Privacy Policy
Privacy Policy
Sandrock Capital Ltd. – ADGM
1. Introduction
Sandrock Capital Ltd. (“Sandrock”, “we”, “our”, “us”) is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and safeguard information in compliance with the Abu Dhabi Global Market (ADGM) Data Protection Regulations 2021.
By engaging with us or using our website, you consent to the processing of your personal data in accordance with this Policy and applicable ADGM laws.
2. Personal Data We Collect
We may collect and process the following categories of personal data:
Identification Data: name, nationality, date of birth, Emirates ID/passport details.
Contact Data: address, telephone number, email address.
Financial Data: bank details, investment history, source of wealth/funds, transactions.
Professional Data: occupation, employment details, qualifications (for KYC/AML).
Regulatory Data: information required for anti-money laundering, counter-terrorism financing, and sanctions compliance.
Technical Data: IP addresses, cookies, browser and device information if you use our website.
3. How We Use Your Data
Your personal data is used only for legitimate business and regulatory purposes, including:
Client onboarding, due diligence, and KYC/AML verification.
Delivering fund management and related services.
Meeting obligations under FSRA and ADGM regulatory requirements.
Conducting risk management, fraud prevention, and compliance reporting.
Communicating with clients and managing relationships.
Sending marketing communications (only with your explicit consent).
4. Legal Basis for Processing
We rely on the following lawful bases for processing:
Contractual necessity – managing client accounts and providing services.
Legal obligations – fulfilling FSRA/ADGM regulatory requirements.
Legitimate interests – ensuring security, improving operations, managing risks.
Consent – for optional uses such as newsletters or event invitations.
5. Sharing of Personal Data
We may share personal data with:
Regulators and authorities: including ADGM FSRA and UAE regulators.
Professional advisors: such as auditors, compliance consultants, and legal counsel.
Custodians, brokers, and service providers: who assist in delivering our services.
Technology providers: secure IT and cloud hosting solutions.
All third parties are contractually bound to confidentiality and data protection obligations.
6. International Transfers
Where data is transferred outside ADGM, we ensure adequate safeguards are in place, including:
Transfers to jurisdictions with recognised adequate protection, or
Standard contractual clauses or equivalent safeguards.
7. Data Retention
We retain data only for as long as necessary to:
Fulfil our contractual obligations.
Meet FSRA regulatory requirements (typically six years after the client relationship ends).
Address disputes and enforce agreements.
8. Data Security
We implement strong measures to protect data, including:
Encryption in transit and at rest.
Secure servers and restricted access controls.
Regular monitoring and independent audits.
Staff training on confidentiality and data protection.
9. Your Rights
Under ADGM Data Protection Regulations 2021, you have the right to:
Access your personal data.
Request corrections to inaccurate or incomplete data.
Request erasure of personal data (subject to regulatory retention obligations).
Restrict or object to processing in certain circumstances.
Request data portability.
Withdraw consent where processing is based on consent.
To exercise these rights, please contact us (see Section 12).
10. Cookies and Website Usage
Our website may use cookies and analytics tools to improve user experience. You may adjust your browser settings to refuse cookies, but some functionality may be affected.
11. Changes to this Policy
We may update this Privacy Policy from time to time. Changes will be posted on our website with a revised Effective Date.