Privacy Policy

1. Introduction

This document describes the privacy practices of SadewaCapital ("we," "us," "our," or "the Platform"). We are committed to protecting your personal data and ensuring its security. This Privacy Policy describes how we gather, use, disclose, store, and safeguard information when you use our website, mobile applications, and related services (together, the "Services").

By using SadewaCapital, you confirm that you have read, understood, and accept the practices set out in this Privacy Policy. If you do not agree, please stop using our Services.

Our practices align with applicable data protection legislation, including where relevant the Qatar Personal Data Protection Law and, for users in the EEA, the European Union General Data Protection Regulation (GDPR).

2. Information We Collect

We process different categories of data to provide, maintain, improve, and secure our Services:

2.1 Data You Provide

When you register, we may ask for:

• Identity data: Full name, date of birth, gender, residential address
• Contact data: Email address, phone number, postal address
• Financial data: Bank account details, payment card information, transaction history
• Verification documents: Government-issued ID (e.g. passport, national ID), proof of address (utility bills, bank statements)
• Account credentials: Username, password, and any security questions you set

2.2 Data Collected Automatically

When you use our Services, we may automatically gather:

• Device data: IP address, browser type and version, operating system, device identifiers
• Usage data: Pages visited, features used, time on page, click patterns, session recordings
• Location data: Approximate location derived from your IP address
• Cookies and similar technologies: Session and persistent cookies, web beacons, analytics tags (see our Cookies Policy)

2.3 Data from Third Parties

We may receive data about you from:

• Identity verification providers: For KYC (Know Your Customer) compliance
• Payment processors: Transaction confirmations and payment status
• Connected exchanges: Trading activity and account balances (only where you authorise API access)
• Analytics providers: Aggregated usage and performance data

3. How We Use Your Data

We use your data for the following purposes:

• Service delivery: To create and manage your account, execute trades, process payments, and provide platform features
• Compliance: To meet Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) and other regulatory requirements
• Support: To respond to enquiries, resolve issues, and assist you
• Security and fraud prevention: To detect, prevent, and investigate suspicious or unauthorised activity
• Improvement: To analyse usage, develop features, and improve the user experience
• Communication: To send account and security notifications, updates, and (with your consent) marketing
• Legal and regulatory: To comply with law, respond to lawful requests, and enforce our Terms & Conditions
• Analytics: To produce anonymised statistics and insights

4. Legal Basis for Processing

Where required by law (e.g. in the EEA), we process personal data on the following bases:

• Contract: Processing necessary to perform our agreement with you
• Legal obligation: AML/CTF, tax, and financial reporting requirements
• Legitimate interests: Fraud prevention, security, and analytics (where balanced with your rights)
• Consent: Marketing and other optional processing (you may withdraw consent at any time)

5. Sharing of Your Data

We do not sell or rent your personal data. We may share it with:

5.1 Service Providers

Trusted third parties that assist us, including:

• Payment processors (for transaction processing)
• Cloud hosting providers (for data storage and server infrastructure)
• Identity verification services (for KYC compliance)
• Email and communication platforms (for notifications)
• Analytics and monitoring tools (for performance tracking)

Such providers are bound by contract to protect your data and use it only for the purposes we specify.

5.2 Regulators and Legal Requests

Where the law requires, we may disclose data to:

• Relevant financial and data protection authorities (including in Qatar)
• Law enforcement in response to valid legal process
• Tax authorities for reporting obligations

5.3 Corporate Changes

In case of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity under the same privacy standards as in this policy.

6. Data Security

We apply industry-standard measures to protect your data:

• Encryption: SSL/TLS for data in transit; AES-256 for sensitive data at rest
• Access control: Role-based access so only authorised staff can access personal data
• Two-factor authentication (2FA): Offered for all accounts
• Security testing: Regular third-party penetration testing and vulnerability assessments
• Infrastructure: Data held in certified data centres with physical and logical safeguards
• Incident response: Procedures for breach detection and notification where required by law

No transmission or storage method is completely secure. You are responsible for keeping your account credentials confidential.

7. Data Retention

We keep personal data only as long as needed for the purposes in this policy, or as required or permitted by law:

• Active accounts: Data kept while your account is active
• Closed accounts: Identity and verification records for up to 7 years (AML/CTF and regulatory requirements)
• Transactions: Records kept for 7 years for financial and tax compliance
• Support communications: Typically up to 3 years
• Marketing data: Removed within 90 days of consent withdrawal

8. Your Rights

Depending on your location, you may have the right to:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Erasure: Request deletion of your data (subject to legal retention)
• Object: Object to processing for marketing or certain other purposes
• Portability: Request a copy of your data in a portable format where technically feasible
• Restriction: Request that we limit how we process your data in certain cases
• Withdraw consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact [email protected]. We will respond within 30 days.

9. International Transfers

Your data may be transferred to and processed in countries outside your country of residence (e.g. for hosting or support). We ensure appropriate safeguards, such as:

• Standard contractual clauses (e.g. EU-approved SCCs where relevant)
• Other mechanisms recognised under applicable data protection law
• Contractual commitments with processors to protect your data

10. Minors

Our Services are not directed at anyone under 18. We do not knowingly collect personal data from minors. If we learn that a user is under 18, we will delete the account and associated data without delay.

11. Changes to This Policy

We may change this Privacy Policy from time to time. Material changes will be communicated by email or a clear notice on the website at least 30 days before they take effect.

Continued use of the Services after the effective date of changes means you accept the updated policy.

12. Contact

For questions, concerns, or complaints about this Privacy Policy or our handling of your data:

Privacy Officer
SadewaCapital
Email: [email protected]
Phone: +974 4032 8847
Address: Office 1502, Al Fardan Tower, West Bay, Doha, P.O. Box 22121, Qatar

If you are not satisfied with our response, you may complain to the relevant supervisory authority (e.g. the data protection authority in your country or, for Qatar, the competent authority under the applicable data protection framework).