Privacy Policy
Last updated: February 2026
SIDRA (DIFC, Dubai) is committed to protecting your personal information in accordance with the UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection (UAE PDPL) and, where applicable, the EU General Data Protection Regulation (GDPR).
Information We Collect
When you submit an enquiry through our contact form, we collect: your full name, company or organisation name, email address, WhatsApp phone number, service of interest, and capital range. We also collect your IP address for security and rate-limiting purposes.
How We Use Your Information
We use your information solely to respond to your enquiry, to conduct required KYC/AML screening as required under VARA regulations and UAE Federal Decree-Law No. 45 of 2021, and to maintain records of client communications as required by Dubai Financial Services Authority (DFSA) and VARA compliance obligations.
How Long We Keep Your Data
Enquiry and client communication data is retained for a minimum of 7 years in accordance with UAE Anti-Money Laundering regulations (UAE Federal Law No. 20 of 2018 and its amendments). Website interaction data (IP logs) is retained for no more than 12 months.
Cookies
SIDRA uses only essential session cookies required for the website to function. We do not use tracking cookies, advertising cookies, or third-party analytics at this time. You may disable cookies in your browser settings; this will not prevent you from using the site.
Third Parties
We do not sell, rent, or trade your personal information to any third party. We may be required to disclose your information to VARA, the DFSA, or UAE law enforcement authorities where legally required. Our hosting infrastructure uses industry-standard providers with data residency in the UAE or EU.
Your Rights
Under UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection and, where applicable, the EU General Data Protection Regulation (GDPR), you have the right to access, correct, or request deletion of your personal data. Please note that deletion requests may be refused where retention is required by applicable AML or financial regulation. To exercise your rights, contact privacy@sidra.ae.
Data Protection Contact
For all data protection enquiries, including access requests and deletion requests, contact us at privacy@sidra.ae. We will respond within 30 days.
Governing Law
This Privacy Policy is governed by the laws of the United Arab Emirates. Any disputes arising from this policy shall be subject to the exclusive jurisdiction of the courts of the Dubai International Financial Centre (DIFC).