Privacy Notice | Universal Venture Capital

This notice applies to the websites, onboarding flows, deal rooms, investor portals, founder portals, introducer portals and related communications operated through u-am.ae and universalvc.ae.

1. Who we are

Universal Asset Management Limited is incorporated in the Dubai International Financial Centre and authorised and regulated by the Dubai Financial Services Authority. Universal Venture Capital is the venture brand of Universal Asset Management Limited. The controller of personal data is Universal Asset Management Limited, Unit GA-00-SZ-L1-RT-201, Level 1, Gate Avenue, South Zone, DIFC, Dubai, United Arab Emirates. General privacy contact: [email protected]. Data Protection Officer: Data Protection Officer, Universal Asset Management Limited, Unit GA-00-SZ-L1-RT-201, Level 1, Gate Avenue, South Zone, DIFC, Dubai, email [email protected].

2. Who this notice covers

Founders, directors and team members of applicant companies, prospective and admitted investors, beneficial owners, authorised signatories, professional advisers, introducers, Portfolio Directors, service providers and other persons who use or interact with the platforms.

3. Personal data we collect

Identity and contact details, including name, address, email, telephone number, nationality, date of birth, passport or identity information and account credentials. Investor classification information, including Professional Client evidence, financial experience, net asset evidence, entity documents, controller information and confirmations. KYC and financial crime information, including source of funds, source of wealth, sanctions, PEP, adverse media, beneficial ownership, transaction and screening results. Founder and company information, including pitch materials, company profile, management information, shareholder and director information, cap table material and deal-room records. Introducer and Portfolio Director information, including CDD records, licence or qualification evidence, referral records, downline information, fee records and conflict disclosures. Communications data, including emails, WhatsApp messages where selected, meeting notes, support tickets and platform messages. Technical and security data, including IP address, device data, browser data, login records, audit logs, cookies and platform activity records.

4. Why we use personal data and our lawful basis

We process personal data under the DIFC Data Protection Law 2020. Account registration and contact verification by email rely on Article 10(b) contract or pre-contract and Article 10(f) legitimate interests. WhatsApp communications, where you select that channel, rely on Article 10(a) consent, with Article 10(b) or 10(f) for operational messages on a channel you have chosen. Professional Client classification relies on Article 10(c) compliance with Applicable Law and Article 10(b) pre-contract steps. KYC, source of funds, source of wealth, sanctions and financial crime screening rely on Article 10(c) and Article 10(f), with Article 11(h), 11(j) or 11(l) where special category data is processed. Founder onboarding and deal-room administration rely on Article 10(b) and Article 10(f). Investor onboarding and fund administration rely on Article 10(b), Article 10(c) and Article 10(f). Introducer onboarding, referral attribution and commission calculation, and Portfolio Director allocation and downline administration, rely on Article 10(b), Article 10(c) and Article 10(f). Service, security and regulatory communications rely on Article 10(b), 10(c) or 10(f) depending on the messag