Back to Home
Save in Gold Logo

Privacy & Personal Data Protection Policy

Please read these terms carefully before using our services

Item Description
Policy Title Privacy & Personal Data Protection Policy
Entity Save In Gold
Applicable Law UAE Federal Decree-Law No. 45 of 2021 (PDPL)
Effective Date 22/01/2025
Review Cycle Annual or upon regulatory change
Policy Owner Compliance Function
Approved By Senior Management / Board
1 PURPOSE
This Policy establishes the principles, controls, and procedures governing the collection, processing, storage, disclosure, retention, and protection of Personal Data by Save In Gold, in compliance with:
  • UAE Federal Decree-Law No. 45 of 2021 (PDPL)
  • Applicable implementing regulations and guidance
  • Other relevant UAE laws, including AML/CFT and consumer protection obligations
2 SCOPE
This Policy applies to:
  • All Personal Data processed by SAVE IN GOLD FZC through its website saveingold.ae, mobile application (“Save In Gold”), customer support channels, and business operations
  • All employees, contractors, temporary staff, and representatives
  • All systems (cloud, on-premise, endpoints), databases, and third-party platforms processing Personal Data on behalf of Save In Gold
  • All Data Subjects (customers, users, suppliers, business contacts, website/app visitors)
3 DEFINITIONS (PDPL-ALIGNED)
  • Personal Data: Any data relating to an identified or identifiable natural person.
  • Sensitive Personal Data: Personal Data of a sensitive nature (including financial, biometric, genetic, health, and government identifiers) requiring enhanced safeguards.
  • Data Subject: The individual to whom Personal Data relates
  • Controller: SAVE IN GOLD FZC (determines purposes and means of processing).
  • Processor: A party processing Personal Data on behalf of Save In Gold under documented instructions.
  • Processing: Any operation performed on Personal Data (collection, recording, storage, use, disclosure, deletion, etc.).
  • Consent: A clear, specific, informed indication of the Data Subject’s agreement (where required).
4 POLICY STATEMENT
SAVE IN GOLD FZC is committed to protecting the privacy of Data Subjects and processing Personal Data in a manner that is lawful, fair, secure, and transparent. We apply the PDPL principles of:
  1. Lawfulness, fairness, and transparency
  2. Purpose limitation
  3. Data minimisation
  4. Accuracy
  5. Storage limitation
  6. Integrity and confidentiality
  7. Accountability
5 ROLES AND RESPONSIBILITIES
5.1 Board / Senior Management
Approves this Policy and ensures adequate resources for PDPL compliance Reviews material breaches, risks, and remediation plans
5.2 Policy Owner (Compliance / Risk)
Maintains this Policy and supporting procedures
Oversees privacy governance, training, and compliance monitoring
Coordinates Data Subject requests and incident management
5.3 IT / Information Security
Implements security controls (access management, encryption, logging, backups, monitoring) Supports incident detection and response
5.4 All Employees and Contractors
Handle Personal Data only as authorised and necessary
Report suspected data incidents immediately
5.5 Third-Party Processors
Must comply with contractual PDPL-aligned obligations and security requirements Must not process Personal Data beyond documented instructions
6 LAWFUL BASIS FOR PROCESSING (PDPL)
SAVE IN GOLD FZC processes Personal Data only where a lawful basis applies, including:
  • Consent (where required)
  • Performance of a contract (e.g., account creation, service delivery, payments)
  • Compliance with legal obligations (including record-keeping, reporting, and lawful requests)
  • Protection of public interest and response to competent authorities
  • Legitimate interests (e.g., platform security, fraud prevention, service improvement), provided such interests do not override Data Subject rights
Where consent is relied upon, it must be freely given, informed, specific, and recorded.
7 CATEGORIES OF PERSONAL DATA PROCESSED
7.1 Data Provided by Data Subjects
  • Name, phone number, email address
  • Address and billing information
  • Username/password and authentication data
  • Contact preferences
  • Savings plan details, goals, milestones, rewards/points (if applicable)
  • Any information voluntarily submitted via forms or customer support
7.2 Sensitive Personal Data (Enhanced Controls)
    Processed only where necessary and permitted:
  • Financial data
  • Biometric data (if used for authentication/verification)
  • Government identifiers (e.g., Emirates ID/passport where required)
  • Compliance and verification records
7.3 Payment Data
Payment instrument data required for processing transactions (usually handled by authorised payment processors)
7.4 Automatically Collected Data
  • IP address, device identifiers, browser type/version
  • Operating system, language preferences
