Skip to Content
Client Portal

Bentley Reid (DIFC) Limited – Privacy Notice

For Website Visitors, Prospective Clients and Clients

Last updated: March 2026

This Privacy Notice explains how Bentley Reid (DIFC) Limited (“we”, “us”, “our”) collects, uses, shares and protects personal data when you:

  • visit or interact with our website;
  • make an enquiry or become a prospective client; or
  • receive wealth management or related services from us.

This notice is issued in accordance with the DIFC Data Protection Law No. 5 of 2020.

  1. Who we are

Controller: Bentley Reid (DIFC) Limited

Registered address: Bentley Reid (DIFC) Limited, Level 1, DIFC Fund Centre, Precinct Building 4, Dubai International Financial Centre

Regulatory status: Regulated in the Dubai International Financial Centre (DIFC)

Data protection contact:

Email: dubai@bentleyreid.com

Office address: Bentley Reid (DIFC) Limited, Level 1, DIFC Fund Centre, Precinct Building 4, Dubai International Financial Centre

  1. Who this notice applies to

This notice applies to:

  • Website visitors – individuals who browse or interact with our website;
  • Prospective clients – individuals who enquire about our services; and
  • Clients – individuals who receive services from us.

Different sections of this notice may apply depending on your relationship with us.

  1. Personal data we collect

Depending on how you interact with us, we may collect:

Website visitors

  • IP address and device information
  • Browser type and usage data
  • Cookies and analytics data

Prospective clients and clients

  • Identity and contact details (e.g. name, address, email, telephone)
  • Financial and investment information
  • Identification and verification data (including KYC / AML information)
  • Communications and correspondence
  • Any information you provide voluntarily
  1. How and why we use your personal data

We process personal data for the following purposes:

Website visitors

  • To operate and secure our website
  • To analyse website usage and improve performance
  • To manage cookies and analytics

Prospective clients and clients

  • To assess enquiries and establish client relationships
  • To provide wealth management and advisory services
  • To meet legal and regulatory obligations (including AML/CFT)
  • To manage client relationships and communications
  • To send updates or marketing communications where permitted
  1. Lawful bases for processing

Under DIFC law, we rely on the following lawful bases, depending on the activity:

  • Contractual necessity – to provide services you request or have agreed to
  • Legal obligation – to comply with regulatory and legal requirements
  • Legitimate interests – to operate our business, manage risk, ensure security and improve services (balanced against your rights)
  • Consent – for certain marketing communications and optional website cookies
  1. Cookies and website tracking

Our website uses cookies and similar technologies to ensure functionality and understand visitor behaviour.

You can manage cookie preferences through your browser settings. Further details are provided in our Cookie Policy.

  1. Sharing of personal data

We may share personal data with:

  • Group companies and offices (including the UK, Hong Kong and Malta)
  • Service providers and professional advisers
  • Custodians, brokers and administrators (where relevant)
  • Regulatory and law enforcement authorities

All recipients are subject to appropriate confidentiality and security obligations.

 

 

  1. International transfers

Personal data may be accessed or processed outside the DIFC, including in the United Kingdom, Hong Kong and other jurisdictions.

Where required, international transfers are safeguarded using:

  • DIFC adequacy decisions; or
  • DIFC Standard Contractual Clauses (SCCs); and
  • appropriate technical and organisational security measures.
  1. Data retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, regulatory and contractual obligations.

Retention periods are set out in our Data Retention & Destruction Policy.

  1. Automated decision‑making

We do not carry out automated decision‑making or profiling that produces legal or similarly significant effects on individuals.

  1. Security of personal data

We implement appropriate technical and organisational measures to protect personal data, including:

  • encryption
  • access controls and authentication
  • security monitoring and logging
  • incident and breach response procedures
  1. Your rights under DIFC law

You have the right to:

  • access your personal data
  • correct inaccurate or incomplete data
  • request erasure or restriction of processing (where applicable)
  • object to processing based on legitimate interests
  • request data portability
  • obtain information about data sources, international transfers and safeguards
  • raise concerns about automated decision‑making (where relevant)

Requests can be made using the contact details above.

  1. Complaints

If you have concerns about how we handle your personal data, you may lodge a complaint with the DIFC Commissioner of Data Protection.

  1. Updates to this notice

We may update this Privacy Notice from time to time. The latest version will always be available on our website.