We may collect your personal data during the course of our relationship with you and will only use your personal data in accordance with applicable data protection law.We do not make decisions based solely on automated processing, including profiling, which produce legal or similarly significant effects on individuals.We use collected data for the following reasons:Customer Data (Know Your Customer – KYC)• Full name, nationality, date of birth, and gender• Government–issued identification (e.g., Emirates ID, passport)• Contact details: address, phone number, email• Occupation and employer details• Source of funds and purpose of the business relationshipPurpose: To verify your identity and comply with legal obligations such as anti–money laundering (AML) and counter-terrorism financing (CTF) regulations. In certain circumstances, onboarding information may be shared with affiliated entities within our corporate group where necessary to facilitate services provided under separate contractual arrangements or to comply with applicable regulatory obligations.Transaction Monitoring and Account Servicing Data• Wallet addresses and transaction history• Financial records including funding sources and payment methodsPurpose: To process transactions securely, detect suspicious activity, and ensure compliance with financial laws and regulatory obligations.Technical and Profile Data• IP address, browser type, and device identifiers• Usage logs and session dataPurpose: To ensure system security, improve user experience, and troubleshoot service issues.Communication and Client Relationship Management Data• Email correspondence, phone call records, and submitted formsPurpose: To respond to your queries, maintain service quality, and provide ongoing support.Marketing and Research Data (with consent)• Email address and usage dataPurpose: To send promotional materials, newsletters, and service updates—only where you have given explicit consent.Recruitment and Employment Data• CVs and employment history• Passport and Emirates ID• Email address and phone number• Full name and residential addressPurpose: To assess applications, conduct interviews, manage recruitment, and onboard successful candidates. For employees, to manage contracts, payroll, regulatory compliance, and internal HR functions. Legal bases include consent (for candidates), contractual obligations (for employees), and legal obligations (e.g. payroll, immigration compliance).We also collect, use and share aggregated data such as statistical or demographic data which is not personal data as it does not directly (or indirectly) reveal your identity. For example, we may aggregate individuals' Usage Data to calculate the percentage of users accessing a specific website feature in order to analyse general trends in how users are interacting with our website to help improve the website and our service offering.

We only process your personal data when we have a valid legal basis to do so, as required under the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data. These bases can include:Performance of a ContractWe process your data where it is necessary to enter into or perform a contract with you—for example, to provide you with our trading or financial services.Compliance with Legal ObligationsWe process your data to meet our obligations under UAE or international laws—for example, to comply with anti-money laundering (AML), know-your-customer (KYC), tax, or regulatory reporting requirements (e.g., to VARA or other authorities).ConsentWhere required, we obtain your consent–for example, for sending you marketing communications or transferring your data across borders when no other lawful basis applies. You can withdraw your consent at any time.Legitimate InterestsWe may process your data to serve our legitimate business interests, such as preventing fraud, improving cybersecurity, protecting our users and systems, or optimising your experience. We always assess and balance these interests against your rights and freedoms.Protection of Your Vital Interests or Public HealthWe may process your data where necessary to protect your vital interests (e.g., in case of medical emergencies) or for public health reasons, such as complying with health-related legal obligations.Legal Claims and RightsWe may process your personal data to establish, exercise, or defend legal claims or in connection with legal or judicial proceedings.Employment and Social ProtectionIf you are an employee, contractor, or job applicant, we may process your data to meet obligations in the field of employment law, social security, or social protection under applicable legislation.Scientific, Historical, or Statistical ResearchWhere permitted by law, we may use anonymised or pseudonymised data for statistical or research purposes in accordance with applicable legislation.Public Interest or Official RequirementsIn rare cases, we may process your data without consent if it is required to protect the public interest or comply with official mandates, in accordance with UAE law.

Selini Capital shares data with:• Internal departments for service delivery and regulatory compliance.• Third-party processors under strict Data Processing Agreements. We may engage cloud service providers (e.g., in Frankfurt or Dublin) for secure data storage. All such vendors are bound by Data Processing Agreements (DPAs) and undergo annual compliance reviews.• Regulatory bodies such as VARA, and other competent authorities.• Legal advisors, auditors, or entities in the context of a corporate transaction.• Affiliated Entities (Independent Controllers): We may share your personal data, including onboarding documentation and KYC information, with affiliated entities within our corporate group where necessary to facilitate related services or to enable regulatory compliance, including anti-money laundering (AML) reliance arrangements. In such cases, the receiving entity will act as an independent data controller and will process your personal data in accordance with its own legal and regulatory obligations and applicable data protection laws.We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.Our websites may provide links to third-party websites for your convenience. If you access those links, you will leave our website. We do not control those websites or their privacy practices, which may differ from ours. We do not endorse or make any representations about third-party websites. This Privacy Notice does not cover the personal data you choose to give to unrelated third parties. We encourage you to review the privacy notice of any company before submitting your personal information. Some third-party companies may choose to share their personal data with us; that sharing is governed by that third-party company's privacy notice.