  • Location approximation (derived from IP, where applicable)
  • Usage logs, event data, and technical diagnostics
7.5 App Permissions (if enabled by user)
  • Geolocation
  • Push notifications
8 PURPOSES OF PROCESSING
SAVE IN GOLD FZC processes Personal Data for:
  • Account creation, authentication, and user management
  • Delivery and administration of Services
  • Managing savings goals, milestones, and rewards/points (if applicable)
  • Processing payments, settlements, refunds, and reconciliations
  • Customer support and dispute handling
  • Sending service notifications and administrative updates
  • Marketing communications (subject to consent and opt-out controls)
  • Security, fraud prevention, risk controls, and incident investigation
  • Regulatory compliance, legal obligations, and lawful authority requests
  • Analytics and service improvement (performance, stability, customer experience)
9 DATA SUBJECT RIGHTS AND REQUEST HANDLING
Subject to applicable law, Data Subjects may request:
  • Access to their Personal Data
  • Correction/rectification of inaccurate data
  • Deletion/erasure where legally permissible
  • Withdrawal of consent (where processing is based on consent)
  • Objection to certain processing (where applicable)
9.1 Request Submission
Requests must be submitted to: info@saveingold.ae
9.2 Identity Verification
We will verify identity before releasing or acting on Personal Data.
9.3 Limitations
Requests may be limited where:
  • Retention is required by law (e.g., regulatory, tax, AML/CFT retention)
  • Disclosure would impact investigations, security, or third-party rights
  • The request is manifestly unfounded or excessive
10 DATA SHARING AND DISCLOSURE CONTROLS
Personal Data may be shared only as necessary and with appropriate safeguards:
10.1 Limitations
Approved Processors / Vendors
  • Payment processors
  • Cloud hosting / data storage providers
  • IT support and cybersecurity service providers
  • Analytics and communications providers
Mandatory controls: data processing agreements, confidentiality, security requirements, retention/deletion instructions, and audit rights where appropriate.
10.2 Legal and Regulatory Disclosures
Disclosures may be made where required by:
  • UAE laws and regulations
  • Court orders
  • Competent authorities / regulators
10.3 Business Transfers:
Data may be shared in mergers, acquisitions, or restructuring subject to confidentiality and legal compliance.
11 COOKIES AND TRACKING TECHNOLOGIES
SAVE IN GOLD FZC may use cookies and similar technologies to:
  • Maintain security and functionality
  • Store preferences
  • Support analytics and performance improvements
Users can manage cookies via browser/device settings. Disabling cookies may affect service functionality.
If Google APIs are used, processing will comply with the Google API Services User Data Policy, including Limited Use requirements.
12 CROSS-BORDER TRANSFERS
Where Personal Data is transferred outside the UAE:
  • Transfers are conducted in compliance with PDPL requirements
  • Appropriate safeguards are implemented (e.g., contractual clauses, security controls)
  • Transfers are documented and subject to compliance oversight
13 DATA RETENTION AND DELETION
SAVE IN GOLD FZC retains Personal Data only as long as necessary to:
  • Deliver Services and administer accounts
  • Meet contractual and operational needs
  • Comply with legal/regulatory retention obligations (including AML/CFT and audit requirements where applicable)
When retention periods expire, data is securely deleted, anonymised, or irreversibly de-identified
14 INFORMATION SECURITY REQUIREMENTS
SAVE IN GOLD FZC maintains technical and organisational measures, including:
  • Role-based access control (least privilege)
  • Encryption in transit and at rest (where applicable)
  • Secure key management
  • Audit logging and monitoring
  • Vulnerability management and patching
  • Secure backups and recovery testing
  • Vendor security due diligence and periodic reviews
15 MINORS
Save In Gold Services are not intended for individuals under 18 years. We do not knowingly collect Personal Data from minors. If identified, such data will be deleted and the account may be deactivated.
16 TRAINING, AUDIT, AND COMPLIANCE MONITORING
  • Periodic privacy and security awareness training is mandatory
  • Compliance performs periodic reviews of:
    • Data access controls
    • Vendor processors
    • Retention compliance
    • Incident records and corrective actions
  • Findings are reported to Senior Management with tracked action plans
17 POLICY REVIEW AND CHANGE MANAGEMENT
This Policy is reviewed:
  • At least annually
  • Upon regulatory change or material operational change
  • Following significant incidents or audit findings
Changes require management approval and controlled versioning.
Last updated: January 2026