This document contains the Privacy Statement for Wahed Invest Ltd (“Wahed Invest”). This Privacy Statement relates to data collection and storage of non-public information which Wahed Invest may acquire from you. Wahed Invest understands that its use of your information requires your trust. Wahed Invest is committed to the highest standards of data privacy and will only use your information for clearly described purposes and in accordance with your data protection rights.
Data Controller and Data Processor
A Data Controller under the General Data Protection Regulation (GDPR) (EU) 2016/679 is the entity that determines the purposes, conditions and means of the processing of personal data.
The Data Processor is the entity that processes data on behalf of the Data Controller.
Wahed Invest is the Data Controller for your personal information. All other third parties act as Data Processors in respect of your personal information held by Wahed Invest.
What we collect
In order to create an account with Wahed Invest we need to collect some personal information, as well as other general, non-personal information.
Information you give to us:
- Name and address
- Date of birth, nationality and national identifier number
- Payment information
- Bank account & debit card information
- Risk questionnaire answers
- Investment experience and sources of wealth
- Health status and related responses
Why we need to collect this information
Wahed Invest is required under GDPR to explain the lawful basis for how it processes our information.
We collect this information primarily to satisfy legal requirements and to enable us to provide the services offered under your contract with us.
GDPR Article 6 (1) Lawfulness of processing requires that:
Processing shall be lawful only if and to the extent that at least one of the following applies:
- The data subject has given consent to the processing of his or her personal data for one or more specific purposes;
- Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- Processing is necessary for compliance with a legal obligation to which the controller is subject;
- Processing is necessary in order to protect the vital interests of the data subject or of another natural person;
- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
The types of lawful basis we rely upon are:
- Legal obligation, for example verifying your identity as required by law or complying with regulatory obligations, such as MiFID II.
- Contractual and legitimate business interests, for example your email address and telephone number to contact you.
- Consent, for example implicit consent would be the collection of your payment information for an optional service and explicit consent given to us for marketing or health information (special category data).
- Vital interest, for example if the account holder passes away, and we are required to contact the next of kin.
Where explicit consent is required we will seek this from you, for example it would be required for Marketing preferences and for pension investments. In order for Wahed Invest to provide you with a Personal Pension investment, we are required to gather some health information. Health related information is a special category under GDPR and therefore requires explicit consent before collection.
However, in the majority of cases explicit consent is not required, and your implicit consent is inferred in order to perform our responsibilities under the contract.
Where explicit consent is required and not provided, Wahed Invest may not be able to deliver the specific service to you or open an account for you.
What we do with the information we gather
We require this information to understand your needs and provide you with better service and in particular for the following reasons:
- Performance of the contract
- Verify your identity
- To ensure the product and service is suitable
- Internal record keeping and record retention for legal requirements
- We may use the information to improve our products and services, by internal analysis of company data.
- We will only use your information for the purpose it was collected.
- Where explicit consent is given we will also use this information for marketing purposes
- Correspondence regarding your account via email, telephone
- Notify you of any changes to our service
- Tracking of your activity on our website
To whom is the data passed and how do we protect it along the way
Personal data is processed by Wahed Invest based in the United Kingdom. For the purposes of the contract we may be required to share your information with third parties. The situations in which we share this information are detailed below:
- Regulatory bodies or the police to comply with our legal obligations.
- Fraud prevention agencies, and other organisations in order to detect and prevent financial and other crime.
- Data, service and software providers to help improve and maintain our website.
- Suppliers where necessary for the performance of the contract, including subcontractors.
If data is processed in countries outside the EU, Wahed Invest uses EU standard agreements, including suitable technical and organizational measures, to ensure that your personal data is processed in accordance with EU level of data privacy. If you want to access the actual protections for data transfer to other countries, please request a copy of this information by emailing email@example.com
Subject Access Requests
You are entitled under the GDPR Article 15 (‘right of access’) to request the personal data that Wahed Invest holds on you. You can request a copy of this information by emailing firstname.lastname@example.org
If you believe that any information we are holding on you is incorrect or incomplete, please email us as soon as possible, at the above email address. We will promptly correct any information found to be incorrect.
The Right to Erasure
You’re entitled under the GDPR Article 17(‘right to erasure’)to request the deletion of personal data that Wahed Invest and our third parties hold on you. You can request this by emailing email@example.com
Please note, this does not affect any information required to be stored under record retention laws. More information on our record retention policy is set out below.
How to change your privacy preferences
You can change your preferences, or withdraw your consent in relation to how Wahed Invest uses your personal information in one of the following ways:
- By sending an email to firstname.lastname@example.org
- Or by writing to us at: Wahed Invest Ltd 133 Whitechapel High Street, London E1 7QA. Under certain conditions you have the right to require us to:
- Provide you with further detail on the use we make of your information
- Provide you with a copy of your information
- Update any inaccuracies in the information we hold about you
- Delete any information about you that we no longer have a lawful ground to use
- Remove you from any direct marketing lists when you object or withdraw your consent
- Provide you with your personal information in a usable electronic format and transmit it to a third party (right to data portability)
- Restrict our use of your personal information
- Cease carrying out certain processing activities based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights.
Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g., the prevention or detection of crime).
If you are dissatisfied with our use of your information or our response to any exercise of these rights you have the right to complain to your data protection authority, this in the UK is the Information Commissioner's Office https://ico.org.uk
We are committed to ensuring that your information is safe and secure. In order to prevent unauthorised access or disclosure, we utilise physical, electronic and managerial procedures to safeguard and secure the information we collect.
There are also steps that you can do to help us keep your account safe. We recommend that you take the following actions:
- Do not disclose your login and password details with anyone and don't store them on your device(s). If you feel someone may know your login details or if you lose your device then contact us immediately to prevent unauthorised access to your account.
- Access your account using the best security offered by your browser to maintain the security of your account, this for example would be incognito for Google Chrome and Private browser for Safari.
- If possible, keep your device’s operating system updated with the latest security patches and upgrades. Older software may have security vulnerabilities that could expose you to additional risks. You may also want to consider using a reputable brand of anti-virus software.
If we contact you
When Wahed Invest contacts you we will never ask you to disclose your full security credentials. Be cautious about opening links contained in SMS messages or emails and beware of phishing scams. Phishing scams are attempts by scammers to trick you into giving out personal information such as your bank account numbers, passwords and credit card numbers.
If you think your security details have been compromised then contact us immediately to prevent unauthorised access to your account.