Privacy Policy

  1. Important information and who we are
    1. Data controller

This Privacy Notice, as amended or otherwise changed from time to time (the “Privacy Notice”), explains the manner in which Tungsten Custody Solutions Ltd. (“Tungsten”, “We”, “Us”, “Our”) collects, uses, maintains and discloses personal information through the provision of Our services (the “Services”). For this Site, Tungsten Custody Solutions Ltd is the Data Controller of your personal information.

  1. Tungsten is authorised and regulated by the Abu Dhabi Global Market Financial Services Regulatory Authority as an Authorised Person, Providing Custody in relation to Virtual Assets.
  2. Tungstens’ registered address is: Unit 12-1701, Building 12 (A2), Level 17, Tamouh Tower, Tamouh, Al Reem Island, Abu Dhabi, United Arab Emirates (Registration number 13952).
  3. Tungstens’ ultimate parent holding company is Tungsten Holding Limited (Registration number 000008836) whose registered address is DD-15-134-004 – 007, Level 15, Wework Hub71, Al Khatem Tower, Abu Dhabi Global Market Square, Al Maryah Island, United Arab Emirates.
  4. Our responsibility as Data Controller

As Data Controller, we must ensure that the personal information we process is:

  1. Processed fairly, lawfully and securely;
  2. for specified, explicit and legitimate purposes in accordance with the Data Subject’s rights and not further Processed in a way incompatible with those purposes or rights; and that it is
  3. adequate, relevant and not excessive in relation to the purposes for which they were collected or further Processed;
  4. accurate and, where necessary, kept up to date; and
  5. kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the Personal Data were collected or for which they are further Processed.
  1. We are also required to ensure that Personal Data that is inaccurate or incomplete, and regard to the purposes of which they were collected or for which they are further Processed, are erased or rectified.
  2. Data Protection Officer (“DPO”)

You may contact Our DPO by email at DP@tungsten.ae

  1. ADGM Supervisory Authority

We are registered as a Data Controller with The Office of Data Protection for ADGM (https://www.adgm.com/operating-in-adgm/office-of-data-protection/overview ).

  1. Changes to the Privacy Notice and your duty to inform us of changes

We may update this Privacy Notice at our sole discretion. The date of the last revision of this Notice appears at the end of this page. We encourage you to periodically review this page for the latest information on our Privacy Notice and practices. Regardless of changes to our Privacy Notice, we will never use the information you submit under our current Privacy Notice in a new way without first notifying you and giving you the option to opt-out. It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.

  1. What information do we collect?
    1. We may collect, use, store and transfer different kinds of personal information about you which we have grouped together as follows:
  • Identity data includes first name, last name, username or similar identifier, date of birth and gender, citizenship, country of and proof of residence, proof of ID (passport/Emirates ID). Second nationality and passport, (if applicable). Selfie to confirm ID (if applicable)
  • Contact data includes email address, telephone numbers and residential address.
  • Source of funds.
  • Your status as a politically exposed person.
  • Financial data includes wallet address, CRS / FATCA details, and Information of annual income/turnover.
  • Pre-screening questions for criminal background checks, however please note, we do not process criminal background check data on customers.
  • Transaction data includes details about virtual asset transfers to and from you.
  • Technical data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and Site, referring/exit pages, operating system, date/time stamp, clickstream data, and other technology on the devices you use to access the Site.
  • Profile data includes your username and password, transfers made by you, your interests, preferences, feedback and survey responses.
  • Usage data includes information about how you use our Site, products and services, including the Site. 
  • Marketing and Communications data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
  1. We use cookies to collect information. “Cookies” are small pieces of information that a website sends to your computer’s hard drive while you are viewing the website.
  2. Some information is collected from third parties:

We may obtain personal information about you from other sources, including through third party services such as sanctions screening services and other organisations to supplement information provided by you. This supplemental information allows Us to verify information that you have provided to us and to enhance our ability to provide you with information about our business, products, and Services.

  1. If you fail to provide personal information.

Where We need to collect personal information by law, or under the terms of a contract We have with you and you fail to provide that data when requested, we may not be able to perform the contract We have or are trying to enter with you. In this case, we may have to close your account, but We will notify you if this is the case at the time.

