Privacy Policy

Privacy Statement

This document contains the Privacy Statement for Wahed Invest Ltd (“Wahed Invest”). This Privacy Statement relates to data collection and storage of non-public information which Wahed Invest may acquire from you. Wahed Invest understands that its use of your information requires your trust. Wahed Invest is committed to the highest standards of data privacy and will only use your information for clearly described purposes and in accordance with your data protection rights.

Data Controller and Data Processor

A Data Controller under the General Data Protection Regulation (GDPR) (EU) 2016/679 is the entity that determines the purposes, conditions and means of the processing of personal data.

The Data Processor is the entity that processes data on behalf of the Data Controller.

Wahed Invest is the Data Controller for your personal information. All other third parties act as Data Processors in respect of your personal information held by Wahed Invest.

What we collect

In order to create an account with Wahed Invest we need to collect some personal information, as well as other general, non-personal information.

Information you give to us:

Why we need to collect this information

Wahed Invest is required under GDPR to explain the lawful basis for how it processes our information.

We collect this information primarily to satisfy legal requirements and to enable us to provide the services offered under your contract with us.

GDPR Article 6 (1) Lawfulness of processing requires that:

Processing shall be lawful only if and to the extent that at least one of the following applies:

  1. The data subject has given consent to the processing of his or her personal data for one or more specific purposes;
  2. Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  3. Processing is necessary for compliance with a legal obligation to which the controller is subject;
  4. Processing is necessary in order to protect the vital interests of the data subject or of another natural person;
  5. Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  6. Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

The types of lawful basis we rely upon are:

Where explicit consent is required we will seek this from you, for example it would be required for Marketing preferences and for pension investments. In order for Wahed Invest to provide you with a Personal Pension investment, we are required to gather some health information. Health related information is a special category under GDPR and therefore requires explicit consent before collection.

However, in the majority of cases explicit consent is not required, and your implicit consent is inferred in order to perform our responsibilities under the contract.

Where explicit consent is required and not provided, Wahed Invest may not be able to deliver the specific service to you or open an account for you.

What we do with the information we gather

We require this information to understand your needs and provide you with better service and in particular for the following reasons:

To whom is the data passed and how do we protect it along the way

Personal data is processed by Wahed Invest based in the United Kingdom. For the purposes of the contract we may be required to share your information with third parties. The situations in which we share this information are detailed below:

If data is processed in countries outside the EU, Wahed Invest uses EU standard agreements, including suitable technical and organizational measures, to ensure that your personal data is processed in accordance with EU level of data privacy. If you want to access the actual protections for data transfer to other countries, please request a copy of this information by emailing dataprotection@wahedinvest.com

Your rights

Subject Access Requests

You are entitled under the GDPR Article 15 (‘right of access’) to request the personal data that Wahed Invest holds on you. You can request a copy of this information by emailing dataprotection@wahedinvest.com

If you believe that any information we are holding on you is incorrect or incomplete, please email us as soon as possible, at the above email address. We will promptly correct any information found to be incorrect.

The Right to Erasure

You’re entitled under the GDPR Article 17(‘right to erasure’)to request the deletion of personal data that Wahed Invest and our third parties hold on you. You can request this by emailing dataprotection@wahedinvest.com

Please note, this does not affect any information required to be stored under record retention laws. More information on our record retention policy is set out below.

How to change your privacy preferences

You can change your preferences, or withdraw your consent in relation to how Wahed Invest uses your personal information in one of the following ways:

Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g., the prevention or detection of crime).

If you are dissatisfied with our use of your information or our response to any exercise of these rights you have the right to complain to your data protection authority, this in the UK is the Information Commissioner's Office https://ico.org.uk

Security

We are committed to ensuring that your information is safe and secure. In order to prevent unauthorised access or disclosure, we utilise physical, electronic and managerial procedures to safeguard and secure the information we collect.

There are also steps that you can do to help us keep your account safe. We recommend that you take the following actions:

If we contact you

When Wahed Invest contacts you we will never ask you to disclose your full security credentials. Be cautious about opening links contained in SMS messages or emails and beware of phishing scams. Phishing scams are attempts by scammers to trick you into giving out personal information such as your bank account numbers, passwords and credit card numbers.

If you think your security details have been compromised then contact us immediately to prevent unauthorised access to your account.