1. Introduction

Magnum Ventures (DIFC) Limited (“Magnum Ventures”, “we”, or “us”) is committed to protecting the privacy and security of your personal information (“PI”), including sensitive personal information (“SPI”). This Privacy Notice explains how we collect, use, disclose, and protect your personal information, and outlines your rights under applicable data protection laws. This Notice is prepared in accordance with the Dubai International Financial Centre (DIFC) Data Protection Law No. 5 of 2020 and all relevant DIFC and DFSA regulations.

2. Information We Collect

“Personal Information” refers to any information that identifies, or can be used to identify, an individual. Depending on our relationship with you and the services we provide, we may collect the following categories of data:

• Identification Data: Full name, title, gender, marital status, date of birth, passport number, national identification number, signature.
• Contact Data: Personal or business address, telephone number, and email address.
• Electronic Monitoring Data: To the extent permitted by law, we may record and monitor your electronic communications with us, including telephone conversations, emails, and instant messages.
• Financial Data: Account numbers, bank details, transaction information, investment history, and payment instructions.
• Professional Information: Occupation, employer, position, business contact details.
• Services Data: Details relating to services provided to or by us.
• Sensitive Personal Information: In limited and lawful circumstances, we may collect information related to criminal convictions, sanctions, and political exposure (for example, to determine whether you are a politically exposed person, as part of AML and sanctions screening).

• 2.1 How We Collect InformationWe may collect your personal information through the following means:
  • Directly from you when you communicate with us or use our services.
  • From your organisation if it is a client, counterparty, or vendor of Magnum Ventures.
  • During our ongoing relationship, as your information or service requirements change.
  • From public registers, databases, and other legitimate third-party sources (including regulatory bodies and World-Check).
  • Through your visits to our website or electronic systems.
  Certain information is necessary for us to deliver our services. Failure to provide such information may result in us being unable to provide those services or to comply with legal obligations.
• 2.2 How We Use Your Information (Purpose of Processing)We process personal information for lawful and legitimate purposes, including but not limited to:
  • Client onboarding and due diligence: To perform mandatory Know Your Client (KYC), Anti-Money Laundering (AML), Counter-Terrorist Financing (CTF), and sanctions screening in accordance with DIFC and DFSA regulations.
  • Providing and managing services: To deliver the financial and advisory services that you have requested, including account management, transaction processing, and reporting.
  • Compliance with legal and regulatory obligations: To comply with laws, regulatory rules, supervisory reporting requirements, and audit obligations applicable in the DIFC and other relevant jurisdictions.
  • Internal management and operations: To manage internal records, support IT systems, and ensure security, continuity, and integrity of our systems and operations.
  • Research and analysis: To assess service performance, improve client experience, and support risk management and internal governance.
  • IT security and business continuity: To prevent fraud, cybersecurity incidents, and data misuse, and to ensure ongoing resilience of our systems.
• 2.3 Lawful Basis for ProcessingWe process personal information under one or more of the following lawful bases:
  • Contractual necessity: To perform our obligations under a contract or to take steps prior to entering into a contract at your request.
  • Legal obligation: To comply with applicable legal or regulatory requirements to which we are subject.
  • Legitimate interests: To pursue our legitimate business interests, or those of a third party, provided such interests are not overridden by your fundamental rights and freedoms.
  • Consent: Where we rely on your explicit consent to process specific information, particularly where required for sensitive personal information.