  1. Why are we allowed to collect and process personal data?
    1. You will need to give Us Personal Data about yourself or other individuals in order to create and secure an Account and access Our Services, and you may give Us Personal Data about yourself, or other individuals to help Us provide you with or improve the Services you have asked Us for.
    2. Under Data Protection Law, We can only Process and use your Personal Data if We have a lawful basis for doing so. We will use Personal Data where one or more of the following lawful bases applies:
      1. Processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract;
      2. Processing is necessary for compliance with any regulatory or legal obligation to which We are subject as Data Controller;
      3. Processing is necessary for the performance of a task carried out in the interests of the ADGM or in the exercise of the Board’s, the Court’s, the Registrar’s or the Regulator’s functions or powers vested in the Data Controller or in a Third Party to whom the Personal Data are disclosed;
      4. Processing is necessary for the purposes of the legitimate interests pursued by Us as Data Controller or by a Third Party to whom the Personal Data are disclosed, except where such interests are overridden by compelling legitimate interests of the Data Subject relating to the Data Subject’s particular situation; or
      5. Where the Data Subject has given written consent to the Processing of that Personal Data.
    3. A “legitimate interest” is when We have a business or commercial reason to use your Personal Data, so long as this is not overridden by your own rights and interests. We will consider and balance any potential impact on you (both positive and negative) and your rights before We Process your Personal Data for Our legitimate interests.
    4. Personal Data revealing or concerning (directly or indirectly) racial or ethnic origin, political opinions, religious or philosophical beliefs, criminal record, trade‐union membership and health or sex life is Sensitive Personal Data. We will only Process Sensitive Personal Data where:
      1. The Data Subject has given an additional written consent to the Processing of this kind of Personal Data;
      2. Processing is necessary for the purposes of carrying out the obligations and specific rights of the Data Controller;
      3. Processing relates to Personal Data which are manifestly made public by the Data Subject, or is necessary for the establishment, exercise or defence of legal claims;
      4. Processing is necessary for compliance with any regulatory or legal obligation to which the Data Controller is subject;
      5. Processing is necessary to uphold the legitimate interests of the Data Controller recognised in the international financial markets, provided the Processing is undertaken in accordance with applicable standards and except where such interests are overridden by compelling legitimate interests of the Data Subject relating to the Data Subject’s particular situation; or
      6. Processing is necessary to comply with any regulatory, auditing, accounting, anti‐ money laundering or counter terrorist financing obligations that apply to a Data Controller or for the prevention or detection of any crime.
  2. How do we use the information we collect?
    1. We will only use your Personal Data when the law allows or requires Us to do so. Most commonly, We will use your Personal Data in the following circumstances:
      1. where We need to perform the contract We are about to enter into or have entered into with you, for example, to execute a transaction on your behalf;
      2. where it is necessary for Our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and/or
      3. where We need to comply with a legal or regulatory obligation;
      4. where you have provided your consent in accordance with the applicable Data Protection Law.
    2. Please note that We may Process your Personal Data without your knowledge or consent where this is required or permitted by law.
    3. In general, Personal Data you submit to Us is used either to respond to requests that you make, or to aid Us in serving you better. We use your Personal Data in the following ways:
      1. facilitate the creation of and secure your Account;
      2. identify you and perform identity verification through a service provider;
      3. provide improved administration of Our Site and Services;
      4. improve the quality of experience when you interact with Our Site and Services;
      5. send you a welcome e-mail to verify ownership of the e-mail address provided when your Account was created;
      6. send you administrative e-mail notifications, such as account activity, transaction Processing, security or support and maintenance advisories;
      7. identify, prevent, and report potentially suspicious, fraudulent, or illegal activities;
      8. notify you about important changes to Our Terms; and
      9. respond to your inquiries or other requests.
