Privacy Policy ISTAR Capital Ltd - DIFC
Version: 1
Amendments: Introduction of Policy
Approved by: CCO
Dates: 19/01/202
Privacy Policy
1. Introduction
IStar Capital Ltd (“IStar”, “we”, “us” or “our”) is committed to protecting the privacy and personal data of individuals in accordance with DIFC Data Protection Law No. 5 of 2020 (the “DIFC Data Protection Law”).
This Privacy Policy explains how we collect, use, disclose, store, and protect personal data when you:
• visit our website www.istar.capital (the “Site”); or
• interact with us in connection with our business, services, or regulatory obligations. This Policy applies to all Data Subjects (as defined under the DIFC Data Protection Law), including clients, prospective clients, investors, business contacts, website visitors, and other individuals whose personal data we process.
2. Data controller
For the purposes of the DIFC Data Protection Law, the Data Controller is:
IStar Capital Ltd
Unit 604, Level 6, Index Tower, DIFC, PO Box 507268, Dubai, UAE.
License number F004732
3. Personal Data We Collect
We may collect and process the following categories of personal data:
3.1 Personal data provided directly by you
• Identification and contact details (e.g. name, address, email address, telephone number);
• Professional and business information (e.g. employer, position, business activities); • Financial, investment, and transactional information, where relevant;
• Due diligence and compliance data (including KYC, AML, sanctions, and source-of funds information);
• Communications and correspondence with us.
3.2 Personal data collected automatically
When you visit our Site, we may collect:
• IP address and device identifiers;
• Browser type, operating system, and technical configuration;
• Website usage data, including pages visited and navigation patterns.
4. Legal Basis for Processing
We process personal data only where permitted under Article 10 of the DIFC Data Protection Law, including where processing is:
• Necessary for the performance of a contract or to take steps at your request prior to entering into a contract;
• Necessary for compliance with a legal or regulatory obligation, including DFSA, AML, CTF, and sanctions obligations;
• Necessary for our legitimate interests, provided such interests are not overridden by your fundamental rights and freedoms;
• Based on your consent, where required by law.
5. Purposes of Processing
Your personal data may be processed for the following purposes:
• Providing, administering, and managing our services;
• Client onboarding, due diligence, and ongoing regulatory monitoring;
• Complying with legal and regulatory obligations under applicable DIFC and international laws;
• Managing our relationship with you and responding to enquiries;
• Improving our Site, business operations, and service offerings;
• Marketing and business development activities, where permitted by law.
6. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with applicable legal and regulatory requirements.
In accordance with regulatory obligations applicable in the DIFC, certain personal data may be retained for a minimum period of six (6) years following the end of a client or business relationship, unless a longer retention period is required by law.
7. Disclosure of Personal Data
We may disclose personal data to:
• Companies within the IStar group or affiliated entities;
• Third-party service providers acting as data processors (including IT providers, compliance service providers, professional advisers);
• Financial institutions, counterparties, custodians, or service providers involved in the provision of our services;
• Regulators, courts, law enforcement agencies, or competent authorities, where required or permitted by law.
All third parties are required to process personal data securely and only in accordance with our instructions and applicable data protection laws.
8. International Transfers
Personal data may be transferred outside the DIFC where necessary for business or regulatory purposes.
Where such transfers occur, we ensure that:
• the recipient jurisdiction provides an adequate level of protection, or
• appropriate safeguards are implemented, including contractual protections consistent with the DIFC Data Protection Law.
9. Data Security
We implement appropriate technical and organisational measures to safeguard personal data against unauthorised access, accidental loss, misuse, alteration, or disclosure.
While we take reasonable steps to protect personal data, no system or transmission over the internet can be guaranteed to be fully secure.
10. Cookies
Our Site uses cookies and similar technologies to enhance functionality and user experience. Cookies may collect information about your browsing behaviour and preferences.
You may manage or disable cookies through your browser settings. Further details may be provided in a separate Cookies Policy.
11. Your Rights as a Data Subject
• Access your personal data;
• Request rectification of inaccurate or incomplete personal data;
• Request erasure of personal data, where legally permitted;
• Request restriction of processing;
• Object to processing based on legitimate interests;
• Request data portability, where applicable;
• Withdraw consent at any time, where processing is based on consent.
You also have the right to lodge a complaint with the DIFC Commissioner of Data Protection if you believe your personal data has been processed unlawfully.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in law, regulation, or our business practices. Any updates will be published on our Site with an updated revision date.
13. Contact Details
For questions about this Privacy Policy or to exercise your data protection rights, please contact:
Ayumi McDermott, Data Protection Officer
IStar Capital Ltd
Email: ayumim@istar.capital
Address:
Index Tower, 604, DIFC
Dubai, UAE
Contact us
For institutional and professional enquiries.