Privacy Policy

Last updated: January 2025

1. Introduction

Blue Dot Technologies DMCC (“Bluedot”, “we”, “our”, “us”) is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and protect your data when you use our platform and services.

We comply with UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection (PDPL) and, where applicable, the EU General Data Protection Regulation (GDPR) for users in the European Economic Area.

2. Information We Collect

Identity Information: Name, date of birth, nationality, government ID numbers collected during KYC verification.

Contact Information: Email address, phone number, and postal address.

Financial Information: Investment amounts, transaction history, source of funds documentation, and bank account details for distributions.

Technical Information: IP address, browser type, device information, and usage data collected automatically when you use our platform.

KYC Documents: Copies of government-issued ID, proof of address, and liveness verification images/videos.

3. How We Use Your Information

We use your personal data for the following purposes:

  • Identity verification and KYC/AML compliance
  • Processing investments and distributions
  • Providing platform services and customer support
  • Regulatory reporting to VARA, DFSA, and other authorities as required by law
  • Fraud prevention and security monitoring
  • Marketing communications (with your consent)
  • Improving our platform and services

4. Legal Basis for Processing (GDPR)

For EEA users, we process personal data on the following legal bases: contractual necessity (to provide our services), legal obligation (KYC/AML compliance), legitimate interests (fraud prevention, platform improvement), and consent (marketing communications).

5. Data Sharing

We may share your data with: KYC/identity verification providers, regulatory authorities as required by law, banking and payment processors, auditors and legal advisors under confidentiality obligations, and technology infrastructure providers. We do not sell your personal data to third parties.

6. International Transfers

Your data may be transferred to and processed in countries outside the UAE. Where we transfer data to countries without adequate data protection laws, we implement appropriate safeguards including standard contractual clauses.

7. Data Retention

We retain your personal data for as long as you maintain an account with us, plus a minimum of 7 years to comply with UAE AML record-keeping requirements. KYC documents are retained for 7 years after account closure as required by law.

8. Your Rights (GDPR)

EEA users have the following rights under GDPR:

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate data
  • Right to erasure: Request deletion of your data (subject to legal retention requirements)
  • Right to portability: Receive your data in a structured, machine-readable format
  • Right to object: Object to processing for legitimate interests or marketing
  • Right to restrict processing: Request limitation of how we use your data

To exercise these rights, email privacy@bluedot.io. We will respond within 30 days.

9. Cookies

We use cookies and similar technologies to operate our platform, analyse usage, and provide personalised experiences. Essential cookies cannot be disabled as they are necessary for the platform to function. Analytics and marketing cookies can be managed through our cookie preferences centre.

10. Security

We implement industry-standard security measures including encryption in transit (TLS 1.3) and at rest (AES-256), multi-factor authentication, access controls, regular security audits, and penetration testing. Despite our efforts, no transmission over the internet is 100% secure.

11. Contact

For privacy-related questions or to exercise your rights, contact our Data Protection Officer at privacy@bluedot.io or write to: Blue Dot Technologies DMCC, DIFC, Dubai, UAE.

EEA users may also lodge a complaint with their local Data Protection Authority.