3. Data Processing and Protection

• 3.1 Data Minimisation and Purpose Limitation We are committed to collecting only the personal information necessary for the stated purposes and using it solely for those purposes. We will not use your information in any manner incompatible with the original reason for which it was collected.
• 3.2 Your Rights Under the DIFC Data Protection Law, you have the following rights regarding your personal information:
  • Right to access: To obtain confirmation as to whether we process your data and to request a copy of the personal data we hold about you.
  • Right to rectification: To request correction of inaccurate or incomplete personal data.
  • Right to erasure: To request deletion of personal data in specific circumstances, such as where it is no longer necessary for the purpose for which it was collected.
  • Right to restriction: To request limitation of processing in certain circumstances.
  • Right to portability: To request the transfer of your personal data to you or another controller in a commonly used, machine-readable format.
  • Right to object: To object to certain types of processing, including processing based on legitimate interests.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
  To exercise these rights, please contact our Data Protection Contact Person at the details below. We may require verification of identity before responding to such requests. No fees are charged unless the request is manifestly unfounded or excessive.
• 3.3 Data Sharing We may share your personal information with:
  • Service providers and professional advisers: who support us in delivering services (e.g., IT, audit, legal, or compliance consultants) under strict confidentiality and data protection obligations.
  • Regulatory authorities and government agencies: when required by law, regulation, or lawful request.
  • Other counterparties or affiliates: where necessary to perform our contractual or legal obligations, subject to appropriate safeguards.
  All third parties are bound by contractual obligations to maintain confidentiality and implement suitable data protection measures.
• 3.4 International Data Transfers We may transfer your personal data to jurisdictions outside the DIFC. Such transfers will only occur:
  • To jurisdictions recognised as adequate by the DIFC Commissioner of Data Protection; or
  • Subject to legally binding safeguards such as Standard Contractual Clauses or Binding Corporate Rules ensuring an equivalent level of data protection.
• 3.5 Data Retention We retain your personal information for the period necessary to fulfil the purposes outlined in this Notice or as required by applicable laws. Retention periods vary depending on the data type and applicable regulations:
  • Client data: retained for at least six (6) years after termination of the client relationship or as required by law.
  • AML/KYC data: retained for at least six (6) years following the end of the client relationship or longer if required by DFSA/AML regulations.
  • Operational records and transaction data: retained in line with DFSA and DIFC record-keeping requirements.
  After expiry of the retention period, personal data will be securely deleted or anonymised unless further retention is necessary for legal, regulatory, or dispute resolution purposes.
• 3.6 Data Security We maintain appropriate technical and organisational security measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include access controls, encryption, system monitoring, staff training, and regular policy reviews.
• 3.7 Data Breach Notification In the event of a personal data breach likely to result in a risk to individuals’ rights and freedoms, Magnum Ventures will:
  • Notify the DIFC Commissioner of Data Protection without undue delay and, where feasible, within 48 hours of becoming aware of the breach; and
  • Inform affected individuals promptly if the breach presents a high risk to their rights and freedoms.
  We have established internal procedures for breach identification, containment, investigation, and corrective action to prevent recurrence.
• 3.8 Automated Decision-Making and Profiling We do not use personal information for automated decision-making or profiling that produces legal or significant effects on individuals.

4. Cookies and Similar Technologies

Our website may use cookies and related technologies to improve your browsing experience and analyse website usage. Cookies are small text files placed on your device when you visit a website. We may use:

• Session cookies, which are deleted when you close your browser; and
• Persistent cookies, which remain stored for a defined period to enhance functionality.

You can manage or disable cookies through your browser settings. Please note that disabling cookies may affect website functionality.

5. Updates to this Notice

This Privacy Notice may be updated periodically to reflect regulatory or operational changes. The latest version will be available on our website. Any material changes will be communicated through appropriate means, such as email or website notice.

6. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Notice or your personal data, please contact our Data Protection Contact Person at: Email: bsb@magnumventures.com Address: Index Tower, Floor 4, Unit 408, DIFC, Dubai, United Arab Emirates Contact Number: +971 4 285 6704

7. Complaints

If you have concerns about the way your personal data has been handled, please contact our Data Protection Contact Person at the email above. You also have the right to raise a complaint with the DIFC Commissioner of Data Protection using the details below: Dubai International Financial Centre Authority Level 14, The Gate Building Email: commissioner@dp.difc.ae Phone: +971 4 362 2222