Privacy Policy

Marigold Capital Advisors

Last Updated: December 2025

1. Introduction

Marigold Capital Advisors ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website and interact with our services. We are regulated by the Dubai Financial Services Authority (DFSA) and comply with the DIFC Data Protection Law No. 5 of 2020, the General Data Protection Regulation (GDPR), and applicable financial services regulations.

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our website or services.

Last Updated: December 2025

2. Information We Collect

We collect personal data in a variety of ways to provide our investment advisory services and comply with regulatory obligations.

Personal Data You Provide:

  • Name, email address, phone number, and mailing address

  • Financial information (account numbers, investment preferences, net worth, income)

  • Employment and occupational information

  • Social Security Number or UAE Identity Number (when required for account opening or regulatory compliance)

  • Tax identification and residency information

  • Information provided through inquiry forms, account applications, and email communications

  • Audio and video recordings of communications (where legally permitted)

Personal Data Collected Automatically:

  • Browser type and operating system

  • Pages visited and time spent on our website

  • IP address and device identifiers

  • Cookies and similar tracking technologies

  • Geolocation data (based on browser settings)

  • Information about your interactions with our website

Personal Data from Third Parties:

  • Information from credit reference agencies and fraud prevention databases

  • Regulatory and sanctions screening data

  • Information from employers or other financial institutions (with your authorization)

3. Legal Basis for Processing (GDPR Compliance)

We process your personal data on the following lawful bases under the GDPR and DIFC Data Protection Law:

  • Consent: Where you have explicitly provided your consent for specific processing activities

  • Contractual Performance: To enter into and perform our investment advisory agreement with you

  • Legal Obligation: To comply with DFSA, UAE, EU, and other applicable financial regulations, anti-money laundering (AML), and counter-terrorism financing (CTF) requirements

  • Legitimate Interests: To protect our business, detect fraud, and maintain our regulatory compliance

  • Protection of Vital Interests: To protect your financial interests

4. How We Use Your Personal Data

We use the personal data we collect for the following purposes:

  • Providing investment advisory services and managing your accounts

  • Processing transactions and fulfilling your requests

  • Conducting Know Your Customer (KYC) and due diligence procedures

  • Complying with DFSA, SEC, FINRA, and other regulatory obligations

  • AML and CTF compliance and sanctions screening

  • Communicating with you about our services, updates, and account information

  • Improving and personalizing your experience on our website

  • Detecting, preventing, and investigating fraudulent transactions or illegal activity

  • Conducting market research and analytics

  • Marketing and promotional purposes (with your prior consent)

  • Maintaining accurate regulatory records and registers

5. Data Retention

We retain your personal data in accordance with our data retention policy, which takes into account:

  • DFSA and DIFC regulations requiring financial records to be maintained for specific periods

  • Applicable legal and regulatory requirements (typically 5-7 years for financial records)

  • Limitation periods for legal action

  • The purpose for which the data was collected

  • Business requirements and good practice

Where retention is no longer required, we will securely delete or anonymize your personal data.

6. Personal Data Sharing and Disclosure

Service Providers: We share personal data with carefully selected third-party service providers who assist us in operating our website and providing services, including custodians, administrators, technology providers, and auditors. All service providers are subject to contractual obligations to protect your data.

DFSA and Regulatory Authorities: We are required to disclose personal data to the DFSA, SEC, FINRA, and other financial regulators as required by law. The DFSA may share information with other regulatory bodies and law enforcement agencies as permitted under DIFC law.

Financial Crime Compliance: We may disclose your information to other financial institutions, law enforcement, and financial intelligence units for AML/CTF purposes and to prevent financial crime.

Legal Requirements: We may disclose your information when required by law, court order, law enforcement requests, or regulatory obligations.

International Transfers: Where we transfer personal data outside the DIFC/UAE to an adequate jurisdiction (such as within the EU under adequacy decisions), we implement appropriate safeguards including Standard Contractual Clauses (SCCs). For transfers to non-adequate jurisdictions, we ensure appropriate mechanisms are in place to protect your data.

Business Transfers: If we merge, consolidate, or sell assets, your personal data may be transferred as part of that transaction, subject to appropriate protections.

Your Consent: We may disclose information with your explicit permission for purposes you authorize.

We do not sell your personal data to third parties for marketing purposes.