    4. Data collected automatically will be used to administer or improve Our Services and for other lawful purposes.
    5. We use IP addresses to make Our Site and Services more useful to you, and to perform identity verification.
    6. We use information from log files to analyse trends, administer the Site, track users’ movements around the Site, gather demographic information about Our user base as a whole, and better tailor Our Services to Our users’ needs. Except as noted in this Privacy Notice, we do not link this automatically-collected data to personal information.
    7. We may create aggregated or de-identified records from Personal Data by excluding information (such as your name) that makes the data personally identifiable to you. We use this to analyse request and usage patterns so that We may enhance the content of Our Services and improve Site navigation. We reserve the right to use and aggregate other de-identified information for any purpose and disclose to third parties in Our sole discretion.
  3. Marketing
    1. We may provide you with choices regarding certain Personal Data that We use, particularly around marketing and advertising, subject to the following Personal Data control mechanisms:
      1. Promotional offers from Us: We may use your Personal Data to determine what may be of interest to you in accordance with applicable law. This is how We decide which products, Services, and offers may be relevant for you.
      2. Third-party marketing: In accordance with applicable law, We may obtain your express consent (opt-in) before We share your Personal Data with any company outside Our group for that company’s own marketing purposes.
      3. Opting out: you can ask Us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting Us via Our DPO dp@tungsten.ae.
  4. How do We share Your Personal Data?
    1. We disclose your personal information as described below and as described elsewhere in this Privacy Notice.
      1. It may be necessary to disclose your Personal Data to law enforcement agencies, regulators, government/public officials, or other relevant third parties to comply with any law, subpoenas, court orders, or government request, defend against claims, investigate or bring legal action against illegal or suspected illegal activities, enforce Our Terms, or to protect the rights, safety, and security of Us, Our users, or the public.
      2. We may share Personal Data with Our affiliated companies.
      3. We may share your Personal Data with third party service providers to provide you with the Services that We offer you through Our Site; to conduct quality assurance testing; to facilitate creation of accounts; to provide technical support; to verify your identity; and/or to provide other services to Us. These third party service providers are required not to use your Personal Data other than to provide the services requested by Us.
      4. We may provide Personal Data to business partners with whom We jointly offer products or services as allowed by law. In such cases, Our business partner’s name will appear with Ours.
      5. We may share some or all of your personal information with third parties in connection with or during negotiation of any merger, financing, acquisition or dissolution transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of Our business or assets. In the event of an insolvency, bankruptcy, or receivership, personal information may also be transferred as a business asset. If another company acquires Our company, business, or assets, that company will possess the personal information collected by Us and will assume the rights and obligations regarding your personal information as described in this Privacy Notice.
      6. The Site may contain links to other third party websites which are regulated by their own privacy policies. We are not responsible for the privacy policies of these third party websites even if they were accessed using the links from Our Site.
    2. Other than as stated in this Privacy Notice, We do not disclose any of your Personal Data to third parties unless required to do so by law enforcement, court order, or in compliance with legal reporting obligation
  5. Data Transfers
    1. Many of our external third parties are based outside of ADGM so their processing of your personal information will involve a transfer of data outside of ADGM.
    2. Whenever We transfer your Personal Data out of the ADGM, We ensure a similar degree of protection is afforded to it by putting in place appropriate safeguards, as required by applicable Data Protection Law.
    3. Where Personal information is transferred to a jurisdiction deemed to be adequate by applicable Data Protection Law, we ensure that an adequate level of protection is in place.
    4. Please contact Us via Our DPO dp@tungsten.ae if you want further information on the specific mechanism used by Us when transferring your Personal Data out of ADGM.
  6. How can You update Your information?

