Privacy Policy
Effective Date: 1 June 2024
Last Update: 23 July 2025
​
​1. Introduction
Three Pins Capital Limited ("we," "our," or "us") is a company incorporated in the Dubai International Financial Centre (DIFC) and regulated by the Dubai Financial Services Authority (DFSA) as a prudential Category 3C firm. We are licensed to carry on the following financial services activities only:
-
Managing a Collective Investment Fund
-
Advising on Financial Products
-
Arranging Deals in Investments
-
Arranging Credit and Advising on Credit
​
Our services are exclusively available to Professional Clients and Market Counterparties as defined under DFSA Rules. Our website and services are not directed toward or intended for Retail Clients, and we are not authorized to deal with Retail Clients.
​
We are committed to protecting the privacy and security of your personal information in accordance with the DIFC Data Protection Law No. 5 of 2020 and other applicable regulations.
​
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with us in connection with our licensed financial services activities.
​
2. Information We Collect
​Personal Information
We may collect the following types of personal information:
​
Client Onboarding & Account Information
-
Name, address, phone number, and email address
-
Date of birth and Social Security number
-
Employment information and income details
-
Investment experience and financial objectives
-
Risk tolerance and investment preferences
-
Bank account and financial institution information
​​
Website Usage Information
-
IP address and browser information
-
Pages visited and time spent on our website
-
Cookies and similar tracking technologies
-
Device information and operating system
​​
Professional Client and Market Counterparty Information
-
Corporate registration and organizational details
-
Authorized representative and signatory information
-
Financial statements and audited accounts
-
Investment committee and decision-maker details
-
Professional Client or Market Counterparty classification documentation
-
Regulatory and compliance status information
-
Credit assessment and due diligence information
-
Risk profile and risk management framework information
-
Treasury operations and liquidity management details
​​
3. How We Use Your Information
​We use your personal information for the following purposes:
​
Licensed Financial Services
-
Managing collective investment funds and fund administration
-
Providing advisory services on financial products and investment strategies
-
Risk management advisory to corporates, institutions and sovereigns
-
Arranging deals in investments and facilitating investment transactions
-
Arranging credit facilities and advising on credit-related matters
-
Fund structuring, development and management services
-
Distribution and marketing of select third-party funds and financial products
-
Treasury and risk management advisory services
Business Operations
-
Communicating with you about our services
-
Responding to inquiries and providing customer support
-
Sending account statements and regulatory notices
-
Conducting identity verification and fraud prevention
Legal and Regulatory Compliance
-
Fulfilling DFSA regulatory reporting requirements for Category 3C firms
-
Complying with DIFC laws and regulations
-
Conducting anti-money laundering (AML) and counter-terrorism financing (CTF) checks
-
Meeting Professional Client and Market Counterparty due diligence obligations
-
Verifying and maintaining client classification status under DFSA Rules
-
Maintaining records as required by DIFC and DFSA regulations for our licensed activities
-
Responding to regulatory inquiries and investigations
​
Marketing (with consent)
-
Sending newsletters and market updates
-
Providing information about new services
-
Inviting you to events and webinars
4. Information Sharing and Disclosure
We may share your personal information in the following circumstances:
Service Providers. With third-party vendors who assist us in providing our licensed financial services, including:
-
Fund administrators and institutional custodians
-
Prime brokers and investment platforms
-
Technology providers and data processors
-
Professional service providers (accountants, lawyers, auditors)
-
Compliance and regulatory reporting services
-
Credit assessment and due diligence service providers
-
Fund distribution and marketing partners
-
Risk management and treasury advisory specialists
Legal Requirements. When required by DIFC law, DFSA regulation, or legal process, including:
-
DFSA regulatory examinations and investigations
-
DIFC Court orders and legal proceedings
-
Anti-money laundering and suspicious transaction reporting
-
Counter-terrorism financing compliance obligations
​
Business Transfers. In connection with a merger, acquisition, or sale of our business assets
Consent: With your explicit consent for other purposes not covered by this policy
5. Data Security
We implement appropriate technical and organizational security measures to protect your personal information, including:
-
Encryption of sensitive data in transit and at rest
-
Multi-factor authentication for system access
-
Regular security assessments and updates
-
Employee training on data protection practices
-
Secure data centers and network infrastructure
6. Data Retention
We retain your personal information for as long as necessary to:
-
Provide our services to you
-
Comply with DFSA and DIFC legal and regulatory requirements
-
Resolve disputes and enforce our agreements
-
Meet our business and operational needs
Financial records are typically retained for at least six years after account closure, or as required by DFSA regulations and DIFC law.