7. Data Security and Protection

We implement appropriate administrative, technical, and physical safeguards designed to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Industry-standard encryption for data transmission and storage

  • Secure servers and firewalls

  • Restricted access protocols with role-based authorization

  • Regular security audits and assessments

  • Employee training and awareness programs

  • Incident response and data breach procedures

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Data Breach Notification: In the event of a confirmed data breach affecting your personal data, we will notify you and relevant authorities within 72 hours (or as otherwise required by applicable law) with details of the breach and mitigation measures.

8. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your experience, remember your preferences, and gather usage statistics. We use:

  • Essential Cookies: Required for website functionality

  • Analytics Cookies: To understand user behavior and improve our website

  • Marketing Cookies: To deliver targeted content (only with your consent)

You may manage or refuse cookies through your browser settings. However, disabling certain cookies may limit your ability to access certain features of our website. Under the GDPR and DIFC law, we obtain your prior consent before placing non-essential cookies on your device.

9. Your Privacy Rights

Under the GDPR and DIFC Data Protection Law, you have the following rights:

Right of Access: You may request access to the personal data we hold about you and receive a copy in a structured, commonly-used, machine-readable format.

Right to Rectification: You may request correction of inaccurate or incomplete personal data.

Right to Erasure ("Right to be Forgotten"): You may request deletion of your personal data, subject to legal and regulatory retention requirements.

Right to Restrict Processing: You may request that we limit how we process your personal data.

Right to Data Portability: You may request to receive your personal data in a portable format or have it transferred to another organization.

Right to Object: You may object to processing of your personal data for marketing or other purposes, except where necessary for regulatory compliance or contract performance.

Right to Withdraw Consent: Where processing relies on your consent, you may withdraw it at any time.

Right to Lodge a Complaint: You have the right to lodge a complaint with the DIFC Data Protection Commissioner or relevant supervisory authority if you believe we have violated your rights.

How to Exercise Your Rights: To exercise any of these rights, please contact us using the details provided in Section 12. We will respond to your request within 30 days (extendable to 90 days for complex requests).

10. Data Protection Responsibilities

We take data protection seriously and all queries, requests, and concerns regarding your personal data are handled by our compliance team. You may contact us directly with any questions or requests regarding your personal data using the contact information provided in Section 12.

11. Children's Privacy

Our website and services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected information from a child, we will take steps to delete such information promptly.

12. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal data.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or DFSA/GDPR guidance. We will notify you of material changes by posting the updated policy on our website and updating the "Last Updated" date. Where required by law, we will obtain your consent for material changes. Your continued use of our website and services following the posting of revisions constitutes your acceptance of those changes.

14. Contact Information

If you have questions about this Privacy Policy, our privacy practices, or your personal data, please contact us:

Marigold Capital Advisors

Address: 212, Park Towers DIFC Dubai, UAE

Email: info@marigoldcapitaladvisors.com

For DFSA-Related Privacy Matters: Please contact the DIFC Data Protection Commissioner: Email: commissioner@dp.difc.ae Website: www.difc.ae

For GDPR-Related Privacy Matters: If you are an EU/EEA resident, you may contact your national data protection authority or supervisory authority.

15. Additional Regulatory Information

DFSA Regulation: Marigold Capital Advisors is regulated by the Dubai Financial Services Authority under the DIFC regulatory framework. We comply with the DIFC Data Protection Law No. 5 of 2020, DIFC Data Protection Regulations, and DFSA guidelines. Our regulatory status and any authorizations can be verified through the DFSA register.

GDPR Compliance: Where we process personal data of EU/EEA residents, we comply with the General Data Protection Regulation (EU) 2016/679 and maintain appropriate mechanisms for lawful data processing and transfer, including Standard Contractual Clauses.

AML/CTF Compliance: As a DFSA-regulated financial services firm, we comply with anti-money laundering and counter-terrorism financing regulations. This may require us to disclose your personal data to relevant authorities and financial intelligence units.

Privacy by Design: We implement privacy protection by design and by default in all our processing activities and systems.

Important Disclaimer: This privacy policy is provided for informational purposes. Given the complexity of financial services regulation across multiple jurisdictions, we recommend this policy be reviewed by legal counsel to ensure full compliance with all applicable DFSA, GDPR, UAE, and other local regulations. This policy should be read in conjunction with our Terms of Service and any other applicable agreements.

For the DIFC Data Protection Commissioner, visit: www.difc.ae