This Privacy Notice explains how Aument Capital Limited (ADGM) (“Aument”, “we”, “us”, “our”) and its affiliate Aument Capital Singapore Pte. Ltd. (“Aument Singapore”) collect, use, disclose and safeguard personal data in connection with our websites (including aument.capital), our marketing activity, and our professional services for clients and prospective clients. Our primary data protection regime is the Abu Dhabi Global Market Data Protection Regulations 2021 and associated guidance. Where your circumstances bring other regimes into scope, we also comply with the EU GDPR, the UK GDPR and UK Data Protection Act 2018, and Singapore’s Personal Data Protection Act 2012; where Aument Singapore carries out regulated activities, we observe relevant MAS notices and guidelines to the extent applicable.
We act as a controller when we determine why and how personal data are processed. Aument Capital Limited, registered at [ADGM registered office address], is the primary controller for the Services. Aument Capital Singapore Pte. Ltd., registered at [Singapore address], may act as an independent controller or, for certain joint activities, a joint controller with Aument under an intra-group allocation of responsibilities that includes the handling of individual rights requests. You may contact our Data Protection Officer at dpo@aument.capital or by post to the DPO at our ADGM address. If you wish to raise concerns with a supervisory authority, you may contact the ADGM Office of Data Protection at odp@adgm.com; if you are in the EU or UK you may also contact your local authority (including the UK Information Commissioner’s Office via ico.org.uk); if you are in Singapore you may contact the Personal Data Protection Commission via pdpc.gov.sg.
Personal data we process
The information we process depends on how you interact with us. In most cases it will include identification and contact details such as name, title, nationality, date of birth, government-issued identifiers and contact information; onboarding and compliance information required for KYC/AML purposes such as beneficial ownership, source of wealth and funds, sanctions and PEP screening results and copies of verification documents; engagement information such as mandate details, corporate affiliations, instructions, meeting notes and correspondence; limited financial and billing details and, for wealth management clients, high-level portfolio and reporting data necessary to provide our services; technical and usage data from our websites and communications, including IP addresses, device and browser characteristics, time zone, referral paths, pages viewed and cookie or pixel identifiers; marketing preferences and event information such as subscriptions and RSVPs; and recruitment information if you apply to work with us. We do not seek to collect special category data; where such data appear incidentally (for example on identity documents) or are strictly necessary for compliance, we process them only on a lawful basis and with appropriate safeguards. We obtain data directly from you; from your authorised advisers; from public sources such as company registers; from banks, custodians and other counterparties engaged in your transactions; and from analytics and screening tools used to operate and secure our website and services.
Why and how we use your data
We use personal data to deliver, administer and improve the Services; to set up and manage mandates, coordinate with counterparties, provide reporting and respond to your requests; to satisfy legal and regulatory requirements for client onboarding, KYC/AML, sanctions and PEP screening, conflict checks, record-keeping and audit; to communicate in the ordinary course of our relationship, including sending service notices and reporting packs; to conduct marketing where permitted, including invitations, insights and product or service updates tailored to what we reasonably believe is relevant to you; to operate and secure our websites and measure engagement; and to manage risk and resolve disputes, assert or defend legal claims and respond to regulators and courts. Our lawful bases under ADGM DPR, GDPR and UK GDPR include the performance of a contract or steps taken at your request; our legitimate interests in providing and improving professional services, operating a secure website, managing our client relationships and defending legal rights while balancing those interests against your rights and expectations; compliance with legal obligations, particularly in relation to financial crime prevention and regulatory record-keeping; and your consent where required, which you may withdraw at any time without affecting prior processing. Under Singapore’s PDPA, we rely on consent or deemed consent where appropriate, and on applicable exceptions for legal and business purposes.
Cookies and analytics
Our website uses cookies and similar technologies to provide core functionality, improve performance, personalise content where appropriate and support security. Where local law requires consent for non-essential cookies, a banner enables you to accept or manage categories; you can also adjust your browser settings. Details of the specific cookies we use and the choices available to you are set out in our Cookie Policy, which forms part of this Notice.
Sharing and disclosure
We disclose personal data only as necessary and subject to confidentiality and suitable safeguards. In the ordinary course this includes disclosure within our group to Aument Capital Singapore Pte. Ltd. for client servicing, compliance functions, reporting and centralised operations; to service providers who act on our instructions, including IT hosting, cloud and SaaS platforms, CRM and marketing tools, analytics, KYC/AML screening, e-signature providers, document management and other professional support; to professional advisers and transaction counterparties such as banks, custodians, brokers, fund administrators, auditors, law firms and corporate service providers when required to deliver your mandate; to regulators, competent authorities and courts where disclosure is required by law or is necessary to establish, exercise or defend legal claims; and to acquirers or counterparties in connection with a corporate transaction subject to confidentiality. We do not sell personal data.
