Your privacy is important to us. This Privacy Policy explains how Scintilla Network FZE (“Scintilla”), a Virtual Asset Service Provider regulated by the Dubai Virtual Assets Regulatory Authority (VARA), handles your personal information when you: ·
· Access or use our website [www.scintillanetwork.com] or associated pages (the “Site”);
· Engage with us to use our products or services (the “Services”);
· Interact with us as part of providing Services to third parties; or
· Apply to work with us.
We are committed to protecting your information in line with the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021 – PDPL) and the VARA Rulebooks, including obligations relating to AML/CFT, technology, custody, and market conduct.
This Privacy Policy sets out:
· The categories of personal information we collect;
· The purposes for which we process your information;
· The lawful bases we rely on;
· How long we retain your information;
· With whom we may share your information; and
· Your rights under applicable laws
Scintilla Network FZE (“Scintilla”) is incorporated in Dubai, United Arab Emirates, and licensed by VARA to provide regulated Virtual Asset activities, including Broker-Dealer and Exchange Services.
We are subject to oversight by VARA and comply with all applicable UAE laws, including the PDPL, AML/CFT regulations, and relevant technology and cybersecurity standards.
Scintilla has appointed a Data Protection Officer (DPO) and a Money Laundering Reporting Officer (MLRO), who are responsible for privacy and compliance matters
We collect and process the following types of personal information, depending on your relationship with us:
· Name, job title, company.
· Contact information (email, phone, social media handle).
· Demographic information such as address, preferences, and interests.
· Technical identifiers such as IP address, browser type, and cookies.
· Identity and contact information.
· Payment details.
· Know Your Customer (“KYC”) and Anti-Money Laundering (“AML”) information, including source of funds/wealth, identification documents, sanctions/PEP screening results.
· Information provided during onboarding or transactions.
· Event participation details (e.g. dietary requirements, which may reveal health or religious data).
· Information about officers, beneficial owners, counterparties, advisors, or other individuals whose personal data is provided to us in connection with Services.
· CVs, education and employment history.
· Contact details.
· Any diversity or health information you voluntarily provide (processed only with explicit consent or as permitted by law).
We process personal information for the following purposes:
· Regulatory and Compliance: to perform AML/CFT checks, sanctions screening, ongoing monitoring, and reporting suspicious transactions to the UAE Financial Intelligence Unit (FIU) or VARA.
· Service Delivery: to verify identity, execute client instructions, manage relationships, and deliver Services.
· Legal Obligations: to comply with applicable laws, court orders, and regulatory directives.
· Business Operations: to enforce contracts, protect rights and property, and ensure security of systems.
· Recruitment: to assess applications and comply with equal opportunity obligations.
· Marketing: to send updates or offers (with consent where required).
· Analytics: to understand how users interact with our Site and improve Services.
We rely on the following lawful bases under the PDPL:
· Consent – where you have provided consent (e.g. for marketing, or processing sensitive data).
· Contractual necessity – to perform Services you have requested.
· Legal obligation – to comply with AML/CFT, sanctions, tax, and other regulatory requirements.
· Legitimate interests – to improve our services, maintain security, and protect our rights.
We may share your information with:
· Regulators and authorities, including VARA, the UAE Data Office, the FIU, courts, and law enforcement.
· Professional advisers such as lawyers, auditors, or consultants.
· Custodians and banking partners (only VARA-regulated custodians and UAE-licensed banks).
· Technology providers for hosting, analytics, IT support, and data storage.
· Third parties involved in client matters, such as arbitrators, experts, or counterparties.
All third parties are subject to due diligence and contractual obligations to apply equivalent standards of data protection and confidentiality.
· Personal data may be stored in the UAE or transferred abroad under safeguards consistent with PDPL.
· KYC/AML records are retained for at least 8 years in line with VARA’s AML Rulebook.
· Other personal data is retained only as long as necessary for the purposes collected, after which it is securely deleted or anonymised.
Scintilla applies robust technical and organisational measures, including:
· Encryption of data in transit and at rest.
· Role-based access controls.
· Regular penetration testing and cybersecurity monitoring.
· Business continuity and disaster recovery planning.
· Mandatory staff training on AML/CFT and data protection.
These controls are aligned with the VARA Technology and Information Rulebook.
Under the PDPL and applicable laws, you have the right to:
· Access the personal data we hold about you;
· Request rectification, deletion, or restriction of processing;
· Request portability of your data;
· Object to processing in certain circumstances;
· Withdraw consent at any time (where processing is based on consent);
· Lodge a complaint with the UAE Data Office or VARA if you are not satisfied with our response.
We will respond to rights requests within 30 days, subject to legal and regulatory limitations (e.g. AML/CFT requirements).
In the event of a personal data breach that may impact confidentiality or integrity, Scintilla will:
· Notify the UAE Data Office and VARA without undue delay;
· Notify affected individuals where required; and
· Take immediate steps to mitigate risks.
We use cookies, log files, and similar technologies to track usage of our Site. For more detail, please see our [Cookie Policy]
We review this Privacy Policy regularly and may update it to reflect changes in law, VARA Rulebooks, or our practices. Any material changes will be communicated via this Site or directly where appropriate.
If you have questions or wish to exercise your rights, please contact:
Privacy@scintillanetwork.com (Data Protection Officer)
Mlro@scintillanetwork.com (Money Laundering Reporting Officer)
Contactus@scintillanetwork.com (General Enquiries)
