Privacy Policy

1. Introduction

Growth Capital (“we,” “us,” or “our”) is a private wealth management and advisory firm registered and operating in Dubai, United Arab Emirates. Our registered office is located at Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba, Dubai, U.A.E.

We are committed to protecting the privacy and security of the personal data entrusted to us by our clients, prospective clients, and visitors to our website at growthcapital.ae. Given the sensitive financial nature of our services, we apply rigorous standards to the handling of all personal information.

This Privacy Policy explains how we collect, use, store, share, and protect your personal data in compliance with the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (the “PDPL”), its implementing regulations, and other applicable data protection laws. Where our clients or their data are subject to the Dubai International Financial Centre (DIFC) Data Protection Law No. 5 of 2020, or the Abu Dhabi Global Market (ADGM) Data Protection Regulations 2021, we comply with those frameworks accordingly.

2. Data Controller

For the purposes of applicable data protection legislation, the data controller responsible for your personal data is:

3. Personal Data We Collect

We collect personal data that you voluntarily provide to us when you submit an application through our website, contact us via email or telephone, or engage our advisory services. We also collect certain technical data automatically when you visit our website.

3.1 Identity and Contact Data

First name, last name, email address, telephone number, country of residence, nationality, and current profession. This information is collected through our wealth management application form and is necessary for us to identify you and establish contact.

3.2 Financial Profile Data

Estimated net worth (provided as a range), annual income (provided as a range), primary source of wealth, and whether you currently work with a financial advisor. This data enables us to understand your financial position and tailor our advisory services appropriately. We collect this information in broad ranges rather than exact figures to minimise the sensitivity of data held at the application stage.

3.3 Service Preference Data

Which of our services you are interested in (such as wealth management, legal advisory, accounting and tax advisory, tax relocation, premium residency and golden visa, private banking setup, wealth structuring, or venture capital and private equity deal access), your primary financial goal, preferred jurisdiction, investment timeline, how you heard about Growth Capital, any additional notes you wish to share, and your preferred method of contact.

3.4 Technical and Usage Data

When you visit our website, we collect anonymised usage analytics through Vercel Analytics. This includes page views, referral sources, device type, browser type, and approximate geographic location (at the country level). Vercel Analytics is a privacy-focused analytics service that does not use cookies and does not collect personally identifiable information. No IP addresses are stored by Vercel Analytics, and individual visitors cannot be identified from this data.

4. Legal Basis and Purpose of Processing

Under Article 5 of the UAE PDPL, we process your personal data on the following lawful bases and for the following purposes:

5. Data Sharing and Third-Party Processors

We do not sell, rent, or trade your personal data. We share your data only in the limited circumstances described below, and we ensure that all recipients are bound by appropriate contractual and technical safeguards in accordance with Article 7 of the PDPL.

5.1 Technology Service Providers (Data Processors)

We engage the following third-party service providers who process personal data on our behalf and under our documented instructions:

5.2 Professional Advisors and Partners

In the course of delivering our services, we may share relevant personal data with trusted professional partners including legal counsel, tax advisors, private banks, corporate service providers, and immigration consultants, strictly on a need-to-know basis and subject to professional confidentiality obligations. We will inform you before any such sharing takes place and, where required by law, obtain your prior consent.

5.3 Regulatory and Legal Disclosures

We may disclose personal data where required to do so by applicable law, regulation, or legal process, including AML/CTF obligations, court orders, or requests from UAE regulatory authorities. We will endeavour to notify you of such disclosures where legally permitted to do so.

6. International Data Transfers

Growth Capital serves clients across multiple jurisdictions, including the United Arab Emirates, Singapore, Thailand, Portugal, Saudi Arabia, Hong Kong, Panama, and Mexico. Our use of technology service providers based in the United States (Neon, Resend, and Vercel) means that certain personal data is transferred outside the UAE.

In accordance with Articles 22 and 23 of the UAE PDPL and any transfer regulations issued by the UAE Data Office, we ensure that all cross-border transfers of personal data are subject to appropriate safeguards, including:

• Data processing agreements with each service provider that incorporate standard contractual clauses or equivalent safeguards recognised under the PDPL.
• Verification that recipient jurisdictions provide an adequate level of data protection or, where they do not, implementation of supplementary measures such as encryption and access controls.
• Limiting the scope of transferred data to what is strictly necessary for the relevant processing purpose.
• Technical safeguards including TLS encryption for data in transit and AES-256 encryption for data at rest.