International transfers
Because we operate across borders, personal data may be transferred between the UAE (ADGM), Singapore, the EU/EEA, the United Kingdom and other jurisdictions in which we or our service providers operate. We implement transfer mechanisms appropriate to the source jurisdiction. For transfers from ADGM we use the mechanisms provided by the ADGM DPR, including adequacy findings and appropriate safeguards. For transfers from the EU/EEA we use the EU Standard Contractual Clauses (2021/914) with supplementary measures where needed. For transfers from the UK we use the UK International Data Transfer Addendum or the UK Extension to the EU SCCs. For transfers from Singapore we comply with the PDPA’s Transfer Limitation Obligation and ensure a comparable standard of protection, typically through contractual commitments supported by technical and organisational measures. We assess third-country legal environments and apply data minimisation, access controls and encryption as appropriate.
Retention
We keep personal data only for as long as necessary to achieve the purposes described here, taking into account legal and regulatory retention periods applicable to our sector, limitation periods for claims and our operational needs. When data are no longer required, they are deleted or irreversibly anonymised in a secure manner. Records created to satisfy AML and regulatory obligations are generally retained for a period that reflects applicable rules and guidance; marketing information is retained until you unsubscribe and for a short suppression period thereafter; website analytics are retained in accordance with our Cookie Policy and tool configurations.
Security
We protect personal data using appropriate technical and organisational measures designed to prevent unauthorised or unlawful processing and accidental loss, destruction or damage. These measures include layered network and endpoint security, encryption in transit and at rest where appropriate, access governance and multi-factor authentication, segregation of environments, staff training, vendor risk management, incident response procedures and periodic testing. If a personal data breach occurs and it is likely to present a risk to individuals, we will assess and, where required, notify the competent authority and affected individuals in accordance with ADGM DPR, GDPR/UK GDPR and PDPA requirements.
Your rights
Your rights depend on the law that applies to you but typically include the ability to request access to your personal data, to correct inaccuracies, to request deletion where the legal criteria are met, to restrict certain processing, to object to processing based on our legitimate interests including direct marketing, to receive a machine-readable copy of data you have provided and to transmit it to another controller where technically feasible, and to withdraw consent where processing relies on consent. You may exercise these rights by contacting privacy@aument.capital or your relationship manager. We may ask for information to verify your identity and will respond within the time limits set by applicable law. You also have the right to complain to a supervisory authority; contact details are provided above.
Marketing and profiling
We may contact you with Aument updates, insights and invitations that are relevant to your role and interests. You can opt out at any time using the unsubscribe link or by contacting us. We do not engage in automated decision-making that produces legal or similarly significant effects without human involvement. Where we use limited profiling to tailor content—for example, segmenting by sector or geography—we do so in a manner that respects your preferences and you may object at any time.
Children
Our Services are not directed to children and we do not knowingly collect personal data from anyone under the age of 18. If you believe that a child has provided data to us, please contact us so that we can delete it.
Third-party links
Our websites may contain links to third-party sites or services. Those sites are governed by their own privacy notices and we are not responsible for their practices.
Changes to this Notice
We may update this Privacy Notice to reflect changes in law, technology or our practices. The effective date above indicates the latest revision. Where changes are significant we will provide additional notice on our website or directly where appropriate.
Jurisdiction-specific information
In ADGM, we process personal data in accordance with the Data Protection Regulations 2021 and relevant guidance and maintain records of processing, conduct data protection impact assessments for high-risk activities, and ensure controller–processor contracts and vendor due diligence are in place. In the European Union and EEA, where GDPR applies, we act as a controller; if we are not established in the EU but monitor behaviour or offer services to individuals in the EU, we will appoint an EU representative and make contact details available on our website. In the United Kingdom, where UK GDPR and the Data Protection Act 2018 apply, we act as a controller and, if required, will appoint a UK representative and publish the relevant contact details. In Singapore, Aument Singapore processes personal data in line with the PDPA and its core obligations, including consent, purpose limitation, notification, accuracy, protection, retention, transfer limitation and openness; where Aument Singapore undertakes regulated activities, we also observe relevant MAS notices and guidelines and any applicable confidentiality or banking secrecy requirements. If you interact with us from the United States, state privacy laws such as the California Consumer Privacy Act may grant additional rights; where those laws apply to our processing we will honour verifiable consumer requests consistent with their provisions. We do not sell or share personal information as those terms are defined under the CPRA.
Contact
Questions about this Notice, or requests to exercise your rights, should be sent to dpo@aument-capital.com or addressed to the Data Protection Officer at Aument Capital Limited. We will respond promptly and in accordance with the laws that apply to your circumstances.
.svg){kind=icon}
