Fulcrum Corporate Services DIFC Limited (“Fulcrum”, "we", "us", "our") is committed to protecting the Personal Data of our clients and users of our services (“you”, “your”). This Data Privacy Notice outlines how we collect, process, store, and protect your personal data in accordance with DIFC Data Protection Law No. 5 of 2020, as amended. 

​

1. Definitions 
For the purposes of this policy: 

• ­'Personal Data' means any information relating to an identified or identifiable natural person. 

• 'Processing' means any operation performed on personal data, whether or not by automated means.

• 'Data Subject' refers to an individual whose personal data is processed.

• 'Controller' is the entity that determines the purposes and means of processing personal data.

• 'Processor' is the entity that processes personal data on behalf of the controller.

 

2. Scope

This policy applies to all Personal Data processed by Fulcrum during its business operations, whether the data is held digitally or physically. Fulcrum will only collect Personal Data where it is necessary:

• For the Firm to provide a service to you

• For the company that you represent to provide a service

• For the Firm to keep you informed of its products and services

• For the Firm to comply with its legal and regulatory obligations

​

The personal data collected by the Firm will be adequate, relevant and limited to what is necessary in relation to the specific purpose for which your data will be processed.

 

3. What Personal Data We Collect?

We may collect and process the following categories of personal data:

• Identity data: name, date of birth, passport or ID numbers

• Contact data: email address, phone number, mailing address

• Employment and business information

• Financial and transactional data

• Due diligence/KYC documentation

• IP addresses and device/browser data (via our website)

• Any other information necessary for regulatory, contractual or service provision purposes

 

4. How We Use Your Data?

We process personal data only when legally permitted. The main lawful bases under the DIFC DP Law include:

• Consent. Where you have given your clear permission

• Contractual necessity. To perform our services or prior to entering into a contract

• Legal obligations. Compliance with regulatory and anti-money laundering requirements

• Legitimate interests. Where processing is necessary for our business purposes, unless overridden by your rights.

We use your data for:

• Providing corporate, fiduciary, and administrative services

• Verifying identity and conducting due diligence

• Communicating with you about services or updates

• Complying with DIFC and international regulations

• Website analytics and service improvement

• Monitoring and ensuring information security

​

Data Sharing and Transfers

We may share personal data with:

• Regulators, auditors, or competent authorities

• Affiliated companies or service providers (e.g., IT or compliance tools)

• Third-party agents, legal counsel, or financial institutions

We ensure that any third-party data processors:

• Are engaged under written contracts.

• Provide sufficient guarantees for data security.

• Are restricted to acting on our documented instructions only.

Your Personal Data may in some cases be processed outside the DIFC. We will only transfer Personal Data outside DIFC, provided:

• The third countries which are considered by the DIFC Commissioner of Data Protection as a jurisdiction providing adequate level of Data Protection;

• In the absence such legislation that provides adequate protection, based on appropriate suitable safeguards (e.g., standard data protection contractual clauses and enforceable data subject rights or statutory exemption provided by local applicable law); or

• You have explicitly consented to the proposed transfer.

 

What Are Your Rights?

You have the following rights in relation to your Personal Data:

• Access your Personal Data

• Request correction or deletion

• Object or restrict processing

• Withdraw consent (where processing is based on consent)

• Request data portability

• ​

Your right to exercise these rights are not absolute. They will depend on a number of factors and in some instances, we will not be able to comply with your request as exemptions may be engaged. We will usually, in response to a request, ask you to verify your identity and/or provide information that helps us to understand your request better. If we do not comply with your request, we will explain why.

 

To exercise your rights, contact: compliance@fulcrum.ae. Alternatively, you may contact us on +9714 824 0996. We may request verification of your identity to process your request.

 

If you feel that we have not complied with applicable data protection and privacy rules, you may lodge a complaint with the DIFC Commissioner of Data Protection.

 

Data Security Measures and Data Breach Response

We implement appropriate technical and organizational measures to secure personal data from unauthorized access, loss, or misuse, including access controls, encryption and secure storage and regular system audits

​

Personal Data Breaches

If there is a Personal Data Breach that compromises a Data Subject's confidentiality, security or privacy, the Firm will, as soon as practicable in the circumstances, notify the Personal Data Breach to the DIFC Commissioner.

​

If a Personal Data breach poses a high risk to a data subject's security or rights, the Firm will inform the affected individual as soon as possible. If the risk is immediate, the controller must notify them promptly.

​

An internal incident response procedure will be activated to contain and mitigate the breach.

​

Data Retention

We retain personal data only for as long as necessary to fulfill the purpose for which it was collected to comply with legal, regulatory, or internal policy requirements. Secure deletion or anonymization is carried out once data is no longer required.

​

Use of Cookies and Website Data

Our website may use cookies or tracking technologies to improve user experience and collect usage analytics. You can manage your preferences via your browser settings.

​

Policy Review

Fulcrum may, from time to time, review and update this policy. The Company will maintain the latest version of this policy on its website, and where the changes are deemed material, it will make you aware of these.