Privacy Policy · IslaFi

01 · Introduction

Who we are and what this policy covers.

This Privacy Policy explains how IslaFi Technologies Ltd. ("IslaFi", "we", "us", or "our") collects, uses, and protects personal information when you visit islafi.com or submit an enquiry through the Network Enquiry form on this website.

IslaFi is a private company registered in the Dubai International Financial Centre (DIFC), United Arab Emirates. We operate as the data controller for personal data collected through this website, in accordance with the DIFC Data Protection Law 2020 (DIFC Law No. 5 of 2020).

This policy applies only to islafi.com. It does not cover any third-party services we may link to, or any separate IslaFi platform or product agreements.

02 · Information we collect

What we collect and when.

Information you provide voluntarily

When you submit the Network Enquiry form on islafi.com, we collect:

First and last name
Role or job title
Business email address
Institution name and type
Jurisdiction and (optionally) regulatory licence reference
The content of your enquiry message
Your confirmation that you are authorised to engage on behalf of the institution

Information collected automatically

When you visit the website, we and our hosting provider (Cloudflare) automatically receive certain technical information, including:

IP address (anonymised by Cloudflare's privacy-first analytics)
Approximate geographic region
Browser type, operating system, and device type
Pages viewed and time of visit
Referring website (if any)

We use Cloudflare Web Analytics, which is designed to provide aggregate visitor statistics without using cookies or tracking individuals across sites.

03 · How we use information

Purpose of use.

We use the information described above for the following purposes:

To respond to enquiries. We use form submissions to assess and respond to your interest in the IDM network.
To evaluate prospective network counterparties. Enquiries are reviewed individually as part of our membership process.
To communicate with you about your enquiry and, where appropriate, follow-up correspondence relating to the IDM network.
To operate and improve the website. Aggregated analytics help us understand traffic patterns and improve content.
To comply with legal and regulatory obligations, including record-keeping requirements applicable to financial services in the DIFC.

We do not sell personal information, and we do not use it for behavioural advertising.

04 · Legal basis for processing

Our basis under DIFC law.

Under DIFC Data Protection Law, we process personal data on the following grounds:

Consent — when you voluntarily submit an enquiry through our form.
Legitimate interests — to assess prospective counterparties, operate the website, and maintain the security and integrity of our systems.
Legal obligation — to comply with applicable financial, anti-money laundering, and record-keeping laws.

06 · Retention

How long we keep your data.

We retain enquiry information for up to five (5) years from the date of submission, or for longer where required by applicable law or regulatory obligation (for example, financial record-keeping requirements).

You may request earlier deletion at any time using the contact details below, subject to any obligation we have to retain records for legal or regulatory reasons.

07 · International transfers

Cross-border processing.

The third-party processors listed above are based outside the DIFC and may process personal data in the United States, the European Union, the United Kingdom, or other jurisdictions. Where we transfer personal data outside the DIFC, we do so in reliance on safeguards permitted by DIFC Data Protection Law, including transfers to jurisdictions assessed as offering an adequate level of protection, or by means of contractual safeguards with the receiving party.

08 · Security

How we protect information.

We use commercially reasonable technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These include encryption in transit (HTTPS), access controls on our internal systems, and vetted service providers.

No internet transmission or electronic storage is fully secure. While we strive to use industry-standard measures, we cannot guarantee absolute security.

09 · Your rights

Your rights under DIFC law.

Subject to applicable law and to any legal or regulatory obligations we have to retain information, you have the right to:

Access the personal data we hold about you
Correct inaccurate or incomplete information
Request deletion of your personal data
Object to or restrict certain processing
Withdraw consent where processing is based on consent
Lodge a complaint with the DIFC Commissioner of Data Protection

To exercise any of these rights, contact us using the details in section 12. We will respond within a reasonable period and in accordance with applicable law.

10 · Cookies

Cookies and tracking.

islafi.com does not set tracking cookies. Cloudflare may use functional cookies strictly necessary to deliver the website and protect against abuse. Cloudflare Web Analytics does not use cookies or fingerprint visitors.

If we introduce additional cookies in the future (for example, for an authenticated portal), we will update this policy and, where required, request your consent.

11 · Changes to this policy

Updates and revisions.

We may update this Privacy Policy from time to time. When we do, we will revise the "Effective Date" at the top of this page. Material changes will be highlighted on the website where appropriate.

12 · Contact us

Get in touch.

If you have questions about this policy or wish to exercise your rights, please contact:

IslaFi Technologies Ltd.
Privacy enquiries · privacy@islafi.com
Innovation One
Dubai International Financial Centre
Dubai, United Arab Emirates

Privacy Policy.