Privacy Policy

Privacy Statement

This document contains the Privacy Statement for Wahed Invest Ltd (“Wahed Invest”). Privacy Statement (data collection and storage) Wahed Invest understands that its use of your information requires your trust. Wahed Invest is committed to the highest standards of data privacy and will only use your information for clearly described purposes and in accordance with your data protection rights. This statement contains details of the data processing that will take place.

Data Controller and Data Processor

A Data Controller under GDPR is the entity that determines the purposes, conditions and means of the processing of personal data.

The Data Processor is the entity that processes data on behalf of the Data Controller.

Wahed Invest is the data controller for your personal information. All other Third Parties act as data processors in respect of your personal information held by Wahed Invest.

What we collect

In order to create an account with Wahed Invest we need to collect some personal information, as well as other information.

Information you give to us:

Why we need to collect this information

Wahed Invest are required under General Data Protection Regulation 2016/679 to explain the lawful basis of processing of your information.

We collect this information primarily to satisfy legal requirements and to enable us to provide the services required under your contract with us.

GDPR Article 6 (1) Lawfulness of processing requires:

Processing shall be lawful only if and to the extent that at least one of the following applies:

  1. the data subject has given consent to the processing of his or her personal data for one or more specific purposes;

  2. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

  3. processing is necessary for compliance with a legal obligation to which the controller is subject;

  4. processing is necessary in order to protect the vital interests of the data subject or of another natural person;

  5. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

  6. processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

The types of lawful basis we rely upon are:

Where explicit consent is required we will seek this from you, for example Marketing preferences and Pension. In order for Wahed Invest to provide you with a Personal Pension, we’re required to gather some health information, this is a special category under GDPR and therefore requires explicit consent.

However, in the vast majority of cases explicit consent is not required, and implicit consent is inferred to perform our responsibilities under the contract.

Where explicit consent is required and not provided it may result in non-benefit of service, or the inability to open an account with Wahed Invest.

What we do with the information we gather

We require this information to understand your needs and provide you with a better service, and in particular for the following reason

To whom is the data passed and how do we protect it along the way

Personal data is processed by Wahed Invest based in the UK. For the purposes of the contract we are required to share your information with third parties, the situations in which we share this information are detailed below.

If data is processed in countries outside the EU, Wahed Invest uses EU standard agreements, including suitable technical and organizational measures, to ensure that your personal data is processed in accordance with the European level of data privacy. If you want to access the actual protections for data transfer to other countries, please request a copy of this information by emailing

Your rights

Subject Access Requests

You’re entitled under the GDPR Article 15 ‘right of access’ to request the personal data that Wahed Invest holds on you. You can request a copy of this information by emailing

If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.

The Right to Erasure

You’re entitled under the GDPR Article 17 ‘right to erasure’ to request the deletion of personal data that Wahed Invest and our third parties hold on you. You can request this by emailing

Please note, this does not affect any information required to be stored under record retention laws, more information on our record retention policy is set out below.

How to change your privacy preferences

You can change your preferences, or withdraw your consent in relation to how Wahed Invest uses your personal information in one of the following ways:

Your exercise of these rights is subject to certain exemptions to safeguard the public interest e.g. the prevention or detection of crime (GDPR Article 6 (1) (e)).

If you are dissatisfied with our use of your information or our response to any exercise of these rights you have the right to complain to your data protection authority, this in the UK is the Information Commissioner's Office


We are committed to ensuring that your information is safe and secure. In order to prevent unauthorised access or disclosure, we utilise physical, electronic and managerial procedures to safeguard and secure the information we collect.

There is also a lot that you can do to help us keep your account safe. We recommend that you take the following actions:

If we contact you

When Wahed Invest contacts you we will never ask you to disclose your full security credentials. Be cautious about opening links contained in SMS messages or emails and beware of phishing scams. Phishing scams are attempts by scammers to trick you into giving out personal information such as your bank account numbers, passwords and credit card numbers.

If you think your security details have been compromised then contact us immediately to prevent unauthorised access to your account.