7. Your Rights and Choices
Under the DIFC Data Protection Law, you have certain rights regarding your personal information:
Right of Access: Request access to your personal information and receive a copy of the data we hold about you
Right to Rectification: Request correction of inaccurate, incomplete, or out-of-date personal information
Right to Erasure: Request deletion of your personal information, subject to legal and regulatory retention requirements
Right to Restrict Processing: Request limitation of processing of your personal information in certain circumstances
Right to Data Portability: Request to receive your personal information in a structured, commonly used format
Right to Object: Object to certain types of processing, including direct marketing
Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time
Right to Lodge a Complaint: You may lodge a complaint with the DIFC Commissioner for Data Protection if you believe your data protection rights have been violated
​
To exercise these rights, please contact us using the information provided below. We may need to verify your identity before processing your request.
8. Cookies and Tracking Technologies
Our website uses cookies and similar technologies to:
-
Ensure proper website functionality
-
Remember your preferences and settings
-
Analyze website usage and improve user experience
-
Provide personalized content and advertising
You can manage your cookie preferences through your browser settings, though disabling certain cookies may affect website functionality.
9. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites and encourage you to review their privacy policies.
10. International Data Transfers
As a DIFC-incorporated entity, we may transfer your personal information outside the DIFC to other jurisdictions for legitimate business purposes, including to service providers and group companies. When we transfer personal information outside the DIFC, we ensure appropriate safeguards are in place to protect your information, including:
-
Adequacy decisions by the DIFC Commissioner for Data Protection
-
Standard contractual clauses approved by the DIFC Commissioner
-
Binding corporate rules
-
Other appropriate safeguards as required by the DIFC Data Protection Law
We may transfer data to jurisdictions including European Union, India, Mauritius, Switzerland, the United States and other countries where our service providers or custodians are located.
11. Licensed Activities Only
Important Notice: We are authorized by the DFSA to carry on only the following financial services activities:
-
Managing a Collective Investment Fund
-
Advising on Financial Products
-
Arranging Deals in Investments
-
Arranging Credit and Advising on Credit
We do not provide any financial services outside of these licensed activities. Our services are exclusively available to Professional Clients and Market Counterparties as defined under DFSA Rules. We are not authorized to deal with Retail Clients.
​
12. Professional Clients and Market Counterparties Only
This website and our communications are intended for Professional Clients and Market Counterparties only, and should not be accessed by, Retail Clients.
​
If you do not qualify as a Professional Client or Market Counterparty under DFSA Rules, you should not use this website or our services. We reserve the right to verify client classification status and may decline to provide services if you do not meet the required criteria.
​
13. Children's Privacy
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors without parental consent.
​
14. DIFC Data Protection Law Compliance
This Privacy Policy is designed to comply with the DIFC Data Protection Law No. 5 of 2020. Our processing of personal information is based on lawful grounds including:
-
Performance of our contract with you for investment services
-
Compliance with legal and regulatory obligations
-
Legitimate business interests
-
Your explicit consent where required
We implement appropriate technical and organizational measures to ensure data protection by design and by default, including data minimization, purpose limitation, and storage limitation principles.
15. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements under DIFC law. We will notify you of material changes by posting the updated policy on our website and updating the "Last Updated" date. Where required by the DIFC Data Protection Law, we will seek your consent for material changes that affect how we use your personal information.
​
16. Contact Information
If you have questions about this Privacy Policy, wish to exercise your privacy rights, or want to make a complaint, please contact us:
Three Pins Capital Limited
DIFC License No.: CL8262
Email: privacy@threepins.com
Phone: +971 4 549 9700
Address: Central Park Offices, Level 2, Unit OT 02-44, DIFC, PO Box 454201, Dubai, United Arab Emirates
​
DIFC Commissioner for Data Protection:
If you wish to lodge a complaint about our handling of your personal information, you may contact:
Email: dataprotection@difc.ae
Website: www.difc.ae
​
This Privacy Policy should be reviewed by qualified legal counsel familiar with DIFC Data Protection Law and DFSA regulations to ensure full compliance with applicable laws and regulations. As a DFSA-regulated entity, additional privacy and confidentiality obligations may apply under DFSA rules and DIFC laws.