We may transfer your personal data to service providers and, where applicable, to affiliated entities acting as independent data controllers that carry out certain functions or provide related services. This may involve transferring personal data outside the UAE to countries which may not provide the same level of data protection as UAE law.Where personal data is transferred to affiliated entities acting as independent controllers, such transfers are undertaken in accordance with Article 22 of the UAE Federal Decree-Law No. 45 of 2021. We implement appropriate safeguards to ensure that your personal data remains protected in line with applicable legal requirements.

Our website uses cookies to distinguish users, enhance user experience, perform analytics, and provide personalised content. These include session cookies, persistent cookies, and tracking technologies such as web beacons and pixels. You may configure your browser to refuse some or all cookies; however, some website functionalities may become unavailable.

We may use personal data to send promotional messages related to our services. You may opt out anytime by using the unsubscribe mechanism in our communications or contacting us at ciso@selinicapital.ae.

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.We implement a layered security framework incorporating:• Multi-factor authentication (MFA)• Encryption at rest and in transit• Secure software development practices• Periodic penetration testing• Endpoint security and role-based access controlsIn addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.Data is retained only as long as necessary or as required by law, after which it is securely deleted or anonymised.

Right to Erasure ( 'Right to be Forgotten' )You can ask us to delete your data if:• It is no longer needed for the reason we collected it.• You withdrew your consent (where applicable).• You object to our processing and we have no overriding reason to keep it.• The data was collected or used unlawfully.This right does not apply where data must be kept to meet legal, public health, or judicial requirements.Right to Access Information• You can request the following information at any time, free of charge.• What types of personal data we process about you.• The purposes of that processing.• Whether any decisions affecting you are made using automated processing, including profiling.• Which sectors or third parties (inside or outside the UAE) your data is shared with.• How long we store your data and what criteria we use to define that period.• Your rights to correct, erase, or limit the use of your data, and how to exercise them.• The safeguards we use for any cross-border transfers of your data.• What we would do if your data is misused or exposed in a way that poses a serious risk to your privacy.• How you can file a complaint with the UAE Data Office.Right to Correct your DataIf you believe the personal data we hold about you is incorrect or incomplete, you can ask us to correct or update it without undue delay.Right to Restrict ProcessingYou can ask us to restrict the use of your personal data if:• You dispute its accuracy (restriction will apply while we verify it).• You believe it is being used for purposes not agreed upon.• The data is no longer needed for processing, but you need it to establish or defend legal claims.Even when processing is restricted, we may still store your data or use it for legal purposes or to protect the rights of others.Right to Data PortabilityIf our use of your data is based on your consent or a contract, and it is processed by automated means, you may request:• A copy of your data in a structured, machine-readable format.• Transfer of your data to another controller, where technically feasible.Right to Object to ProcessingYou can object to us using your data if:• It is used for direct marketing, including profiling for marketing purposes.• It is used for statistical surveys not serving the public interest.• It is used unlawfully or in breach of Article 5 of the PDPL.Right to Withdraw ConsentIf we process your data based on your consent, you can withdraw that consent at any time. This won’t affect any use of your data before the withdrawal. To withdraw consent, contact us at: ciso@selinicapital.aeRight to Lodge a ComplaintIf you're dissatisfied with how we handle your data, you can contact the UAE Data Office or another supervisory authority. For more information or to lodge a complaint, you may contact the UAE Data Office at https://u.ae/en/about-the-uae/digital-uae/data/data-protection.In accordance with Article 19 of UAE Federal Decree-Law No. 45 of 2021, we maintain a Record of Processing Activities (RoPA) which documents the categories of personal data we process, the purposes of processing, data sharing activities, and applicable retention periods. This internal register is reviewed and updated regularly as part of our data governance framework.What we may need from you to exercise your rightsWe may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.Time limit to respond to a rights requestWe respond to all legitimate requests within one month. Occasionally, it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Our services are not directed to individuals under 21. We do not knowingly collect data from minors. If you become aware of such a collection, please contact us immediately at ciso@selinicapital.ae.

This policy may be updated periodically to reflect changes in our practices or legal obligations. Material updates will be communicated through our website or direct communication, where appropriate.

For questions or to exercise your data rights, please contact: Chief Information Security Officer (CISO) Email: ciso@selinicapital.ae

In accordance with VARA and UAE Data Office requirements, Selini Capital will report any personal data breach within 24 hours of detection. We cooperate fully with regulators and ensure all processing activities are auditable and compliant with UAE Federal Law No. 45 of 2021.