Privacy Policy
Privacy Statement
This document contains the Privacy Statement for Wahed Invest Ltd (“Wahed Invest”). Privacy Statement (data collection and storage) Wahed Invest understands that its use of your information requires your trust. Wahed Invest is committed to the highest standards of data privacy and will only use your information for clearly described purposes and in accordance with your data protection rights. This statement contains details of the data processing that will take place.
Data Controller and Data Processor
A Data Controller under GDPR is the entity that determines the purposes, conditions and means of the processing of personal data.
The Data Processor is the entity that processes data on behalf of the Data Controller.
Wahed Invest is the data controller for your personal information. All other Third Parties act as data processors in respect of your personal information held by Wahed Invest.
What we collect
In order to create an account with Wahed Invest we need to collect some personal information, as well as other information.
Information you give to us:
-
Name and address
-
Date of birth, nationality and national identifier
-
Payment information
-
Bank account information & debit card
-
Risk questionnaire answers
-
Investment experience and sources of wealth
-
Gender
-
Health questions
Why we need to collect this information
Wahed Invest are required under General Data Protection Regulation 2016/679 to explain the lawful basis of processing of your information.
We collect this information primarily to satisfy legal requirements and to enable us to provide the services required under your contract with us.
GDPR Article 6 (1) Lawfulness of processing requires:
Processing shall be lawful only if and to the extent that at least one of the following applies:
-
the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
-
processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
-
processing is necessary for compliance with a legal obligation to which the controller is subject;
-
processing is necessary in order to protect the vital interests of the data subject or of another natural person;
-
processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
-
processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
The types of lawful basis we rely upon are:
-
Legal, for example verifying your identity or complying with regulatory obligations, such as MiFID II.
-
Contract and legitimate interest, for example your email address and telephone number to contact you.
-
Consent, for example implicit consent would be the collection of your payment information for an optional service and explicit consent is for marketing or health information (special category data).
-
Vital interest, for example if the account holder passes away, we’re required to liaise and allow access to the next of kin.
Where explicit consent is required we will seek this from you, for example Marketing preferences and Pension. In order for Wahed Invest to provide you with a Personal Pension, we’re required to gather some health information, this is a special category under GDPR and therefore requires explicit consent.
However, in the vast majority of cases explicit consent is not required, and implicit consent is inferred to perform our responsibilities under the contract.
Where explicit consent is required and not provided it may result in non-benefit of service, or the inability to open an account with Wahed Invest.
What we do with the information we gather
We require this information to understand your needs and provide you with a better service, and in particular for the following reason
-
Performance of the contract
-
Verify your identity
-
To ensure the product and service is suitable
-
Internal record keeping and record retention for legal requirements
-
We may use the information to improve our products and services, by internal analysis of company data.
-
We will only use your information for the purpose it was collected.
-
Where explicit consent is given we will also use this information for marketing purposes
-
Correspondence regarding your account via email, telephone
-
Notify you of any changes to our service
-
Tracking of your activity on our website
To whom is the data passed and how do we protect it along the way
Personal data is processed by Wahed Invest based in the UK. For the purposes of the contract we are required to share your information with third parties, the situations in which we share this information are detailed below.
-
Regulatory bodies or the police to comply with our legal obligations.
-
Fraud prevention agencies, and other organisations in order to detect and prevent financial and other crime.
-
Data, service and software providers to help improve and maintain our website
-
Suppliers where necessary for the performance of the contract, including sub-contractors.
If data is processed in countries outside the EU, Wahed Invest uses EU standard agreements, including suitable technical and organizational measures, to ensure that your personal data is processed in accordance with the European level of data privacy. If you want to access the actual protections for data transfer to other countries, please request a copy of this information by emailing [email protected]
Your rights
Subject Access Requests
You’re entitled under the GDPR Article 15 ‘right of access’ to request the personal data that Wahed Invest holds on you. You can request a copy of this information by emailing [email protected]
If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.
The Right to Erasure
You’re entitled under the GDPR Article 17 ‘right to erasure’ to request the deletion of personal data that Wahed Invest and our third parties hold on you. You can request this by emailing [email protected]
Please note, this does not affect any information required to be stored under record retention laws, more information on our record retention policy is set out below.
How to change your privacy preferences
You can change your preferences, or withdraw your consent in relation to how Wahed Invest uses your personal information in one of the following ways:
-
You are also able to request information about your data stored at Wahed Invest as well as request the correction, deletion or restriction of your personal data for analytics and/or marketing use.
-
By sending an email to [email protected]
-
Or by writing to us at: Wahed Invest Ltd 50 Liverpool Street, London EC2M 7PY.
-
Provide you with further detail on the use we make of your information
-
Provide you with a copy of your information
-
Update any inaccuracies in the information we hold about you
-
Delete any information about you that we no longer have a lawful ground to use
-
Remove you from any direct marketing lists when you object or withdraw your consent
-
Provide you with your personal information in a usable electronic format and transmit it to a third party (right to data portability)
-
Restrict our use of your personal information
-
Cease carrying out certain processing activities based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights.
Under certain conditions you have the right to require us to:
Your exercise of these rights is subject to certain exemptions to safeguard the public interest e.g. the prevention or detection of crime (GDPR Article 6 (1) (e)).
If you are dissatisfied with our use of your information or our response to any exercise of these rights you have the right to complain to your data protection authority, this in the UK is the Information Commissioner's Office https://ico.org.uk
Security
We are committed to ensuring that your information is safe and secure. In order to prevent unauthorised access or disclosure, we utilise physical, electronic and managerial procedures to safeguard and secure the information we collect.
There is also a lot that you can do to help us keep your account safe. We recommend that you take the following actions:
-
Do not disclose your login and password details with anyone and don't store them on your device(s). If you feel someone may know your login details or if you lose your device then contact us immediately to prevent unauthorised access to your account.
-
Access your account using the best security offered by your browser to maintain the security of your account, this for example would be incognito for Google Chrome and Private browser for Safari.
-
If possible, keep your device’s operating system updated with the latest security patches and upgrades. Older software may have security vulnerabilities that could expose you to additional risks. You may also want to consider using a reputable brand of anti-virus software.
If we contact you
When Wahed Invest contacts you we will never ask you to disclose your full security credentials. Be cautious about opening links contained in SMS messages or emails and beware of phishing scams. Phishing scams are attempts by scammers to trick you into giving out personal information such as your bank account numbers, passwords and credit card numbers.
If you think your security details have been compromised then contact us immediately to prevent unauthorised access to your account.