services on your mobile device or web browser by adjusting the settings on your device or browser. This will prevent our Website from accessing your location information. Note that some services may not be available if you disable location-based services.
• Marketing emails: You may opt out of our marketing emails by following the instructions listed in any email communications you receive or by contacting us using the contact details provided under theContact Informatio section, below.
• Online advertising: For information about opting out of third-party advertising, visit: NAI Opt-Out or DAA. You will leave our Website for a separately managed online site where you can specify your preferences. We may use more than one third-party company for placing this advertising, which would require you to opt out of each company.

9. Your Privacy Rights

Kingdom of Saudi Arabia privacy rights

For the purposes of this section, the termpersonal dat has the meaning given under applicable law. Within the conditions/limitations set out in applicable law, you have the following privacy rights:

Right to be informed: You have the right to obtain further information on our use of your personal data unless this information is already available to you or if providing it would conflict with any existing laws in the Kingdom of Saudi Arabia.

Right of access: You have the right to request access to your personal data unless such a request would adversely affect the rights of others.

Right to request access: You have the right to receive a copy of your personal data in a clear and reasonable format if technically feasible.

Right to request correction: You have the right to ask us to correct your personal data if it is incorrect or incomplete, such as by changing your details on your account. You may obtain a restriction on our processing of your personal data when the accuracy of it is contested for a period allowing us to verify its accuracy.

Right to request destruction: You have the right to request the erasure of your personal data unless Sidra Capital has a legal basis for retaining it or your personal data is necessary for judicial procedures.

Right to withdraw consent: If you have given your consent to our processing of your personal data, you are free to withdraw the consent at any time.

Right to file a complaint with the Competent Authority.

Right to claim compensation: You may claim compensation for material or moral damage if you are harmed due to violations of the Personal Data Protection Law or its Implementing Regulations.

Other rights: you may also be entitled to additional rights and remedies provided by your local applicable law.

Unless otherwise stipulated by the law, you will not be required to pay any fees in return for exercising this right. In case of submitting a request for exercising this right, you will receive a response within 30 days of the request receiving date.

How to Submit a Request or Exercise Your rights

If you wish to exercise the rights listed above and are a resident of a country that provides such privacy rights or wish to file a complaint or objection, you may submit a request by:

• emailing: [email protected]

If you choose to submit your request via email, includePrivacy Rights Reques in the subject line. In any cases where you submit your request, you may need to undergo an identity verification process. During this process, we may request additional information from you to verify your identity or understand the scope of your request, although you will not be required to create an account with us to submit a request or have it fulfilled. For access requests, we may require (if you have purchased our products or service) that you identify some transactions.

If you are not satisfied with how we handle your complaint or if we fail to respond within 90 days, you can file a complaint with the Competent Authority:

SDAIA

Kingdom of Saudi Arabia, Riyadh

Websites:

• Saudi Data & AI Authority (sdaia.gov.sa)
• National Data Governance Platform (dgp.sdaia.gov.sa)

10. Automated Decision Making

In principle, we do not make decisions based solely on automated processing to establish and implement a business relationship. However, we may use certain automated processing when this is requested to comply with local and international laws and regulations or internal policies and procedures in certain cases such as certain classifications of accounts including doubtful or blacklisted accounts. Please note that such automated processing is made to assist us in our decisions in relation to our prospective or existing business relationship with you but is not the only tool used for our decision-making. We assess the situation of all clients on an individual basis and make decisions only following the review of each case by an authorised member of our staff.

11. Newsletters and marketing emails, SMS and WhatsApp

We may process your data to inform you about our products, services and offers that may be of interest to you or your business. We can only use your data to promote our products and/or services to you if we have your consent to do so or, in certain cases, if we consider that it is in our legitimate interest to do so.

You have the right to withdraw your consent to the processing of your data for marketing purposes by contacting your relationship manager at any time, in person or in writing, or by clicking on the option to opt out of receiving marketing information in any future marketing communication you receive from us.

Even if you inform us that you no longer wish to receive marketing material, you will still receive other important information from us from time to time, such as changes or updates to your existing products or services.

12. Security

We employ physical, technical, and administrative security procedures to safeguard the personal data we collect from loss, misuse, alteration, or destruction. We protect your data against unauthorised access, use or disclosure, using security technologies and procedures, such as encryption and limited access. Only authorised individuals access your data, and they receive training about the importance of protecting personal data. While we use these security measures, you should be aware that 100% security is not always possible.

13. Contact details

You can contact us for any queries about the processing of your personal data in our capacity as the controller:

• by email at: [email protected]
• by phone at:+966 59 8090096

Our Data Protection Offices details are below:

White Label Consultancy FZCO
HD-21 SRT, Floor 26, Sheikh Rashid Tower,
Dubai World Trade Centre,
Dubai, United Arab Emirates

You can contact our DPO by email at: [email protected]

14. Changes to this Privacy Notice

If we make any changes to this Privacy Notice that will affect your privacy, we will notify you by appropriate means, such as by email or by publishing updates on our Website. You will always find the latest version of this Privacy Notice on our Website.

Last updated on 5 September 2024