Where you are located in a jurisdiction with its own data protection requirements (for example, Singapore under the Personal Data Protection Act, or an EU/EEA country under the General Data Protection Regulation), we apply the higher standard of protection where requirements differ.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, and in compliance with Article 17 of the PDPL. Our specific retention periods are as follows:

Upon expiry of the relevant retention period, personal data is securely deleted or irreversibly anonymised. Where deletion of specific records is required by law to be postponed (for example, due to ongoing regulatory proceedings), the data is restricted from further processing and securely retained until deletion becomes permissible.

8. Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures in accordance with Article 6 of the PDPL, including:

• Encryption of all data in transit using TLS 1.2 or higher, and encryption of data at rest using AES-256 or equivalent standards.
• Access to personal data is restricted to authorised personnel on a need-to-know basis, with role-based access controls enforced across all systems.
• All third-party service providers are vetted for their security posture and are required to maintain industry-standard certifications (such as SOC 2 Type II) and data processing agreements.
• Regular review of security practices and incident response procedures.
• Secure deletion protocols for data that has reached the end of its retention period.

While no method of electronic storage or transmission is entirely secure, we are committed to protecting your data to the highest practicable standard and will notify you and the relevant authorities promptly in the event of a data breach in accordance with Article 9 of the PDPL.

9. Your Rights

Under the UAE PDPL (Articles 12 through 16) and, where applicable, the DIFC Data Protection Law and international data protection regulations, you have the following rights with respect to your personal data:

To exercise any of these rights, please contact us at [email protected]. We will respond to all legitimate requests within 30 days, or within the timeframe prescribed by applicable law. We may require you to verify your identity before fulfilling your request.

10. Cookies and Tracking Technologies

Our website does not use tracking cookies, third-party advertising cookies, or similar technologies that track individual users across websites.

We use Vercel Analytics, which is a privacy-focused analytics solution that operates without cookies. Vercel Analytics collects anonymised, aggregate data about page views and visitor demographics (device type, browser, country) without storing IP addresses or creating individual user profiles. This data cannot be used to identify you personally.

Our website may use strictly necessary cookies that are essential for the functioning of the site (such as session management). These cookies do not collect personal data and cannot be used for tracking purposes.

11. Children’s Data

Our services are directed at adults and, in particular, high-net-worth individuals with the legal capacity to engage financial advisory services. We do not knowingly collect personal data from individuals under the age of 18. In accordance with Article 10 of the PDPL, if we become aware that we have inadvertently collected personal data from a minor without appropriate parental or guardian consent, we will promptly delete that data and take steps to prevent further collection.

12. Special Categories of Data

We do not intentionally collect special categories of personal data (also known as sensitive personal data) as defined under Article 3 of the PDPL, including data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sexual orientation. If such data is incidentally provided by you (for example, in free-text fields), we will process it with heightened safeguards and only to the extent strictly necessary for the purpose for which it was provided.

13. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on you, as described in Article 11 of the PDPL. All advisory decisions are made by our qualified human team. Where we use technology to assist in preliminary assessment or workflow management, a qualified professional always reviews and makes the final determination.

14. Third-Party Links

Our website may contain links to third-party websites, including scheduling platforms (such as Calendly) and social media profiles. These third-party sites operate under their own privacy policies, which we encourage you to review. We are not responsible for the privacy practices or content of any third-party websites. The inclusion of a link does not imply endorsement of the third party’s data handling practices.

15. DIFC and ADGM Considerations

While Growth Capital is not established within the Dubai International Financial Centre (DIFC) or the Abu Dhabi Global Market (ADGM), we may process personal data of individuals who are subject to the DIFC Data Protection Law No. 5 of 2020 or the ADGM Data Protection Regulations 2021 by virtue of their employment, residency, or business activities within those financial free zones.

Where applicable, we comply with the requirements of those frameworks, including the DIFC Commissioner of Data Protection’s guidance on cross-border data transfers, data subject rights, and breach notification obligations. If you believe that your data is subject to DIFC or ADGM data protection law and you wish to exercise rights under those frameworks, please contact us using the details provided in Section 16 below.

16. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how we handle your personal data, please contact us:

We aim to respond to all data protection enquiries within 14 business days. If you are unsatisfied with our response, you have the right to lodge a complaint with the UAE Data Office or the relevant supervisory authority in your jurisdiction.

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. When we make material changes, we will update the “Last updated” date at the top of this page. Where changes are significant, we will take reasonable steps to inform you, such as by publishing a notice on our website or, where we hold your contact details and the change materially affects the processing of your data, by contacting you directly.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.