You can update your information by contacting Us via Our DPO dp@tungsten.ae or Our support team support@tungsten.ae and making a request.

  1. How long do We keep Your information?
    1. We retain Personal Data for as long We need it for the purposes set out in this Privacy Statement. This period will vary depending on the nature of the information and your interactions with Our Site and Our Services. We will retain your information for as long as your Account has not been closed or as needed to provide you access to your Account.
    2. If you unsubscribe from Our marketing communications, We will keep a record of your email address to ensure We do not send you marketing emails in future.
    3. Once your Account has been closed We will retain and use your information as necessary to comply with Our legal obligations, resolve disputes, and enforce Our Terms. For example, We keep a record of transactions on Our site for up to 6 years, to protect Us from legal claims, and We will retain information associated with your Account for up to 6 years after it has been closed unless there are other legal needs to retain it.
  2. How do We use cookies, social media, advertising and other technologies?
    1. We collect web browser Information in order to enhance your experience on Our Site and track how the Services are being used. Cookies are small data files that are stored on your computer’s hard drive, and in addition to using cookies to provide you with a better user experience, We use cookies to identify and prevent fraudulent activity. The information collected can include, but is not limited to, your IP address, referral URLs, the type of device you use, your operating system, the type of browser you use, geographic location, and other session data. Cookies are not permanent and will expire after a short time period of inactivity. You may opt to deactivate your cookies, but it is important to note that you may not be able to access or use some features of Our site. Please note that We are not responsible or can not be held liable for any loss resulting from your decision or inability to use such features.
    2. We may also use third party service providers to collect information regarding visit, or behaviour and visitor demographics on Our Services.
    3. Our Services may include public blockchain technology, publicly accessible blogs, forums, social media pages, and private messaging features. As such information will be public, the Personal Data provided by you may be viewed and used by third parties for any number of purposes. In addition, social media buttons such as Twitter (that might include widgets such as the “share this” button or other interactive mini-programs) may be on Our Site. These features may collect your IP address, which page you are visiting on Our site, and may set a cookie to enable the feature to function properly. These social media features are either hosted by a third party or hosted directly on Our site. Your interactions with these features apart from your visit to Our site are governed by the privacy policy of the company providing it.
    4. We may use third party application program interfaces (APIs) and software development kits (SDKs) as part of the functionality of Our Services. APIs and SDKs may allow third parties including analytics and advertising partners to collect your Personal Data for various purposes including to provide analytics services and content that is more relevant to you. For more information about Our use of APIs and SDKs, please contact Us.
    5. Do Not Track (DNT) is an optional browser setting that allows you to express your preferences regarding tracking by advertisers and other third-parties. At this time, We do not respond to DNT signals.
  3. What security precautions do We take?
    1. We take the protection of your Personal Data seriously, and We apply appropriate physical, technological and organisational safeguards and security measures. We use industry-standard data encryption technology and have implemented restrictions related to the storage of and the ability to access your Personal Data. Our servers and business operations are entirely located in ADGM.
    2. Where Processing is carried out by any Third Party on our behalf, We require from that Third Party sufficient guarantees in respect of the technical security measures and organisational measures governing the Processing to be carried out, and We ensure compliance with those measures.
    3. Please note that no transmission over the Internet or method of electronic storage can be guaranteed to be 100% secure.
  4. Your legal rights
    1. Depending on your country, you may have rights under applicable data protection law in relation to your personal information. The various rights are not absolute, and each is subject to certain exceptions or qualifications. We will grant your request only to the extent that it follows from our assessment of your request that we are allowed and required to do so under applicable data protection laws. Nothing in this privacy policy is intended to provide you with rights beyond or in addition to your rights as a data subject under applicable Data Protection Law. Personal information:
      1. Right to access to and rectification, erasure or blocking of Personal Data:

You have the right to require and obtain from Us upon request, at reasonable intervals and without excessive delay or expense:

(a) confirmation in writing as to whether or not Personal Data relating to you are being Processed and information at least as to the purposes of the Processing, the categories of Personal Data concerned, and the Recipients or categories of Recipients to whom the Personal Data are disclosed;

(b) communication in an intelligible form of the Personal Data undergoing Processing and of any available information as to their source; and

(c) as appropriate, the rectification, erasure or blocking of Personal Data the Processing of which does not comply with the provisions of these Regulations.

  1. Right to object to Processing:

You have the right:

(a) to object, at any time on reasonable grounds relating to your particular situation, to the Processing of Personal Data relating to you; and

(b) to be informed before Personal Data is disclosed for the first time to Third Parties or used on their behalf for the purposes of direct marketing, and to be expressly offered the right to object to such disclosures or uses.

Where there is a justified objection, Processing shall no longer include those Personal Data.

  1. If you wish to exercise any of the rights set out above, please contact Us.
  2. You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, We may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, We may refuse to comply with your request in these circumstances.
  3. What We may need from You

We may need to request specific information from you to help Us confirm your identity and ensure your rights to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up Our response.

  1. Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it may take Us longer than a month if your request is particularly complex or you have made a number of requests. In this case, We will notify you and keep you updated.

  1. Children’s privacy

We do not knowingly solicit or collect information from anyone under 18. If We become aware that a person under the age of 18 has provided Us with Personal Data, We will delete it immediately.

  1. Questions and complaints
    1. Any questions about this Privacy Policy, the collection, use and disclosure of Personal Data by Us or access to your Personal Data as required by law (to be disclosed should be directed to dp@tungsten.ae.
    2. In the event that you wish to make a complaint about how we Process your Personal Data, please contact us in the first instance at dp@tungsten.ae and we will attempt to handle your request as soon as possible. This is without prejudice to your right to launch a claim with the data protection supervisory authority in the country in which you live or work where you think we have violated Data Protection Law.
info@tungsten.ae

©2024 Tungsten Custody Solutions Ltd. All rights reserved.

Tungsten provides no legal, tax, investment, or other advice. Please consult your legal/tax/investment professional for questions about your specific circumstances. Virtual asset holdings involve a high degree of risk and can fluctuate greatly on any given day. Accordingly, your virtual asset holdings may be subject to large swings in value and may even become worthless.

Tungsten Custody Solutions Ltd is Regulated by the ADGM Financial Services Regulatory Authority with Financial Services Permission Number 220129.

Privacy Policy Risk Disclosure